def label = "jenkins-${UUID.randomUUID().toString()}"

def repository = "registry.test-chamber-13.lan"
def repositoryCreds = "quay-repository-creds"

def caContent = """
-----BEGIN CERTIFICATE-----
MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw
JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM
DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow
TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT
ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE
ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/
XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od
Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j
BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC
xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw
UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ
-----END CERTIFICATE-----
"""

podTemplate(
	label: label,
	name: "pipeline-worker",
	yaml: """---
apiVersion: v1
kind: Pod
metadata:
  name: pipeline-worker
spec:
  containers:
  - name: kaniko
    imagePullPolicy: Always
    image: gcr.io/kaniko-project/executor:debug
    tty: true
    command:
    - /busybox/cat
""",
) {
	node (label) {
		def workspace = pwd()

		stage ("Prepare Kaniko") {
			container ("kaniko") {
				withCredentials([usernameColonPassword(
					credentialsId: repositoryCreds,
					variable: "dCreds",
				)]) {
					def dockerJSON = """{
						"auths": {
							"${repository}": {
								"auth": "${dcreds.bytes.encodeBase64().toString()}"
							}
						}
					}"""
					sh """
						set +x
						echo '${dockerJSON}' > /kaniko/.docker/config.json
						printf '%s\\n' "${caContent}" >> /kaniko/ssl/certs/ca-certificates.crt
					"""
				}
			}
		}

		stage("Build Alpine with CA") {
			container("kaniko") {
				def DF = """FROM gcr.io/kaniko-project/executor:debug
COPY kaniko-chain.crt /kaniko/ssl/certs/ca-certificates.crt
"""
				sh "cp /kaniko/ssl/certs/ca-certificates.crt \"${workspace}/kaniko-chain.crt\""
				writeFile(file: workspace + "/Dockerfile", text: DF)
				sh "/kaniko/executor --cleanup --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/nhyatt/kaniko:latest\""
			}
		}
	}
}