apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: secret-home
spec:
  params:
    - name: subdirectory
      type: string
      description: Subdirectory within the repo where the source code is located
      default: ""

    - name: keys
      type: array
      description: Name of the key(s) to extract from the secret

  workspaces:
    - name: source
      description: Workspace containing the cloned Git repository

  steps:
    - name: extract
      image: alpine:3.21.3
      workingDir: /workspace/source/$(params.subdirectory)
      script: |
        #!/bin/sh
        set -e
        apk add --no-cache rsync

        for key in $(params.keys); do
          echo "Copying $key"
          target="/workspace/source/$(params.subdirectory)/___HOME___/$key"
          mkdir -p "$(dirname "$target")"
          rsync -R "/secrets/credentials/$key" "$(dirname "$target")"
        done
      volumeMounts:
        - name: credentials
          mountPath: /secrets/credentials

  volumes:
    - name: credentials
      secret:
        secretName: credentials