kind: pipeline
type: docker
name: default

steps:
  - name: build-image
    image: gcr.io/kaniko-project/executor:debug
    commands:
      - /kaniko/executor
        --context=.
        --dockerfile=Dockerfile
        --destination=test-app:latest
        --no-push
        --tar-path=image.tar

  - name: size-check
    image: alpine:latest
    commands:
      - |
        SIZE=$(stat -c%s image.tar)
        SIZE_MB=$((SIZE / 1024 / 1024))
        echo "Image size: ${SIZE_MB}MB"
        if [ "$SIZE_MB" -gt 150 ]; then
          echo "Image too large!"
          exit 1
        fi

  - name: security-scan
    image: aquasec/trivy:0.58.2
    commands:
      - trivy image --input image.tar --severity HIGH,CRITICAL --exit-code 1

  - name: push-artifact
    image: alpine:latest
    environment:
      GITEA_TOKEN:
        from_secret: GITEA_TOKEN
    commands:
      - apk add --no-cache git

      # Git konfigurieren
      - git config --global user.email "drone@ci.local"
      - git config --global user.name "Drone CI"

      # Remote setzen
      #- git remote set-url origin https://git.efi.th-nuernberg.de/gitea/freudenreichan/EinfuehrungInDocker_Pipeline2

      # Repo clonen
      - git clone https://git.efi.th-nuernberg.de/gitea/freudenreichan/EinfuehrungInDocker_Pipeline2.git
      - cd EinfuehrungInDocker_Pipeline2

      # Branch wechseln oder erstellen
      - git checkout drone-artifacts || git checkout -b drone-artifacts

      # Artifact löschen und neu hinzufügen
      - git rm image.tar
      - cp $DRONE_WORKSPACE/image.tar .
      - git add image.tar

      # Commit nur wenn Änderungen vorhanden
      - git commit -m "Add built Docker image [skip ci]" || echo "Nothing to commit"

      # Pull vor Push (um Konflikte zu vermeiden)
      - git pull || true

      # Push
      - git push