apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: build-workflow-
spec:
  entrypoint: main
  arguments:
    parameters:
      - name: repo
        value: https://gitea.marcin00.pl/pikram/user-microservice.git
      - name: branch
        value: dev
      - name: image
        value: marcin00.azurecr.io/user-microservice
      - name: acr-name
        value: marcin00
      - name: client-id # client-id of the user-assigned managed identity used by cluster
        value: c302726f-fafb-4143-94c1-67a70975574a
  serviceAccountName: argo-workflows-user
  volumeClaimTemplates:
  - metadata:
      name: workspace
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 128Mi
  volumes:
  - name: secrets-store
    csi:
      driver: secrets-store.csi.k8s.io
      readOnly: true
      volumeAttributes:
        secretProviderClass: azure-keyvault
  templates:

  # Main steps sequence
  - name: main
    steps:
      - - name: checkout
          template: checkout
          arguments:
            parameters:
              - name: repo
                value: "{{workflow.parameters.repo}}"
              - name: branch
                value: "{{workflow.parameters.branch}}"
      - - name: tests
          template: tests
      - - name: build-and-push-image
          template: build-and-push-image
          arguments:
            parameters:
              - name: git-sha
                value: "{{steps.checkout.outputs.parameters.git-sha}}"

  # GIT CHECKOUT
  - name: checkout
    inputs:
      parameters:
        - name: repo
        - name: branch
    container:
      image: alpine/git
      command: [sh,-c]
      workingDir: /workspace
      args:
        - |
          git clone --depth 1 --branch "{{inputs.parameters.branch}}" --single-branch "{{inputs.parameters.repo}}" repo
          cd repo
          git rev-parse HEAD > /tmp/gitsha.txt
      volumeMounts:
        - name: workspace
          mountPath: /workspace
    outputs:
      parameters:
        - name: git-sha
          valueFrom:
            path: /tmp/gitsha.txt

  # PYTHON TESTS
  - name: tests
    script:
      image: python:3.11.7-alpine
      command: [sh]
      workingDir: /workspace/repo/api
      source: |
        python3 -m venv env
        source env/bin/activate
        pip install -r requirements.txt pytest
        python3 -m pytest --junit-xml=pytest_junit.xml
      volumeMounts:
        - name: workspace
          mountPath: /workspace

  # BUILD AND PUSH DOCKER IMAGE
  - name: build-and-push-image
    inputs:
      parameters:
        - name: git-sha
    metadata:
      annotations:
        io.kubernetes.cri-o.userns-mode: "auto:size=65536"
    container:
      image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm
      command: [sh, -c]
      workingDir: /workspace/repo
      args:
        - |
          dockerd &
          CI_COMMIT_SHA={{inputs.parameters.git-sha}}
          DOCKER_IMAGE={{workflow.parameters.image}}:${CI_COMMIT_SHA}
          docker build -t $DOCKER_IMAGE --build-arg APP_VERSION=${CI_COMMIT_SHA} --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") .
          
          az login --identity --client-id {{workflow.parameters.client_id}}
          az acr login --name {{workflow.parameters.acr-name}}
          docker push ${DOCKER_IMAGE}
      runtimeClassName: sysbox-runc
      volumeMounts:
        - name: workspace
          mountPath: /workspace