kind: pipeline
type: docker
name: default

steps:
  - name: build-image
    image: gcr.io/kaniko-project/executor:debug
    commands:
      - /kaniko/executor
        --context=.
        --dockerfile=Dockerfile
        --destination=test-app:latest
        --no-push
        --tar-path=image.tar

  - name: size-check
    image: alpine:latest
    commands:
      - |
        SIZE=$(stat -c%s image.tar)
        SIZE_MB=$((SIZE / 1024 / 1024))
        echo "Image size: ${SIZE_MB}MB"

        if [ "$SIZE_MB" -gt 150 ]; then
          echo "Image too large!"
          exit 1
        fi

  - name: security-scan
    image: ghcr.io/aquasecurity/trivy:0.69.3
    commands:
      - trivy image --input image.tar --severity HIGH,CRITICAL --exit-code 1

  - name: push-artifact
    image: alpine:latest

    environment:
      GITEA_TOKEN:
        from_secret: GITEA_TOKEN

    commands:
      - apk add --no-cache git

      # Git konfigurieren
      - git config --global user.email "drone@ci.local"
      - git config --global user.name "Drone CI"

      # Eigenes Repository mit Token clonen
      - git clone https://oauth2:$GITEA_TOKEN@git.efi.th-nuernberg.de/gitea/spiesol91009/EinfuehrungInDocker_Pipeline2_OS.git

      # In Repository wechseln
      - cd EinfuehrungInDocker_Pipeline2_OS

      # Branch wechseln oder erstellen
      - git checkout drone-artifacts || git checkout -b drone-artifacts

      # Vorhandenes Artifact entfernen (falls vorhanden)
      - git rm image.tar || true

      # Neues Artifact kopieren
      - cp $DRONE_WORKSPACE/image.tar .

      # Datei hinzufügen
      - git add image.tar

      # Commit nur bei Änderungen
      - git commit -m "Add built Docker image [skip ci]" || echo "Nothing to commit"

      # Branch pushen
      - git push --set-upstream origin drone-artifacts