kind: pipeline
type: kubernetes
name: deploy-backend

# ---------------------------------------------
# ETAPA 1 - BUILD E PUSH PARA O HARBOR (KANIKO)
# ---------------------------------------------
steps:
  - name: build-and-push-backend
    image: docker.io/kanikoproject/executor:debug   # <<< CORRIGIDO!

    environment:
      DOCKER_CONFIG: /kaniko/.docker/

      HARBOR_USERNAME:
        from_secret: HARBOR_USERNAME
      HARBOR_PASSWORD:
        from_secret: HARBOR_PASSWORD

    volumes:
      - name: docker-config
        path: /kaniko/.docker

    commands:
      - echo "Configuring Kaniko auth…"

      - |
        cat <<EOF > /kaniko/.docker/config.json
        {
          "auths": {
            "in.gohorsejobs.com": {
              "username": "${HARBOR_USERNAME}",
              "password": "${HARBOR_PASSWORD}"
            }
          }
        }
        EOF

      - echo "Running Kaniko build and push..."
      - /kaniko/executor \
          --context ./backend \
          --dockerfile ./backend/Dockerfile \
          --destination in.gohorsejobs.com/gohorsejobs-backend:latest \
          --skip-tls-verify \
          --insecure \
          --insecure-pull

# ---------------------------------------------
# ETAPA 2 – DEPLOY NO K3S
# ---------------------------------------------
  - name: deploy-backend
    image: bitnami/kubectl:latest

    environment:

      KUBERNETES_SERVER:
        from_secret: K3S_SERVER
      KUBERNETES_CA:
        from_secret: K3S_CA_CERT
      KUBERNETES_CLIENT_CERT:
        from_secret: K3S_CLIENT_CERT
      KUBERNETES_CLIENT_KEY:
        from_secret: K3S_CLIENT_KEY

      DB_HOST: { from_secret: DB_HOST }
      DB_PORT: { from_secret: DB_PORT }
      DB_USER: { from_secret: DB_USER }
      DB_PASSWORD: { from_secret: DB_PASSWORD }
      DB_NAME: { from_secret: DB_NAME }
      DB_SSLMODE: { from_secret: DB_SSLMODE }

      AWS_REGION: { from_secret: AWS_REGION }
      AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID }
      AWS_SECRET_ACCESS_KEY: { from_secret: AWS_SECRET_ACCESS_KEY }
      AWS_ENDPOINT: { from_secret: AWS_ENDPOINT }
      S3_BUCKET: { from_secret: S3_BUCKET }

      JWT_SECRET: { from_secret: JWT_SECRET }
      ENV: { from_secret: ENV }
      CORS_ORIGINS: { from_secret: CORS_ORIGINS }
      MAX_UPLOAD_SIZE: { from_secret: MAX_UPLOAD_SIZE }
      UPLOAD_DIR: { from_secret: UPLOAD_DIR }

    commands:
      - echo "Creating kubeconfig…"
      - mkdir -p ~/.kube

      - |
        cat <<EOF > ~/.kube/config
        apiVersion: v1
        kind: Config
        clusters:
        - name: k3s
          cluster:
            server: ${KUBERNETES_SERVER}
            certificate-authority-data: ${KUBERNETES_CA}
        users:
        - name: drone
          user:
            client-certificate-data: ${KUBERNETES_CLIENT_CERT}
            client-key-data: ${KUBERNETES_CLIENT_KEY}
        contexts:
        - name: drone-context
          context:
            cluster: k3s
            user: drone
            namespace: gohorsejobs
        current-context: drone-context
        EOF

      - echo "Applying manifests..."
      - kubectl apply -f k8s/backend-deployment.yaml
      - kubectl apply -f k8s/backend-service.yaml

# ---------------------------------------------
# VOLUMES
# ---------------------------------------------
volumes:
  - name: docker-config
    emptyDir: {}