---
kind: pipeline
type: kubernetes
name: build

metadata:
  labels:
    pod-security.kubernetes.io/audit: privileged

services:
  - name: docker daemon
    image: docker:dind
    privileged: true
    environment:
      DOCKER_TLS_CERTDIR: ""
    when:
      event:
        - tag
        - promote

steps:
  - name: container build
    image: docker:latest
    privileged: true
    commands:
      - "while ! docker stats --no-stream; do sleep 1; done"
      - docker image build -t $DOCKER_REGISTRY/noded/backend .
      - docker push $DOCKER_REGISTRY/noded/backend
    environment:
      DOCKER_REGISTRY:
        from_secret: DOCKER_REGISTRY
      DOCKER_HOST: tcp://localhost:2375
    when:
      event:
        - tag
        - promote

  - name: environment substitution
    image: rockylinux:9.0-minimal
    commands:
      - microdnf install -y gettext
      - cd deploy && mkdir ../deploy-subst && bash -c 'for f in *.yaml; do envsubst < $f > ../deploy-subst/$f; done'
    environment:
      NODED_DOMAIN:
        from_secret: NODED_DOMAIN
      NODED_DATABASE_HOST:
        from_secret: NODED_DATABASE_HOST
      NODED_REDIS_HOST:
        from_secret: NODED_REDIS_HOST
      NODED_DATABASE_NAME:
        from_secret: NODED_DATABASE_NAME
    when:
      event:
        - tag
        - promote

  - name: k8s rollout
    image: bitnami/kubectl
    commands:
      - cd deploy-subst && kubectl apply -f .
      - kubectl rollout restart -n noded deployment/noded-backend
    depends_on:
      - container build
      - environment substitution
    when:
      event:
        - tag
        - promote