# Tekton Kaniko Build Task for Bakery-IA CI/CD
# This task builds and pushes container images using Kaniko
# Supports environment-configurable base images via build-args

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: kaniko-build
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: build
spec:
  workspaces:
    - name: source
      description: Workspace containing the source code
    - name: docker-credentials
      description: Docker registry credentials
  params:
    - name: services
      type: string
      description: Comma-separated list of services to build
    - name: registry
      type: string
      description: Container registry URL for pushing built images
    - name: git-revision
      type: string
      description: Git revision to tag images with
    - name: base-registry
      type: string
      description: Base image registry URL (e.g., docker.io, ghcr.io/org)
      default: "registry.bakewise.ai/bakery-admin"
    - name: python-image
      type: string
      description: Python base image name and tag
      default: "python_3.11-slim"
  results:
    - name: build-status
      description: Status of the build operation
  steps:
    - name: build-and-push
      image: gcr.io/kaniko-project/executor:v1.15.0-debug
      securityContext:
        runAsNonRoot: true
        runAsUser: 65532
        allowPrivilegeEscalation: false
        capabilities:
          drop:
            - ALL
        seccompProfile:
          type: RuntimeDefault
      env:
        - name: DOCKER_CONFIG
          value: /tekton/home/.docker
      script: |
        #!/busybox/sh
        set -e

        echo "==================================================================="
        echo "Kaniko Build Configuration"
        echo "==================================================================="
        echo "Target Registry: $(params.registry)"
        echo "Base Registry:   $(params.base-registry)"
        echo "Python Image:    $(params.python-image)"
        echo "Git Revision:    $(params.git-revision)"
        echo "Services param:  $(params.services)"
        echo "==================================================================="

        SERVICES_PARAM="$(params.services)"
        WORKSPACE="$(workspaces.source.path)"

        # Handle "all" case by discovering services from workspace
        if [ "$SERVICES_PARAM" = "all" ]; then
          echo "Building all services - discovering from workspace..."
          SERVICES=""
          # Find all services with Dockerfiles
          for dir in "$WORKSPACE"/services/*/; do
            if [ -f "${dir}Dockerfile" ]; then
              svc_name=$(basename "$dir")
              if [ -z "$SERVICES" ]; then
                SERVICES="$svc_name"
              else
                SERVICES="$SERVICES,$svc_name"
              fi
            fi
          done
          # Add gateway if it has Dockerfile
          if [ -f "$WORKSPACE/gateway/Dockerfile" ]; then
            SERVICES="$SERVICES,gateway"
          fi
          # Add frontend if it has Dockerfile.kubernetes
          if [ -f "$WORKSPACE/frontend/Dockerfile.kubernetes" ]; then
            SERVICES="$SERVICES,frontend"
          fi
          echo "Discovered services: $SERVICES"
        else
          SERVICES="$SERVICES_PARAM"
        fi

        # Build each service
        echo "$SERVICES" | tr ',' '\n' | while read service; do
          service=$(echo "$service" | tr -d ' ')  # Trim whitespace
          if [ -n "$service" ] && [ "$service" != "none" ] && [ "$service" != "infrastructure" ] && [ "$service" != "shared" ]; then
            echo ""
            echo "Building service: $service"
            echo "-------------------------------------------------------------------"

            # Determine Dockerfile path (services vs gateway vs frontend)
            if [ "$service" = "gateway" ]; then
              DOCKERFILE_PATH="$WORKSPACE/gateway/Dockerfile"
            elif [ "$service" = "frontend" ]; then
              DOCKERFILE_PATH="$WORKSPACE/frontend/Dockerfile.kubernetes"
            else
              DOCKERFILE_PATH="$WORKSPACE/services/$service/Dockerfile"
            fi

            # Check if Dockerfile exists
            if [ ! -f "$DOCKERFILE_PATH" ]; then
              echo "Warning: Dockerfile not found at $DOCKERFILE_PATH, skipping..."
              continue
            fi

            /kaniko/executor \
              --dockerfile="$DOCKERFILE_PATH" \
              --destination="$(params.registry)/$service:$(params.git-revision)" \
              --context="$WORKSPACE" \
              --build-arg="BASE_REGISTRY=$(params.base-registry)" \
              --build-arg="PYTHON_IMAGE=$(params.python-image)" \
              --cache=true \
              --cache-repo="$(params.registry)/cache"

            echo "Successfully built: $(params.registry)/$service:$(params.git-revision)"
          fi
        done

        echo ""
        echo "==================================================================="
        echo "Build completed successfully!"
        echo "==================================================================="
        echo "success" > $(results.build-status.path)
      resources:
        limits:
          cpu: 2000m
          memory: 4Gi
        requests:
          cpu: 500m
          memory: 1Gi