apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: build-docker-image
  namespace: tekton-demo
spec:
  workspaces:
    - name: docker-config

  params:
    - name: git-url
      type: string
      description: Git repository URL
    - name: git-revision
      type: string
      default: "main"
      description: Git branch or commit
    - name: image-url
      type: string
      # description: 최종 Docker 이미지 URL (예: harbor.icurfer.com/open/tekton-demo:latest)
  volumes:
  - name: harbor-dockerconfig
    secret:
      secretName: harbor-dockerconfig  # Harbor Docker config secret name

  steps:
    # 1. Git Clone
    - name: git-clone
      image: alpine/git
      script: |
        #!/bin/sh
        set -e
        echo "==== [INFO] Git 저장소 클론 ===="
        git clone $(params.git-url) /workspace/source
        cd /workspace/source
        git checkout $(params.git-revision)
        echo "==== [INFO] Git checkout 완료 ===="

    # 2. Secret 파일 config.json 으로 변환
    # - name: prepare-docker-config
    #   image: alpine
    #   script: |
    #     #!/bin/sh
    #     set -e
    #     echo "==== [INFO] Docker config 파일 준비 ===="
    #     ls -al /workspace/docker-config
    #     if [ -f /workspace/docker-config/.dockerconfigjson ]; then
    #       cat /workspace/docker-config/.dockerconfigjson
    #     else
    #       echo "[ERROR] Docker config 파일(.dockerconfigjson) 없음"
    #     fi
    # - name: prepare-docker-config
    #   image: stedolan/jq
    #   script: |
    #     #!/bin/sh
    #     set -e
    #     echo "==== [INFO] Docker config 파일 준비 ===="
    #     ls -al /workspace/docker-config

    #     # 임시 쓰기 가능 경로 생성
    #     mkdir -p /workspace/tmp-config

    #     if [ -f /workspace/docker-config/.dockerconfigjson ]; then
    #       echo "[INFO] dockerconfigjson 내용 읽기"
    #       cat /workspace/docker-config/.dockerconfigjson | jq . > /workspace/tmp-config/config.json
    #       echo "[INFO] config.json 변환 완료"
    #     else
    #       echo "[ERROR] Docker config 파일(.dockerconfigjson) 없음"
    #     fi
        # 3. Debugging - Check mounted secret before build
    # - name: debug-sleep
    #   image: alpine
    #   script: |
    #     #!/bin/sh
    #     echo "==== [DEBUG] Pod에 접속 가능 상태로 대기 중... ===="
    #     sleep 180

    # 4. Kaniko Build & Push
    - name: build-and-push
      image: gcr.io/kaniko-project/executor:latest
      volumeMounts:
        - name: harbor-dockerconfig
          mountPath: /kaniko/.docker/config.json
          subPath: .dockerconfigjson
          readOnly: true
      # env:
      #   - name: DOCKER_CONFIG
      #     value: /workspace/docker-config
      args:
        - --dockerfile=/workspace/source/Dockerfile
        - --context=/workspace/source
        - --destination=$(params.image-url)
        - --insecure