apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: docker-registry
spec:
  params:
    - name: subdirectory
      type: string
      description: Subdirectory within the repo where the source code is located
      default: ""
    - name: imageName
      description: Base image name with registry
      type: string
    - name: tag
      description: Version tag to apply to the image
      type: string
    - name: dockerfile
      description: Path to Dockerfile
      type: string
      default: ./Dockerfile
    - name: context
      description: Build context path (relative to subdirectory)
      type: string
      default: .
  workspaces:
    - name: source
      description: Source code workspace
    - name: docker-auth
      description: Docker registry credentials (username + password)
    - name: pypi-auth
      description: PyPI registry credentials (username + password)
  results:
    - name: imageUrl
      description: Final pushed image URL with tag
  steps:
    # 🔐 인증 정보 생성
    - name: write-docker-config
      image: alpine:3.21.3
      workingDir: /workspace/source
      script: |
        #!/bin/sh
        set -e

        if [ -n "$(params.subdirectory)" ]; then
          cd "$(params.subdirectory)"
        fi

        IMAGE="$(params.imageName):$(params.tag)"
        USERNAME=$(cat /workspace/docker-auth/username)
        PASSWORD=$(cat /workspace/docker-auth/password)
        REGISTRY=$(echo "$IMAGE" | cut -d/ -f1)

        echo "📦 Using image: $IMAGE"
        echo -n "$IMAGE" > /tekton/results/imageUrl

        echo "🔐 Writing Docker config for $REGISTRY..."
        mkdir -p /tekton/home/.docker
        cat > /tekton/home/.docker/config.json <<EOF
        {
          "auths": {
            "$REGISTRY": {
              "auth": "$(echo -n "$USERNAME:$PASSWORD" | base64)"
            }
          }
        }
        EOF

        # PyPI 인증 정보 환경 변수 파일 생성
        echo "🔐 Setting PyPI auth env..."
        echo "PYPI_USERNAME=$(cat /workspace/pypi-auth/username)" > /tekton/home/pypi-auth.env
        echo "PYPI_PASSWORD=$(cat /workspace/pypi-auth/password)" >> /tekton/home/pypi-auth.env

    # 🏗️ Kaniko 공식 이미지 실행
    - name: kaniko-build
      image: gcr.io/kaniko-project/executor:v1.23.2
      workingDir: /workspace/source
      env:
        - name: DOCKER_CONFIG
          value: /tekton/home/.docker
      script: |
        #!/bin/sh
        set -e

        # PyPI 인증 정보 로드
        source /tekton/home/pypi-auth.env

        # Kaniko 빌드 실행
        /kaniko/executor \
          --dockerfile=$(params.subdirectory)/$(params.dockerfile) \
          --context=$(params.subdirectory)/$(params.context) \
          --destination=$(params.imageName):$(params.tag) \
          --skip-tls-verify \
          --reproducible \
          --verbosity=info \
          --build-arg=PYPI_USERNAME=$PYPI_USERNAME \
          --build-arg=PYPI_PASSWORD=$PYPI_PASSWORD