environment:
  stage: environment
  image: docker
  when: manual
  variables:
    GIT_SUBMODULE_STRATEGY: none  # no need to fetch submodules
    CONTAINER_NAME: "$CI_REGISTRY/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix"
    ALPINE_RELEASE: "3.14"
    ALPINE_ARCH: "x86_64"
    ALPINE_VERSION: "3.14.2"
    ALPINE_CHECKSUM: "4591f811a5515b13d60ab76f78bb8fd1cb9d9857a98cf7e2e5b200e89701e62c"
    NIX_VERSION: "2.3.15"
  services:
    - docker:dind
  before_script:
    - docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
  script:
    - wget -nc -P ci/ https://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz
    - echo "${ALPINE_CHECKSUM}  ci/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz" | sha256sum -c
    - docker build --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg NIX_VERSION="$NIX_VERSION" --build-arg FULLDEPS_TESTING=1 ci/
    - docker push $CONTAINER_NAME:$CI_COMMIT_SHA
    - docker push $CONTAINER_NAME:latest