kind: pipeline
type: docker
name: default

steps:
  - name: build-image
    image: gcr.io/kaniko-project/executor:debug
    commands:
      - /kaniko/executor
        --context=.
        --dockerfile=Dockerfile
        --destination=test-app:latest
        --no-push
        --tar-path=image.tar

  - name: size-check
    image: alpine:latest
    commands:
      - |
        SIZE=$(stat -c%s image.tar)
        SIZE_MB=$((SIZE / 1024 / 1024))
        echo "Image size: ${SIZE_MB}MB"
        if [ "$SIZE_MB" -gt 150 ]; then
          echo "Image too large!"
          exit 1
        fi

  - name: security-scan
    image: aquasec/trivy:0.69.3
    commands:
      - trivy image --input image.tar --severity HIGH,CRITICAL --exit-code 1

  - name: push-artifact
    image: alpine:latest
    environment:
      GITEA_TOKEN:
        from_secret: drone_token
    commands:
      - apk add --no-cache git

      # Git konfigurieren
      - git config --global user.email "drone@ci.local"
      - git config --global user.name "Drone CI"

      # JETZT MIT DEM RICHTIGEN NAMEN (nowakke92618):
      - git remote set-url origin https://$${GITEA_TOKEN}@git.efi.th-nuernberg.de/gitea/nowakke92618/EinfuehrungInDocker_Pipeline2.git

      # Das fertige Image kurz zwischenspeichern
      - cp image.tar /tmp/image.tar

      # Informationen holen und in den Branch wechseln
      - git fetch origin
      - git checkout drone-artifacts || git checkout -b drone-artifacts

      # Das Image zurückholen
      - cp /tmp/image.tar ./image.tar
      
      # Datei committen
      - git add image.tar
      - git commit -m "Add built Docker image [skip ci]" || echo "Nothing to commit"

      # Push in DEIN Repository
      - git push origin drone-artifacts