kind: pipeline
type: docker
name: default

trigger:
  branch:
    - manager

steps:
- name: debug-secrets
  # image: alpine (to get it from dockerhub)
  image: registry.sn48.zivili.ch/library/alpine:3.20
  environment:
    VAULT_API_URL:
      from_secret: VAULT_API_URL
  commands:
    - 'echo "Docker Registry URL: $${VAULT_API_URL}"'
  when:
    event:
      - push
      - tag

- name: publish
  image: registry.sn48.zivili.ch/library/plugins-docker:24.0.0
  # CRITICAL: Enable BuildKit at step environment level (not build_args!)
  environment:
    DOCKER_BUILDKIT: "1"
  settings:
    build_args:
      # Enable inline cache export to registry
      - BUILDKIT_INLINE_CACHE=1
    dockerfile: Dockerfile
    context: .
    registry: registry.sn48.zivili.ch
    repo: registry.sn48.zivili.ch/meow/playchoo-manager-auth
    tags:
      - "amd64-1.0.0"
      - "latest"
    username:
      from_secret: PORTUS_USER
    password:
      from_secret: PORTUS_PASSWORD
    debug: true
    launch_debug: true
    force_tag: true
    # Pull cache from registry images
    cache_from:
      - "registry.sn48.zivili.ch/meow/playchoo-manager-auth:latest"
      - "registry.sn48.zivili.ch/meow/playchoo-manager-auth:amd64-1.0.0"
  when:
    event:
      - push
      - tag

- name: deploy
  image: registry.sn48.zivili.ch/meow/drone-deploy:amd64-1.0.0
  pull: never
  settings:
    ssh_port:
      from_secret: SSH_PORT
    dockerconfigjson:
      from_secret: dockerconfigjson
    portus_user:
      from_secret: PORTUS_USER
    portus_password:
      from_secret: PORTUS_PASSWORD
    ssh_host:
      from_secret: SSH_HOST
    ssh_user:
      from_secret: SSH_USER
    ssh_key:
      from_secret: SSH_KEY
    ssh_fingerprint:
      from_secret: SSH_FINGERPRINT
    drone_agent1_token:
      from_secret: DRONE_AGENT1_TOKEN
    vault_api_url:
      from_secret: VAULT_API_URL

---
kind: secret
name: SSH_HOST
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_HOST

---
kind: secret
name: SSH_USER
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_USER

---
kind: secret
name: SSH_KEY
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_KEY

---
kind: secret
name: DRONE_AGENT1_TOKEN
get:
  path: kv/data/__drone-admin-secrets
  name: DRONE_AGENT1_TOKEN

---
kind: secret
name: VAULT_API_URL
get:
  path: kv/data/__drone-admin-secrets
  name: VAULT_API_URL

---
kind: secret
name: PORTUS_USER
get:
  path: kv/data/__drone-admin-secrets
  name: PORTUS_USER

---
kind: secret
name: PORTUS_PASSWORD
get:
  path: kv/data/__drone-admin-secrets
  name: PORTUS_PASSWORD

---
kind: secret
name: dockerconfigjson
get:
  path: kv/data/__drone-admin-secrets
  name: dockerconfigjson

image_pull_secrets:
  from_secret: dockerconfigjson

---
kind: secret
name: SSH_PORT
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_PORT

---
kind: secret
name: SSH_FINGERPRINT
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_FINGERPRINT