# Production Deployment Pipeline for Bakery-IA
# This pipeline handles production deployments with manual approval gate
# It should be triggered after the CI pipeline succeeds

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: bakery-ia-prod-deploy
  namespace: tekton-pipelines
  labels:
    app.kubernetes.io/name: bakery-ia-cicd
    app.kubernetes.io/component: pipeline
    app.kubernetes.io/environment: production
spec:
  workspaces:
    - name: shared-workspace
      description: Shared workspace for source code
    - name: git-credentials
      description: Git credentials for pushing GitOps updates
      optional: true
  params:
    - name: git-url
      type: string
      description: Repository URL
    - name: git-revision
      type: string
      description: Git revision/commit hash to deploy
    - name: services
      type: string
      description: Comma-separated list of services to deploy
    - name: registry
      type: string
      description: Container registry URL
    - name: approver
      type: string
      description: Name of the person who approved this deployment
      default: "automated"
    - name: approval-ticket
      type: string
      description: Ticket/issue number for deployment approval
      default: "N/A"

  tasks:
    # Stage 1: Fetch source code
    - name: fetch-source
      taskRef:
        name: git-clone
      workspaces:
        - name: output
          workspace: shared-workspace
      params:
        - name: url
          value: $(params.git-url)
        - name: revision
          value: $(params.git-revision)

    # Stage 2: Verify images exist in registry
    - name: verify-images
      runAfter: [fetch-source]
      taskRef:
        name: verify-images
      params:
        - name: services
          value: $(params.services)
        - name: registry
          value: $(params.registry)
        - name: git-revision
          value: $(params.git-revision)

    # Stage 3: Pre-deployment validation
    - name: pre-deploy-validation
      runAfter: [verify-images]
      taskRef:
        name: pre-deploy-validation
      workspaces:
        - name: source
          workspace: shared-workspace
      params:
        - name: services
          value: $(params.services)
        - name: environment
          value: "production"

    # Stage 4: Update production manifests
    - name: update-prod-manifests
      runAfter: [pre-deploy-validation]
      taskRef:
        name: update-gitops
      workspaces:
        - name: source
          workspace: shared-workspace
        - name: git-credentials
          workspace: git-credentials
      params:
        - name: services
          value: $(params.services)
        - name: registry
          value: $(params.registry)
        - name: git-revision
          value: $(params.git-revision)
        - name: git-branch
          value: "main"
        - name: dry-run
          value: "false"

  finally:
    - name: deployment-summary
      taskRef:
        name: prod-deployment-summary
      params:
        - name: services
          value: $(params.services)
        - name: git-revision
          value: $(params.git-revision)
        - name: approver
          value: $(params.approver)
        - name: approval-ticket
          value: $(params.approval-ticket)