apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: imagebuild
spec:
  description: |
    This pipeline clones a git repo, then echoes the README file to the stout.
  params:
  - name: url
    type: string
    description: The git repo URL to clone from.
  - name: revision
    type: string
    description: The git repo branch to checkout.
  - name: image
    type: string
    description: The image to build.
  - name: context
    type: string
    description: The context of image to build.
  - name: tag
    type: string
    description: The image tag.
  - name: dockerfile
    type: string
    description: Path to the Dockerfile to build.
  - name: registry
    description: Registry of the Docker image
  - name: apiurl
    type: string
    description: The gitea api url.
  - name: requesttype
    type: string
    description: The gitea request type = "pullrequest / release".
  - name: requestid
    type: string
    description: The gitea request id.


  workspaces:
  - name: shared-data
  - name: docker-credentials
  - name: git-credentials
  - name: gitea-access-token

  tasks:

  # 📥 Clone du repo git
  - name: gitclone
    taskRef:
      name: git-clone
    workspaces:
    - name: output
      workspace: shared-data
    - name: ssh-directory
      workspace: git-credentials
    params:
    - name: url
      value: $(params.url)
    - name: revision
      value: $(params.revision)
    - name: submodules
      value: 'false'
    - name: depth
      value: '50'

  # ⭐ Image Tag Formater
  - name: imageformater
    taskRef:
      name:  imageformater
    runAfter: ["gitclone"]
    workspaces:
    - name: source
      workspace: shared-data
    params:
    - name: revision
      value: $(params.revision)

  # 🔨 Build de l'image
  - name: kaniko-build
    taskRef:
      name: kaniko
    runAfter: ["imageformater"]
    params:
      - name: IMAGE
        value: $(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
      - name: BUILDER_IMAGE
        value: gcr.io/kaniko-project/executor:v1.20.0
      - name: DOCKERFILE
        value: $(params.dockerfile)
      - name: CONTEXT
        value: $(params.context)
      - name: EXTRA_ARGS
        value:
          - --skip-tls-verify
          - --insecure
          - --no-push
          - --tarPath=$(workspaces.source.path)/image.tar
          - --destination=$(params.registry)/$(params.image):$(tasks.imageformater.results.imagetag)
    workspaces:
      - name: source
        workspace: shared-data
      - name: dockerconfig
        workspace: docker-credentials

   # 🔎 Scan de l'image
  - name: trivy-scan
    taskRef:
      name: trivy-scanner
      kind: Task
    params:
      - name: IMAGE_PATH
        value: "$(workspaces.manifest-dir.path)/image.tar"
    workspaces:
      - name: manifest-dir
        workspace: shared-data
    runAfter:
      - kaniko-build

  # 📨 Envoyer du resulat de trivy à gitea
  - name: trivy-giteacomment
    taskRef:
      name: giteacomment
    workspaces:
    - name: source
      workspace: shared-data
    - name: gitea-access-token
      workspace: gitea-access-token
    params:
    - name: apiurl
      value: $(params.apiurl)
    - name: requestid
      value: $(params.requestid)
    - name: title
      value: "TRIVY"
    - name: filepath
      value: "temp_trivy.txt"
    runAfter:
      - trivy-scan

  # 🚀 Publication de l'image
  - name: publish
    taskRef:
      name: crane-task
    workspaces:
      - name: source
        workspace: shared-data
      - name: dockerconfig
        workspace: docker-credentials
    params:
      - name: IMAGE_TAG
        value: $(tasks.imageformater.results.imagetag)
      - name: IMAGE
        value: $(params.image)
      - name: REGISTRY
        value: $(params.registry)
    runAfter:
      - trivy-scan



  finally:
  # 🧹 Cleanup
  - name: cleanup-workspace
    taskRef:
      name: cleanup-workspace
      kind: Task
    workspaces:
      - name: source
        workspace: shared-data