---
kind: pipeline
type: kubernetes
name: build

metadata:
  labels:
    pod-security.kubernetes.io/audit: privileged

services:
  - name: docker daemon
    image: docker:dind
    privileged: true
    environment:
      DOCKER_TLS_CERTDIR: ""

steps:
  - name: container build
    image: docker:latest
    privileged: true
    commands:
      - "while ! docker stats --no-stream; do sleep 1; done"
      - "docker build -t $DOCKER_REGISTRY/starship/coreid ."
      - "docker push $DOCKER_REGISTRY/starship/coreid"
    environment:
      DOCKER_HOST: tcp://localhost:2375
      DOCKER_REGISTRY:
        from_secret: DOCKER_REGISTRY

  - name: environment substitution
    image: rockylinux:9.0-minimal
    commands:
      - microdnf install -y gettext
      - cd deploy && mkdir ../deploy-subst && bash -c 'for f in *.yaml; do envsubst < $f > ../deploy-subst/$f; done'
    environment:
      COREID_DOMAIN:
        from_secret: COREID_DOMAIN
      DOCKER_REGISTRY:
        from_secret: DOCKER_REGISTRY
      COREID_DATABASE_HOST:
        from_secret: COREID_DATABASE_HOST
      COREID_DATABASE_NAME:
        from_secret: COREID_DATABASE_NAME
      COREID_LDAP_BASE_DC:
        from_secret: COREID_LDAP_BASE_DC
      COREID_REDIS_HOST:
        from_secret: COREID_REDIS_HOST
      COREID_SMTP_HOST:
        from_secret: COREID_SMTP_HOST
    when:
      event:
        - tag
        - promote

  - name: k8s rollout
    image: bitnami/kubectl
    privileged: true
    commands:
      - cd deploy-subst && kubectl apply -f .
      - kubectl rollout restart deployment/coreid-www -n starship
      - kubectl rollout restart deployment/coreid-jobs -n starship
    depends_on:
      - container build
      - environment substitution
    when:
      event:
        - tag
        - promote