apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: gitops-repository
spec:
  params:
    - name: repositoryUrl
      type: string
      description: |
        Source repository URL (used to derive GitOps repo) 
        (e.g. git@github.com:org/app.git)
        (e.g. https://github.com/org/app.git)

    - name: branch
      type: string
      default: main
      description: Branch to push to

    - name: imageUrl
      type: string
      description: Full image URL (e.g. registry.com/app:v0.2.0)

    - name: kustomizationPath
      type: string
      default: overlays/staging/kustomization.yaml
      description: Relative path to file to update

    - name: commitMessage
      type: string
      default: "chore(gitops): update image tag"
      description: Commit message to use

  workspaces:
    - name: ssh-directory
      optional: true
      description: |
        A .ssh directory with private key, known_hosts, config, etc.
        Copied to the user's home before git commands are executed.

    - name: basic-auth
      optional: true
      description: |
        A Workspace containing a .gitconfig and .git-credentials file.

    - name: ssl-ca-directory
      optional: true
      description: |
        A workspace containing CA certificates, used by Git for SSL verification.

  steps:
    - name: clone-update-push
      image: alpine/git
      env:
        - name: HOME
          value: /tekton/home
      script: |
        #!/bin/sh
        set -e

        echo "🔐 Git 인증 설정 중..."
        mkdir -p /tekton/home
        if [ -d /workspace/ssh-directory ]; then
          mkdir -p /tekton/home/.ssh
          cp -R /workspace/ssh-directory/* /tekton/home/.ssh/
          chmod 700 /tekton/home/.ssh
        fi
        if [ -d /workspace/basic-auth ]; then
          cp /workspace/basic-auth/.gitconfig /tekton/home/.gitconfig || true
          cp /workspace/basic-auth/.git-credentials /tekton/home/.git-credentials || true
        fi
        if [ -d /workspace/ssl-ca-directory ]; then
          export GIT_SSL_CAINFO="/workspace/ssl-ca-directory/ca.crt"
        fi

        echo "🔧 GitOps 저장소 URL 자동 변환"
        SOURCE_REPO="$(params.repositoryUrl)"
        GITOPS_REPO=$(echo "$SOURCE_REPO" | sed 's/\.git$/-ops.git/')
        echo "🧩 Cloning GitOps repo: $GITOPS_REPO"

        TMP_DIR="/tmp/gitops"
        rm -rf "$TMP_DIR"
        git clone --branch "$(params.branch)" "$GITOPS_REPO" "$TMP_DIR"
        cd "$TMP_DIR"

        echo "🔍 Updating image tag in: $(params.kustomizationPath)"
        IMAGE_FULL="$(params.imageUrl)"
        NAME=$(echo "$IMAGE_FULL" | cut -d: -f1)
        TAG=$(echo "$IMAGE_FULL" | cut -d: -f2)
        sed -i "s|\(name: $NAME\s*newTag: \).*|\1$TAG|" "$(params.kustomizationPath)" || {
          echo "❌ Failed to patch tag"
          exit 1
        }

        echo "✅ Committing & pushing changes"
        git config user.name "tekton-ci"
        git config user.email "ci@example.com"
        git add "$(params.kustomizationPath)"
        git commit -m "$(params.commitMessage)" || echo "No changes to commit."
        git push origin "$(params.branch)"

        echo "🧹 Cleaning up"
        rm -rf "$TMP_DIR"