apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: build-workflow-
spec:
  entrypoint: main
  arguments:
    parameters:
      - name: repo
        value: https://gitea.marcin00.pl/pikram/user-microservice.git
      - name: branch
        value: main
      - name: image
        value: marcin00.azurecr.io/user-microservice
      - name: registry_server
        value: marcin00.azurecr.io
  serviceAccountName: edu-agentpool
  volumeClaimTemplates:
  - metadata:
      name: workspace
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 128Mi
  volumes:
  - name: secrets-store
    csi:
      driver: secrets-store.csi.k8s.io
      readOnly: true
      volumeAttributes:
        secretProviderClass: azure-keyvault
  templates:

  # 🔁 Main steps sequence
  - name: main
    steps:
      - - name: checkout
          template: checkout
          arguments:
            parameters:
              - name: repo
                value: "{{workflow.parameters.repo}}"
              - name: branch
                value: "{{workflow.parameters.branch}}"
      - - name: tests
          template: tests
      - - name: build-test-and-push-image
          template: build-test-and-push-image
          arguments:
            parameters:
              - name: git-sha
                value: "{{steps.checkout.outputs.parameters.git-sha}}"

  # 📦 GIT CHECKOUT
  - name: checkout
    inputs:
      parameters:
        - name: repo
        - name: branch
    container:
      image: alpine/git
      command: [sh,-c]
      workingDir: /workspace
      args:
        - |
          git clone --depth 1 --branch "{{inputs.parameters.branch}}" --single-branch "{{inputs.parameters.repo}}" repo
          cd repo
          git rev-parse HEAD > /tmp/gitsha.txt
      volumeMounts:
        - name: workspace
          mountPath: /workspace
    outputs:
      parameters:
        - name: git-sha
          valueFrom:
            path: /tmp/gitsha.txt

  # 🧪 PYTHON TESTS
  - name: tests
    script:
      image: python:3.11.7-alpine
      command: [sh]
      workingDir: /workspace/repo/api
      source: |
        python3 -m venv env
        . env/bin/activate
        pip install -r requirements.txt pytest
        python3 -m pytest --junit-xml=pytest_junit.xml
      volumeMounts:
        - name: workspace
          mountPath: /workspace

# 🐳 BUILDS AND GOSS TESTS
  - name: build-test-and-push-image
    inputs:
      parameters:
        - name: git-sha
    container:
      image: docker:dind
      command: [sh, -c]
      workingDir: /workspace/repo
      args:
        - |
          dockerd-entrypoint.sh &
          sleep 3
          DOCKER_IMAGE={{workflow.parameters.image}}:{{inputs.parameters.git-sha}}
          docker build -t $DOCKER_IMAGE .

          apk add --no-cache bash

          wget https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -O goss
          wget https://github.com/aelsabbahy/goss/releases/latest/download/dgoss -O dgoss
          chmod +rx *goss

          export GOSS_OPTS="-f junit"
          export GOSS_PATH=./goss
          export GOSS_SLEEP=3
          ./dgoss run -e SQLALCHEMY_DATABASE_URI=sqlite:///:memory: $DOCKER_IMAGE > /workspace/goss_junit.xml
          
          echo "===> Logging into ACR"
          ACR_PASSWORD=$(cat /mnt/secrets/acr-password)
          echo "$ACR_PASSWORD" | docker login {{workflow.parameters.registry_server}} -u $ACR_USERNAME --password-stdin

          echo "===> Pushing image to ACR"
          docker push $DOCKER_IMAGE
      env:
        - name: ACR_USERNAME
          value: marcin00
      securityContext:
        privileged: true
      volumeMounts:
        - name: workspace
          mountPath: /workspace
        - name: docker-library
          mountPath: /var/lib/docker
        - name: secrets-store
          mountPath: "/mnt/secrets"
          readOnly: true
    volumes:
      - name: docker-library
        emptyDir: {}