variables:
  NODE_IMAGE: node:19-bullseye
  DOCKER_HOST: "tcp://docker-dind.gitlab-suma:2375"
  DOCKER_BUILD_IMAGE: docker:20.10.15
  DOCKER_IMAGE_NAME: keymanager
  DOCKER_TAG_NAME: $CI_COMMIT_SHA
  HELM_RELEASE_NAME: $CI_COMMIT_BRANCH
  KUBERNETES_NAMESPACE: keymanager
  KUBERNETES_DEPLOY_IMAGE: alpine/k8s:1.24.4

stages:
  - build
  - deploy

npm_deps:
  stage: build
  image: ${NODE_IMAGE}
  variables:
    npm_config_cache: ${CI_PROJECT_DIR}/pass/.npm
  cache:
    key: npm-cache
    paths:
      - pass/.npm
  artifacts:
    public: false
    paths:
      - pass/node_modules
  script:
    - cd pass
    - npm i
    - chown -R 1000:1000 node_modules
  only:
    - main

build:
  stage: build
  image: ${DOCKER_BUILD_IMAGE}
  needs:
    - job: npm_deps
      artifacts: true
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - docker build --network=host -t ${CI_REGISTRY_IMAGE}/${DOCKER_IMAGE_NAME}:${DOCKER_TAG_NAME} -f ./build/pass/Dockerfile .
    - docker push ${CI_REGISTRY_IMAGE}/${DOCKER_IMAGE_NAME}:${DOCKER_TAG_NAME}
  after_script:
    - docker logout $CI_REGISTRY
  only:
    - main

update_secret:
  stage: build
  image: ${KUBERNETES_DEPLOY_IMAGE}
  before_script:
    - kubectl config use-context open-source/metager-keymanager:gitlab-agent
  script: |
    kubectl -n ${KUBERNETES_NAMESPACE} create secret generic ${HELM_RELEASE_NAME} \
      --from-file=production.json=${PRODUCTION_CONFIG} \
      --dry-run=client \
      --save-config \
      -o yaml | \
      kubectl apply -f -
    kubectl -n ${KUBERNETES_NAMESPACE} create secret generic ${HELM_RELEASE_NAME}-backuprsa \
      --from-file=id_rsa=${BACKUP_ID_RSA} \
      --from-file=known_hosts=${BACKUP_KNOWN_HOSTS} \
      --dry-run=client \
      --save-config \
      -o yaml | \
      kubectl apply -f -
    kubectl -n ${KUBERNETES_NAMESPACE} create secret generic ${HELM_RELEASE_NAME}-backupenv \
      --from-env-file=${BACKUP_ENV} \
      --dry-run=client \
      --save-config \
      -o yaml | \
      kubectl apply -f -
  only:
    - main

deploy:
  stage: deploy
  image: ${KUBERNETES_DEPLOY_IMAGE}
  before_script:
    - kubectl config use-context open-source/metager-keymanager:gitlab-agent
  script: |
    kubectl -n ${KUBERNETES_NAMESPACE} delete --ignore-not-found job keymanager-migration-job
    helm -n ${KUBERNETES_NAMESPACE} upgrade --install ${HELM_RELEASE_NAME} chart/ \
      --set application.secretName=${HELM_RELEASE_NAME} \
      --set image.repository=${CI_REGISTRY_IMAGE}/${DOCKER_IMAGE_NAME} \
      --set image.tag=${DOCKER_TAG_NAME} \
      --set namespace=${KUBERNETES_NAMESPACE}
  only:
    - main