pipeline {
    agent any

    environment {
        REGISTRY      = "docker.io/syifamaulidya"
        IMAGE_NAME    = "admin-csa"
        GITOPS_REPO   = "https://git.winteraccess.id/syifa/admin-csa-gitops.git"
    }

    stages {

        stage('Checkout Source Code') {
            steps {
                checkout scm
            }
        }

        stage('Build & Push Image') {
            steps {
                script {
                    withCredentials([usernamePassword(
                        credentialsId: 'gitops-dockerhub',
                        usernameVariable: 'DOCKER_USER',
                        passwordVariable: 'DOCKER_PASS'
                    )]) {

                        sh """
                        docker login -u $DOCKER_USER -p $DOCKER_PASS

                        echo "Building admin-csa image..."
                        docker build -t $REGISTRY/$IMAGE_NAME:$BUILD_NUMBER .

                        docker push $REGISTRY/$IMAGE_NAME:$BUILD_NUMBER

                        docker tag $REGISTRY/$IMAGE_NAME:$BUILD_NUMBER $REGISTRY/$IMAGE_NAME:latest
                        docker push $REGISTRY/$IMAGE_NAME:latest
                        """
                    }

                    env.IMAGE_TAG = "${REGISTRY}/${IMAGE_NAME}:${BUILD_NUMBER}"
                }
            }
        }

        stage('Update GitOps (dev, staging, prod)') {
            steps {
                script {

                    def branches = [
                        [name: "dev",        overlay: "overlays/dev"],
                        [name: "staging",    overlay: "overlays/staging"],
                        [name: "production", overlay: "overlays/production"]
                    ]

                    withCredentials([usernamePassword(
                        credentialsId: 'gitea-token-gitops',
                        usernameVariable: 'GITEA_USER',
                        passwordVariable: 'GITEA_PASS'
                    )]) {

                        branches.each { envSet ->

                            echo "Updating GitOps branch: ${envSet.name}"

                            sh(
                                script: """
                                if ! command -v ./yq &> /dev/null; then
                                    wget -qO ./yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
                                    chmod +x ./yq
                                fi

                                rm -rf gitops
                                git -c http.sslVerify=false clone -b ${envSet.name} \
                                    https://$GITEA_USER:$GITEA_PASS@git.winteraccess.id/syifa/admin-csa-gitops.git gitops

                                cd gitops

                                echo "Updating image tag..."

                                ../yq e -i \
                                    ".spec.template.spec.containers[] |= select(.name == \\"admin-csa\\").image = env(IMAGE_TAG)" \
                                    ${envSet.overlay}/patch-deployment.yaml

                                git config user.name "jenkins"
                                git config user.email "jenkins@gitops.local"

                                git add .
                                git commit -m "Update admin-csa image to build $BUILD_NUMBER" || echo "No changes"
                                git push origin ${envSet.name}

                                cd ..
                                rm -rf gitops
                                """,
                                mask: true
                            )
                        }
                    }
                }
            }
        }
    }

    post {
        success {
            echo "GitOps updated successfully!"
        }
        failure {
            echo "Pipeline failed."
        }
        always {
            cleanWs()
        }
    }
}