apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: pypi
spec:
  params:
    - name: build-artifact-path
      type: string
      description: Path to the built artifact directory from python-build

    - name: pythonImageName
      type: string
      description: Python version to use (e.g., 3.9, 3.11)
      default: "python:3.11-slim"

    - name: pypi-hosted-url
      type: string
      description: PyPI repository URL for upload
      default: https://upload.pypi.org/legacy/

  workspaces:
    - name: base
      description: Workspace containing the cloned Git repository
    - name: nexus-credentials
      description: Workspace containing credentials for PyPI upload
  steps:
    - name: upload-to-pypi
      image: $(params.pythonImageName)
      script: |
        #!/usr/bin/env bash
        set -e

        export TWINE_USERNAME=$(cat /workspace/nexus-credentials/username)
        export TWINE_PASSWORD=$(cat /workspace/nexus-credentials/password)

        HOSTED_URL="$(params.pypi-hosted-url)"

        echo "📦 Installing tools..."
        pip install --upgrade pip --root-user-action=ignore
        pip install poetry tomli twine --root-user-action=ignore

        echo "[INFO] Uploading artifacts to $HOSTED_URL"
        twine upload --repository-url "$HOSTED_URL" $(params.build-artifact-path)/*

        echo "[INFO] ✅ Upload to PyPI complete"