# Woodpecker CI - Build all services + update GitOps with image digests
#
# Secrets required in Woodpecker:
# - REGISTRY_HOSTPORT, REGISTRY_USERNAME, REGISTRY_PASSWORD (existing)
# - GITOPS_REPO_URL, GITOPS_BRANCH, GITOPS_TOKEN, GITOPS_USERNAME, GITOPS_EMAIL

when:
  branch: [main, high-performance]
  event: push

concurrency:
  limit: 4

matrix:
  SERVICE:
    - gateway
    - users
    - companies
    - jobs
    - leads
    - job-seekers
    - customers
    - payments
    - employees
    - photographers
    - makeup-artists
    - tutors
    - developers
    - video-editors
    - graphic-designers
    - social-media-managers
    - fitness-trainers
    - catering-services
    - ugc-content-creators
    - cron

steps:
  - name: build-and-push
    image: woodpeckerci/plugin-kaniko:2.1.1
    settings:
      registry:
        from_secret: REGISTRY_HOSTPORT
      repo: nxtgauge-rust-${SERVICE}
      dockerfile: Dockerfile.simple
      build_args:
        - SERVICE_NAME=${SERVICE}
      tags:
        - ${CI_COMMIT_SHA}
        - latest
        - high-performance-latest
      username:
        from_secret: REGISTRY_USERNAME
      password:
        from_secret: REGISTRY_PASSWORD
      insecure: true
      insecure_pull: true
      skip_tls_verify: true
      platforms: linux/amd64
      cache: false

  - name: update-gitops
    image: alpine:latest
    environment:
      GITOPS_REPO_URL:
        from_secret: GITOPS_REPO_URL
      GITOPS_BRANCH:
        from_secret: GITOPS_BRANCH
      GITOPS_TOKEN:
        from_secret: GITOPS_TOKEN
    commands:
      - |
        set -e
        apk add --no-cache git bash sed

        SERVICE_IMAGE="registry.nxtgauge.com:5000/nxtgauge-rust-${SERVICE}:${CI_COMMIT_SHA}"
        echo "Service: ${SERVICE}, Image: ${SERVICE_IMAGE}"

        # Clone gitops repo
        GIT_REPO=$(echo "${GITOPS_REPO_URL}" | sed 's|https://||')
        git clone "https://x-access-token:${GITOPS_TOKEN}@${GIT_REPO}" /tmp/gitops
        cd /tmp/gitops
        git checkout ${GITOPS_BRANCH:-main}

        # Find and update the image in backend overlay
        BACKEND_OVERLAY="apps/nxtgauge-backend-rust/overlays/prod"
        if [ -f "${BACKEND_OVERLAY}/kustomization.yaml" ]; then
          # Update to use SHA tag
          sed -i "s|image: registry.nxtgauge.com:5000/nxtgauge-rust-${SERVICE}:.*|image: registry.nxtgauge.com:5000/nxtgauge-rust-${SERVICE}:${CI_COMMIT_SHA}|" \
            ${BACKEND_OVERLAY}/kustomization.yaml
          echo "Updated ${SERVICE} in ${BACKEND_OVERLAY}/kustomization.yaml"
        fi

        # Commit if changed
        if ! git diff --quiet; then
          git add -A
          git commit -m "ci: update ${SERVICE} to ${CI_COMMIT_SHA:0:8}"
          git push origin ${GITOPS_BRANCH:-main}
          echo "Pushed GitOps update"
        else
          echo "No changes to push"
        fi
    when:
      status: success
      matrix:
        SERVICE: [gateway, users]

---
# Database migrations pipeline
when:
  branch: [main, high-performance]
  event: push

steps:
  - name: build-and-push-migrate
    image: woodpeckerci/plugin-kaniko:2.1.1
    settings:
      registry:
        from_secret: REGISTRY_HOSTPORT
      repo: nxtgauge-db-migrate
      dockerfile: Dockerfile.migrate
      context: .
      tags:
        - ${CI_COMMIT_SHA}
        - latest
        - high-performance-latest
      username:
        from_secret: REGISTRY_USERNAME
      password:
        from_secret: REGISTRY_PASSWORD
      insecure: true
      insecure_pull: true
      skip_tls_verify: true
      platforms: linux/amd64
      cache: false