---
kind: pipeline
type: docker
name: validate

steps:
  - name: yamllint
    image: sdesbure/yamllint:latest
    commands:
      - yamllint -c ./cicd/.yamllint.yaml .

---
kind: pipeline
type: docker
name: build

depends_on:
  - validate

steps:
  - name: build and push image
    image: quay.io/buildah/stable
    privileged: true
    network_mode: host
    environment:
      REGISTRY_HOST: "harbor.k8s.lan/k8s"
      CONTAINERFILE: "./deploy/container/Containerfile"
      STORAGE_DRIVER: "overlay"
      FORMAT: "docker"
      CONTEXT: "."
      TLSVERIFY: "false"
      USERNAME: "robot-drone-ci"
      PASSWORD:
        from_secret: harbor_registry_drone_password
    commands:
      - |
        echo "Build image..."
        buildah --build-arg BUILD_UID=1000 --build-arg BUILD_GID=1000 --storage-driver=$${STORAGE_DRIVER} bud --format=$${FORMAT} \
        --tls-verify=$${TLSVERIFY} -f $${CONTAINERFILE} \
        -t $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest \
        -t $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER} \
      - |
        echo "Push image with latest tag..."
        buildah push --creds=$${USERNAME}:$${PASSWORD} \
        --tls-verify=$${TLSVERIFY} \
        $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest \
        docker://$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest
      - |
        echo "Push image with buildnumber tag..."
        buildah push --creds=$${USERNAME}:$${PASSWORD} \
        --tls-verify=$${TLSVERIFY} \
        --digestfile=/tmp/image-digest \
        $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER} \
        docker://$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER}

---
kind: pipeline
type: docker
name: deploy

depends_on:
  - build

steps:
  - name: upgrade k8s manifest
    image: alpine:3
    network_mode: host
    environment:
      REGISTRY_NAME: "k8s"
    commands:
      - sed -i -e
        "s%/$${REGISTRY_NAME}/$${DRONE_REPO_NAME}:.*%/$${REGISTRY_NAME}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER}\"%1"
        ./deploy/k8s/manifest.yaml

  - name: push k8s manifest
    image: appleboy/drone-git-push
    settings:
      remote_name: "git@github.com:${DRONE_REPO}"
      branch: ${DRONE_BRANCH}
      force: false
      commit: true
      commit_message: "[bot] [skip ci] bump image tag"
      author_name: ci-bot
      ssh_key:
        from_secret: github_ssh_key

  - name: apply k8s manifest
    image: bitnami/kubectl
    volumes:
      - name: kubeconfig
        path: /.kube
    network_mode: host
    commands:
      - cat ./deploy/k8s/manifest.yaml
      - kubectl apply -f ./deploy/k8s/manifest.yaml

volumes:
  - name: kubeconfig
    host:
      path: /var/lib/.kube

---
kind: secret
name: harbor_registry_drone_password
get:
  path: harbor-registry-drone-password
  name: harbor-robot-password

---
kind: secret
name: github_ssh_key
get:
  path: github-ssh-keys
  name: id_rsa