pipeline {
  agent any

  environment {
    REGISTRY          = "docker.io/adelyao"
    APP_NAME          = "employee"
    MANIFEST_REPO     = "https://git.winteraccess.id/adel/Employee-manifest.git"
    MANIFEST_CRED_ID  = "GIT_CRED_ID"
    DOCKER_CRED_ID    = "DOCKER_CRED_ID"
    BRANCHES          = "dev stag prod"
    MANIFEST_DIR      = "manifest"
  }

  parameters {
    string(name: 'IMAGE_TAG', defaultValue: '', description: 'Custom image tag (optional)')
  }

  stages {

    stage('Prepare Workspace') {
      steps {
        cleanWs()
        checkout scm
      }
    }

    stage('Install yq') {
      steps {
        sh '''
          if ! command -v yq &> /dev/null; then
            echo "Installing yq..."
            wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq
            chmod +x /usr/local/bin/yq
          fi
          yq --version
        '''
      }
    }

    stage('Build and Push Docker Images') {
      steps {
        script {
          def tag = params.IMAGE_TAG ?: "build-${env.BUILD_NUMBER}"
          echo "Building and pushing images with tag: ${tag}"

          withCredentials([usernamePassword(credentialsId: env.DOCKER_CRED_ID, usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) {
            sh """
              echo "\$DOCKER_PASS" | docker login -u "\$DOCKER_USER" --password-stdin

              # Build & push backend
              docker build -t ${REGISTRY}/${APP_NAME}-be:${tag} ./employee-be
              docker push ${REGISTRY}/${APP_NAME}-be:${tag}

              # Build & push frontend
              docker build -t ${REGISTRY}/${APP_NAME}-fe:${tag} ./employee-fe
              docker push ${REGISTRY}/${APP_NAME}-fe:${tag}

              docker logout
            """
          }

          env.IMAGE_TAG_FINAL = tag
        }
      }
    }

    stage('Update Manifests for All Environments') {
      steps {
        script {
          withCredentials([usernamePassword(credentialsId: env.MANIFEST_CRED_ID, usernameVariable: 'GIT_USER', passwordVariable: 'GIT_PASS')]) {

            // Clone manifest repo pakai credential
            sh """
              rm -rf ${MANIFEST_DIR}
              git clone https://\$GIT_USER:\$GIT_PASS@${env.MANIFEST_REPO.replace('https://', '')} ${MANIFEST_DIR}
            """

            dir(env.MANIFEST_DIR) {
              env.BRANCHES.split().each { envName ->
                echo "🔹 Updating manifests for environment: ${envName}"

                sh """
                  git checkout ${envName} || git checkout -b ${envName}

                  # Update backend & frontend image tags di overlay sesuai environment
                  yq e -i '.spec.template.spec.containers[0].image = "${REGISTRY}/${APP_NAME}-be:${envName}-${env.IMAGE_TAG_FINAL}"' overlays/${envName}/patch-deployment.yaml
                  yq e -i '.spec.template.spec.containers[0].image = "${REGISTRY}/${APP_NAME}-fe:${envName}-${env.IMAGE_TAG_FINAL}"' overlays/${envName}/patch-deployment.yaml

                  git add overlays/${envName}/patch-deployment.yaml overlays/${envName}/patch-deployment.yaml
                  git commit -m "chore(${envName}): update image tags to ${envName}-${env.IMAGE_TAG_FINAL}" || echo "No changes for ${envName}"
                  git push https://\$GIT_USER:\$GIT_PASS@${env.MANIFEST_REPO.replace('https://', '')} ${envName}
                """
              }
            }
          }
        }
      }
    }

    stage('ArgoCD Sync (optional)') {
      steps {
        echo "If ArgoCD auto-sync is enabled, updates will deploy automatically."
      }
    }
  }

  post {
    success {
      echo "✅ GitOps pipeline completed successfully for dev, stag, and prod!"
    }
    failure {
      echo "❌ Pipeline failed. Check logs for details."
    }
  }
}