kind: pipeline
type: docker
name: test-suite

trigger:
  event:
    - push
    - pull_request

workspace:
  path: /drone/src

steps:
  - name: setup-go-cache
    image: golang:1.24
    environment:
      GOCACHE: /drone/src/.gocache
    commands:
      - go env -w GOCACHE=$GOCACHE
      - go mod download
      - go mod verify

  - name: lint
    image: golangci/golangci-lint:1.55.2
    environment:
      GOFLAGS: -buildvcs=false
    commands:
      - golangci-lint run --timeout=10m

  - name: unit-tests
    image: golang:1.24
    environment:
      GOCACHE: /drone/src/.gocache
      GOFLAGS: -buildvcs=false
    commands:
      - go test -race -coverprofile=coverage.out ./...

  - name: build-binary
    image: golang:1.24
    environment:
      GOFLAGS: -buildvcs=false
    commands:
      - go build -o bin/mev-bot ./cmd/mev-bot

  - name: smoke-start
    image: golang:1.24
    environment:
      GOFLAGS: -buildvcs=false
      MEV_BOT_ENCRYPTION_KEY: test_key_32_chars_minimum_length
    commands:
      - timeout 5s ./bin/mev-bot start || true

  - name: math-audit
    image: golang:1.24
    environment:
      GOCACHE: /drone/src/.gocache
      GOFLAGS: -buildvcs=false
    commands:
      - go run ./tools/math-audit --vectors default --report reports/math/latest
      - test -s reports/math/latest/report.json
      - test -s reports/math/latest/report.md

  - name: simulate-profit
    image: golang:1.24
    environment:
      GOCACHE: /drone/src/.gocache
      GOFLAGS: -buildvcs=false
    commands:
      - ./scripts/run_profit_simulation.sh

  - name: docker-build
    image: plugins/docker:20
    settings:
      repo: mev-bot/local
      tags:
        - latest
      dry_run: true

---
kind: pipeline
type: docker
name: security-suite

trigger:
  event:
    - push
    - pull_request
  branch:
    include:
      - main
      - develop
      - audit

workspace:
  path: /drone/src

steps:
  - name: setup-go
    image: golang:1.24
    environment:
      GOCACHE: /drone/src/.gocache
    commands:
      - go env -w GOCACHE=$GOCACHE
      - go mod download

  - name: gosec
    image: securego/gosec:2.18.1
    commands:
      - gosec -fmt sarif -out gosec-results.sarif ./...

  - name: govulncheck
    image: golang:1.24
    commands:
      - go install golang.org/x/vuln/cmd/govulncheck@latest
      - govulncheck ./...

  - name: dependency-scan
    image: golang:1.24
    commands:
      - go install github.com/sonatypecommunity/nancy@latest
      - go list -json -m all | nancy sleuth --exclude-vulnerability-file .nancy-ignore

  - name: fuzz-security
    image: golang:1.24
    environment:
      GOFLAGS: -buildvcs=false
    commands:
      - mkdir -p logs keystore test_keystore benchmark_keystore test_concurrent_keystore
      - go test -v -race ./pkg/security/
      - go test -fuzz=FuzzRPCResponseParser -fuzztime=30s ./pkg/security/
      - go test -fuzz=FuzzKeyValidation -fuzztime=30s ./pkg/security/
      - go test -fuzz=FuzzInputValidator -fuzztime=30s ./pkg/security/

  - name: parser-sanity
    image: golang:1.24
    commands:
      - go run cmd/mev-bot/main.go || true

---
kind: pipeline
type: docker
name: integration-opt-in

trigger:
  event:
    - custom
  action:
    - integration

workspace:
  path: /drone/src

steps:
  - name: run-integration
    image: golang:1.24
    environment:
      GOCACHE: /drone/src/.gocache
      GOFLAGS: -buildvcs=false
    commands:
      - go test -tags=integration ./...