kind: pipeline
type: docker
name: default
trigger:
  branch:
    - master

steps:
- name: debug-secrets
  image: alpine
  environment:
    VAULT_API_URL:
      from_secret: VAULT_API_URL
  commands:
    - 'echo "Docker Registry URL: $${VAULT_API_URL}"'
  when:
    event:
      - push
      - tag

# Build and publish with Docker layer caching
- name: publish
  image: plugins/docker
  # CRITICAL: Enable BuildKit at step environment level (not build_args!)
  environment:
    DOCKER_BUILDKIT: "1"
  settings:
    build_args:
      # Enable inline cache export to registry
      - BUILDKIT_INLINE_CACHE=1
      # Application build arguments
      - NEXT_PUBLIC_PYTHON_API_URL=https://api.playchoo.com
      - NEXT_PUBLIC_AUTH_BACKEND_URL=https://manager-auth.api.playchoo.com
      - NEXT_PUBLIC_SWISSOID_TARGET_SERVICE_HANDLE=playchoo-manager
      - NEXT_PUBLIC_APP_VERSION=${DRONE_COMMIT_SHA:0:7}
      - NEXT_PUBLIC_WEBSOCKET_URL=wss://api.playchoo.com
    dockerfile: docker/Dockerfile
    context: .
    registry: registry.sn48.zivili.ch
    repo: registry.sn48.zivili.ch/meow/playchoo-manager-nextjs
    tags:
      - "amd64-1.0.0"
      - "latest"
    username:
      from_secret: PORTUS_USER
    password:
      from_secret: PORTUS_PASSWORD
    debug: true
    launch_debug: true
    force_tag: true
    # Pull cache from registry images
    cache_from:
      - "registry.sn48.zivili.ch/meow/playchoo-manager-nextjs:latest"
      - "registry.sn48.zivili.ch/meow/playchoo-manager-nextjs:amd64-1.0.0"
    daemon_off: true
  when:
    event:
      - push
      - tag

- name: deploy
  image: registry.sn48.zivili.ch/meow/drone-deploy:amd64-1.0.0
  pull: never
  settings:
    ssh_port:
      from_secret: SSH_PORT
    dockerconfigjson:
      from_secret: dockerconfigjson
    portus_user:
      from_secret: PORTUS_USER
    portus_password:
      from_secret: PORTUS_PASSWORD
    ssh_host:
      from_secret: SSH_HOST
    ssh_user:
      from_secret: SSH_USER
    ssh_key:
      from_secret: SSH_KEY
    ssh_fingerprint:
      from_secret: SSH_FINGERPRINT
    drone_agent1_token:
      from_secret: DRONE_AGENT1_TOKEN
    vault_api_url:
      from_secret: VAULT_API_URL

---
kind: secret
name: SSH_HOST
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_HOST

---
kind: secret
name: SSH_USER
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_USER

---
kind: secret
name: SSH_KEY
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_KEY

---
kind: secret
name: DRONE_AGENT1_TOKEN
get:
  path: kv/data/__drone-admin-secrets
  name: DRONE_AGENT1_TOKEN

---
kind: secret
name: VAULT_API_URL
get:
  path: kv/data/__drone-admin-secrets
  name: VAULT_API_URL

---
kind: secret
name: PORTUS_USER
get:
  path: kv/data/__drone-admin-secrets
  name: PORTUS_USER

---
kind: secret
name: PORTUS_PASSWORD
get:
  path: kv/data/__drone-admin-secrets
  name: PORTUS_PASSWORD

---
kind: secret
name: dockerconfigjson
get:
  path: kv/data/__drone-admin-secrets
  name: dockerconfigjson

image_pull_secrets:
  from_secret: dockerconfigjson

---
kind: secret
name: SSH_PORT
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_PORT

---
kind: secret
name: SSH_FINGERPRINT
get:
  path: kv/data/__drone-admin-secrets
  name: SSH_FINGERPRINT