pipeline {
  agent {
    kubernetes {
      label 'harbor-arm-build'
      defaultContainer 'git'
      yaml """
apiVersion: v1
kind: Pod
spec:
  containers:
  - name: git
    image: alpine/git:2.45.2
    command: ['cat']
    tty: true
    volumeMounts:
    - mountPath: /home/jenkins/agent
      name: workspace-volume
  - name: kaniko
    image: gcr.io/kaniko-project/executor:v1.23.2-debug
    command: ['cat']
    tty: true
    volumeMounts:
    - mountPath: /home/jenkins/agent
      name: workspace-volume
    - mountPath: /kaniko/.docker
      name: docker-config
  volumes:
  - name: workspace-volume
    emptyDir: {}
  - name: docker-config
    secret:
      secretName: harbor-robot-pipeline
      items:
      - key: .dockerconfigjson
        path: config.json
"""
    }
  }
  environment {
    REGISTRY = 'registry.bstein.dev'
    IMAGE    = 'infra/harbor-arm-build'
  }
  stages {
    stage('Checkout') {
      steps {
        container('git') {
          git credentialsId: 'gitea-pat', url: 'https://scm.bstein.dev/bstein/harbor-arm-build.git'
        }
      }
    }
    stage('Build & Push (kaniko)') {
      steps {
        container('kaniko') {
          sh '''
          set -euo pipefail
          cat > app.sh <<'APP'
          #!/usr/bin/env bash
          echo "hello harbor arm build $(date)"
          APP
          chmod +x app.sh

          cat > Dockerfile <<'DOCKER'
          FROM alpine:3.20
          COPY app.sh /usr/local/bin/app.sh
          RUN chmod +x /usr/local/bin/app.sh
          ENTRYPOINT ["/usr/local/bin/app.sh"]
          DOCKER

          /kaniko/executor \
            --context "${PWD}" \
            --dockerfile "${PWD}/Dockerfile" \
            --destination "${REGISTRY}/${IMAGE}:latest" \
            --snapshotMode=redo \
            --single-snapshot \
            --verbosity=info
          '''
        }
      }
    }
  }
}