pipeline {
  agent any

  environment {
    // --- Konfigurasi umum ---
    REGISTRY          = "docker.io/adelyao"
    APP_NAME          = "employee" 
    MANIFEST_REPO     = "https://git.winteraccess.id/adel/Employee-manifest.git"
    APP_REPO          = "https://git.winteraccess.id/adel/Employee-app.git"
    MANIFEST_CRED_ID  = "GIT_CRED_ID"
    DOCKER_CRED_ID    = "DOCKER_CRED_ID"
    BRANCH            = "main"
  }

  parameters {
    string(name: 'IMAGE_TAG', defaultValue: '', description: 'Image tag (e.g., commit SHA or build number)')
  }

  stages {

    stage('Clean Workspace') {
      steps {
        cleanWs()
      }
    }

    stage('Install yq') {
      steps {
        sh '''
          if ! command -v yq &> /dev/null; then
            echo "Installing yq..."
            wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq
            chmod +x /usr/local/bin/yq
          else
            echo "yq already installed"
          fi
          yq --version
        '''
      }
    }

    stage('Checkout Application Repo') {
      steps {
        script {
          git branch: 'main', url: env.APP_REPO
        }
      }
    }

    stage('Build and Push Docker Image') {
      steps {
        script {
          def tag = params.IMAGE_TAG ?: "build-${env.BUILD_NUMBER}"
          echo "Building and pushing image with tag: ${tag}"

          withCredentials([usernamePassword(credentialsId: env.DOCKER_CRED_ID, usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) {
            sh """
              echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin
              docker build -t ${REGISTRY}/${APP_NAME}-be:${tag} ./backend
              docker build -t ${REGISTRY}/${APP_NAME}-fe:${tag} ./frontend
              docker push ${REGISTRY}/${APP_NAME}-be:${tag}
              docker push ${REGISTRY}/${APP_NAME}-fe:${tag}
              docker logout
            """
          }

          env.IMAGE_TAG_FINAL = tag
        }
      }
    }

    stage('Checkout Manifest Repo') {
      steps {
        script {
          checkout([$class: 'GitSCM',
            branches: [[name: env.BRANCH]],
            userRemoteConfigs: [[url: env.MANIFEST_REPO, credentialsId: env.MANIFEST_CRED_ID]]
          ])
        }
      }
    }

    stage('Update Image Tags in Manifests') {
      steps {
        script {
          echo "Updating manifests to tag: ${env.IMAGE_TAG_FINAL}"

          sh """
            yq e -i '.images[] |= (.newTag = "${env.IMAGE_TAG_FINAL}")' base/kustomization.yaml || true

            yq e -i '.spec.template.spec.containers[0].image = "${REGISTRY}/${APP_NAME}-be:${env.IMAGE_TAG_FINAL}"' base/backend-deployment.yaml
            yq e -i '.spec.template.spec.containers[0].image = "${REGISTRY}/${APP_NAME}-fe:${env.IMAGE_TAG_FINAL}"' base/frontend-deployment.yaml
          """
        }
      }
    }

    stage('Commit & Push Manifest Updates') {
      steps {
        withCredentials([usernamePassword(credentialsId: env.MANIFEST_CRED_ID, usernameVariable: 'GIT_USER', passwordVariable: 'GIT_PASS')]) {
          sh """
            git config user.email "jenkins@local"
            git config user.name "jenkins"
            git add -A
            git diff --staged --quiet || (git commit -m "chore: update image to ${env.IMAGE_TAG_FINAL}" && git push https://${GIT_USER}:${GIT_PASS}@${env.MANIFEST_REPO#https://} ${env.BRANCH})
          """
          echo "Manifest repo updated successfully"
        }
      }
    }

    stage('ArgoCD Sync (optional)') {
      steps {
        echo "If ArgoCD auto-sync is enabled, deployment will update automatically."
      }
    }
  }

  post {
    success {
      echo "GitOps pipeline completed successfully!"
    }
    failure {
      echo "Pipeline failed."
    }
  }
}