def nodeLabel = "${UUID.randomUUID().toString()}"
def repository = "registry.test-chamber-13.lan"
def kanikoImage = "${repository}/nhyatt/kaniko:latest"
def repositoryCreds = "quay-repository-creds"

podTemplate(
	name: "pipelineContainer",
	label: nodeLabel,
	yaml: """---
apiVersion: v1
kind: Pod
metadata:
  name: kaniko
spec:
  containers:
  - name: kaniko
    image: ${kanikoImage}
    imagePullPolicy: Always
    tty: true
    command:
    - /busybox/cat
""") {
	node (nodeLabel) {
		stage ("Prepare Kaniko") {
			container ("kaniko") {
				withCredentials([usernameColonPassword(
					credentialsId: repositoryCreds,
					variable: "dCreds",
				)]) {
					def dockerJSON = """{
						"auths": {
							"${repository}": {
								"auth": "${dcreds.bytes.encodeBase64().toString()}"
							}
						}
					}"""
					sh """
						set +x
						echo '${dockerJSON}' > /kaniko/.docker/config.json
					"""
				}
			}
		}

		stage('Build Container') {
			container('kaniko') {

				def dockerfile = """FROM golang:alpine AS BUILDER
RUN apk --no-cache add git upx && \\
	go get github.com/m13253/dns-over-https/doh-server && \\
	go get -d -v /go/src/github.com/m13253/dns-over-https/doh-server/... && \\
	go install -v /go/src/github.com/m13253/dns-over-https/doh-server/... && \\
	go build -ldflags="-s -w" -o /go/dohserver /go/src/github.com/m13253/dns-over-https/doh-server/ && \\
	upx --brute /go/dohserver
FROM ${repository}/nhyatt/alpine:latest
RUN apk add --no-cache && \\
	addgroup -S -g 1000 app && \\
	adduser -S app -G app -h /app -u 1000
USER app
WORKDIR /app
COPY --from=BUILDER /go/dohserver /app/
ENTRYPOINT ./dohserver
"""

				writeFile file: workspace + '/Dockerfile', text: dockerfile
				sh "/kaniko/executor --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/nhyatt/dohserver:latest\""
			}
		}
	}
}