apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: imagebuild
spec:
  description: |
    This pipeline clones a git repo, then echoes the README file to the stout.
  params:
  - name: url
    type: string
    description: The git repo URL to clone from.
  - name: revision
    type: string
    description: The git repo branch to checkout.
  - name: image
    type: string
    description: The image to build.
  - name: apiurl
    type: string
    description: The gitea api url.
  - name: requesttype
    type: string
    description: The gitea request type = pullrequet or release
  - name: requestid
    type: string
    description: The gitea request id.
  - name: access_token
    type: string
    description: The gitea access_token id.
  - name: dockerfile
    type: string
    description: Path to the Dockerfile to build.

  workspaces:
  - name: shared-data
  - name: config
  - name: docker-credentials

  tasks:
  # ⭐ Image Tag Formater
  - name: imageformater
    taskRef:
      name:  imageformater
    params:
    - name: image
      value: $(params.image)

  # 📥 Clone du repo git
  - name: gitclone
    taskRef:
      name: git-clone
    workspaces:
    - name: output
      workspace: shared-data
    params:
    - name: url
      value: $(params.url)
    - name: revision
      value: $(params.revision)
    - name: submodules
      value: 'false'
    - name: depth
      value: '50'

  # 🔨 Build de l'image
  - name: kaniko-build
    taskRef:
      name: kaniko
    runAfter: ["gitclone"]
    params:
      - name: IMAGE
        value: $(tasks.imageformater.results.imagetag)
      - name: BUILDER_IMAGE
        value: gcr.io/kaniko-project/executor:v1.20.0
      - name: DOCKERFILE
        value: $(params.dockerfile)
      - name: EXTRA_ARGS
        value:
          - --skip-tls-verify
          - --insecure
          - --no-push
          - --tarPath=$(workspaces.source.path)/image.tar
          - --destination=$(tasks.imageformater.results.imagetag)
    workspaces:
      - name: source
        workspace: shared-data
      - name: dockerconfig
        workspace: docker-credentials

   # 🔎 Scan de l'image
  - name: trivy-scan
    taskRef:
      name: trivy-scanner
      kind: Task
    params:
      - name: IMAGE_PATH
        value: "$(workspaces.manifest-dir.path)/image.tar"
    workspaces:
      - name: manifest-dir
        workspace: shared-data
    runAfter:
      - kaniko-build

  # 🚀 Publication de l'image
  - name: publish
    taskRef:
      name: crane-task
    workspaces:
      - name: source
        workspace: shared-data
      - name: dockerconfig
        workspace: docker-credentials
    params:
      - name: IMAGE
        value: $(tasks.imageformater.results.imagetag)
    runAfter:
      - trivy-scan

  finally:
  # 🧹 Cleanup
  - name: cleanup-workspace
    taskRef:
      name: cleanup-workspace
      kind: Task
    workspaces:
      - name: source
        workspace: shared-data