clone:
  disable: true
environment:
  GIT_SSL_NO_VERIFY: "true"
kind: pipeline
name: auth-service-build
service_account: drone-runner
steps:
  - commands:
      - "echo '\U0001F504 Cloning repository...'"
      - git config --global http.sslVerify false
      - git config --global user.email 'drone@aipice.local'
      - git config --global user.name 'Drone CI'
      - git clone https://gitea.aipice.local/AIPICE/auth-service.git . || echo 'Clone failed, but continuing...'
      - git checkout $DRONE_COMMIT || echo 'Checkout failed, using default'
    image: alpine/git
    name: clone
    when:
      event:
        - push
  - commands:
      - "echo '\U0001F4C4 Reading version configuration...'"
      - echo 'Sourcing version.conf...'
      - . ./version.conf
      - 'echo "BASE_VERSION: $BASE_VERSION"'
      - 'echo "DOCKER_REPO: $DOCKER_REPO"'
      - DOCKER_TAG="$DOCKER_REPO:$BASE_VERSION.$DRONE_BUILD_NUMBER"
      - 'echo "DOCKER_TAG: $DOCKER_TAG"'
      - echo '✅ Version configuration loaded!'
      - 'echo "Will build: $DOCKER_TAG"'
    image: alpine:latest
    name: read-version
    when:
      event:
        - push
  - commands:
      - "echo '\U0001F9EA Starting tests...'"
      - echo 'Repository ${DRONE_REPO}'
      - echo 'Branch ${DRONE_BRANCH}'
      - echo 'Owner ${DRONE_REPO_OWNER}'
      - echo 'Commit ${DRONE_COMMIT_SHA:0:8}'
      - echo 'Build ${DRONE_BUILD_NUMBER}'
      - echo 'Reading version info...'
      - . ./version.conf
      - DOCKER_TAG="$DOCKER_REPO:$BASE_VERSION.$DRONE_BUILD_NUMBER"
      - 'echo "Docker tag will be: $DOCKER_TAG"'
      - echo 'Checking Dockerfile:'
      - cat Dockerfile || echo '❌ Dockerfile not found!'
      - echo '✅ Pre-build validation passed!'
    image: alpine:latest
    name: test
    when:
      event:
        - push
  - commands:
      - "echo '\U0001F3D7️ Building via external Buildah deployment with replica scaling...'"
      - echo 'Installing kubectl...'
      - apk add --no-cache curl
      - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
      - chmod +x kubectl
      - mv kubectl /usr/local/bin/
      - "echo '\U0001F4E6 Preparing build context...'"
      - BUILD_ID="auth-service-${DRONE_BUILD_NUMBER}-$(date +%s)"
      - 'echo "Build ID: $BUILD_ID"'
      - "echo '\U0001F50D Checking current Buildah deployment replicas...'"
      - CURRENT_REPLICAS=$(kubectl get deployment buildah-external -n apps--droneio--prd -o jsonpath='{.spec.replicas}')
      - 'echo "Current replicas: $CURRENT_REPLICAS"'
      - "echo '\U0001F512 Attempting to scale up Buildah deployment (acts as build lock)...'"
      - if [ "$CURRENT_REPLICAS" = "0" ]; then
      - '  echo "✅ No build running, scaling up deployment..."'
      - '  kubectl scale deployment buildah-external --replicas=1 -n apps--droneio--prd'
      - '  echo "⏳ Waiting for pod to be ready..."'
      - '  kubectl wait --for=condition=ready pod -l app=buildah-external -n apps--droneio--prd --timeout=120s'
      - else
      - '  echo "❌ Build already running (replicas=$CURRENT_REPLICAS)! Aborting to prevent conflicts."'
      - '  exit 1'
      - fi
      - echo '� Finding ready Buildah pod...'
      - BUILDAH_POD=$(kubectl get pods -n apps--droneio--prd -l app=buildah-external --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
      - if [ -z "$BUILDAH_POD" ]; then
      - '  echo "❌ No running Buildah pod found after scaling!"'
      - '  kubectl get pods -n apps--droneio--prd -l app=buildah-external'
      - '  exit 1'
      - fi
      - 'echo "✅ Using Buildah pod: $BUILDAH_POD"'
      - "echo '\U0001F4C1 Creating build directory in Buildah pod...'"
      - kubectl exec $BUILDAH_POD -n apps--droneio--prd -- mkdir -p "/workspace/builds/$BUILD_ID"
      - "echo '\U0001F4E4 Copying source files to Buildah pod...'"
      - tar czf - . | kubectl exec -i $BUILDAH_POD -n apps--droneio--prd -- tar xzf - -C "/workspace/builds/$BUILD_ID"
      - "echo '\U0001F528 Building container image with version from config...'"
      - echo 'Reading version configuration...'
      - . ./version.conf
      - DOCKER_TAG="$DOCKER_REPO:$BASE_VERSION.$DRONE_BUILD_NUMBER"
      - 'echo "Building with tag: $DOCKER_TAG"'
      - kubectl exec $BUILDAH_POD -n apps--droneio--prd -- sh -c "cd /workspace/builds/$BUILD_ID && buildah build --isolation=chroot --storage-driver=vfs --format=docker --tag $DOCKER_TAG ."
      - "echo '\U0001F4CB Listing built images...'"
      - kubectl exec $BUILDAH_POD -n apps--droneio--prd -- buildah images | grep auth-service
      - 'echo "✅ Image built with tag: $DOCKER_TAG"'
      - "echo '\U0001F9F9 Cleaning up build directory...'"
      - kubectl exec $BUILDAH_POD -n apps--droneio--prd -- rm -rf "/workspace/builds/$BUILD_ID"
      - echo '✅ External Buildah build completed successfully!'
    image: alpine:latest
    name: build-via-external-buildah
    pull: if-not-exists
    when:
      event:
        - push
  - commands:
      - "echo '\U0001F4E4 Pushing Docker image to registry...'"
      - echo 'Installing kubectl...'
      - apk add --no-cache curl
      - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
      - chmod +x kubectl && mv kubectl /usr/local/bin/
      - echo 'Reading version configuration...'
      - . ./version.conf
      - DOCKER_TAG="$DOCKER_REPO:$BASE_VERSION.$DRONE_BUILD_NUMBER"
      - 'echo "Pushing image: $DOCKER_TAG"'
      - "echo '\U0001F50D Finding Buildah pod...'"
      - BUILDAH_POD=$(kubectl get pods -n apps--droneio--prd -l app=buildah-external --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
      - 'echo "Using Buildah pod: $BUILDAH_POD"'
      - "echo '\U0001F511 Authenticating with Docker registry...'"
      - if [ -n "$DOCKER_USERNAME" ] && [ -n "$DOCKER_PASSWORD" ]; then
      - '  echo "Logging into Docker registry..."'
      - '  kubectl exec $BUILDAH_POD -n apps--droneio--prd -- buildah login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" "$DOCKER_REGISTRY"'
      - else
      - '  echo "No Docker credentials provided - attempting unauthenticated push"'
      - fi
      - "echo '\U0001F680 Pushing image to registry...'"
      - kubectl exec $BUILDAH_POD -n apps--droneio--prd -- buildah push "$DOCKER_TAG"
      - 'echo "✅ Successfully pushed: $DOCKER_TAG"'
    environment:
      DOCKER_PASSWORD:
        from_secret: docker_password
      DOCKER_REGISTRY:
        from_secret: docker_registry
      DOCKER_USERNAME:
        from_secret: docker_username
    image: alpine:latest
    name: push-docker-image
    when:
      branch:
        - main
        - master
      event:
        - push
  - commands:
      - "echo '\U0001F53D Scaling down Buildah deployment (release build lock)...'"
      - apk add --no-cache curl
      - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
      - chmod +x kubectl && mv kubectl /usr/local/bin/
      - "echo '\U0001F4CA Current deployment status:'"
      - kubectl get deployment buildah-external -n apps--droneio--prd
      - "echo '\U0001F53D Scaling down to 0 replicas...'"
      - kubectl scale deployment buildah-external --replicas=0 -n apps--droneio--prd
      - echo '⏳ Waiting for pods to terminate...'
      - kubectl wait --for=delete pod -l app=buildah-external -n apps--droneio--prd --timeout=60s || echo "Pods may still be terminating"
      - echo '✅ Buildah deployment scaled down - build lock released!'
    image: alpine:latest
    name: scale-down-buildah
    when:
      status:
        - success
        - failure
trigger:
  event:
    - push
    - pull_request
type: kubernetes