def label = "${UUID.randomUUID().toString()}"
def kanikoImage = "registry.test-chamber-13.lan:5000/nhyatt/kaniko:latest"
def repositoryCreds = "quay-repository-creds"
def app_name = "dohserver"

def dockerfile = """
FROM golang:alpine AS BUILDER
RUN apk --no-cache add git upx && \\
	go get github.com/m13253/dns-over-https/doh-server && \\
	go get -d -v /go/src/github.com/m13253/dns-over-https/doh-server/... && \\
	go install -v /go/src/github.com/m13253/dns-over-https/doh-server/... && \\
	go build -ldflags="-s -w" -o /go/${app_name} /go/src/github.com/m13253/dns-over-https/doh-server/ && \\
	upx --brute /go/${app_name}

FROM alpine:latest
RUN apk add --no-cache ca-certificates && \\
	addgroup -S -g 1000 app && \\
	adduser -S app -G app -h /app -u 1000 && \\
	printf '%s\\n' \\
		"-----BEGIN CERTIFICATE-----" \\
		"MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\
		"JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\
		"DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\
		"TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\
		"ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\
		"ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\
		"XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\
		"Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\
		"BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\
		"HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\
		"xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\
		"UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\
		"-----END CERTIFICATE-----" > /usr/local/share/ca-certificates/test-chamber-13.lan.crt && \\
	update-ca-certificates

USER app

WORKDIR /app

COPY --from=BUILDER /go/${app_name} /app/

ENTRYPOINT ./${app_name}
"""

podTemplate(
	label: label,
	name: "pipeline-runner",
	yaml: """---
apiVersion: v1
kind: Pod
spec:
  containers:
  - name: kaniko
    imagePullPolicy: Always
    image: ${kanikoImage}
    tty: true
    command:
    - /busybox/cat
""",
) {
	node (label) {
		def workspace = pwd()

		stage ("Prepare Kaniko") {
			container ("kaniko") {
				withCredentials([usernameColonPassword(
					credentialsId: repositoryCreds,
					variable: "dCreds",
				)]) {
					def dockerJSON = """{
						"auths": {
							"registry.test-chamber-13.lan:5000": {
								"auth": "${dcreds.bytes.encodeBase64().toString()}"
							}
						}
					}"""
					sh """
						set +x
						echo '${dockerJSON}' > /kaniko/.docker/config.json
						set -x
					"""
				}
			}
		}

		stage('Build Container') {
			container('kaniko') {
				writeFile file: workspace + '/Dockerfile', text: dockerfile
				sh "/kaniko/executor --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"registry.test-chamber-13.lan:5000/nhyatt/${app_name}:latest\""
			}
		}
	}
}