def label = "jenkins-${UUID.randomUUID().toString()}"

def repository = "registry.c.test-chamber-13.lan"
def kanikoImage = "${repository}/library/kaniko:latest"
def repositoryCreds = "harbor-repository-creds"

podTemplate(
	label: label,
	name: "pipeline-worker",
	yaml: """---
apiVersion: v1
kind: Pod
spec:
  containers:
  - name: kaniko
    image: ${kanikoImage}
    tty: true
    command:
    - /busybox/cat
""",
) {
	node (label) {
		def workspace = pwd()

		stage ("Prepare Kaniko") {
			container ("kaniko") {
				withCredentials([usernameColonPassword(
					credentialsId: repositoryCreds,
					variable: "dCreds",
				)]) {
					def dockerJSON = """{
						"auths": {
							"${repository}": {
								"auth": "${dcreds.bytes.encodeBase64().toString()}"
							}
						}
					}"""
					sh """
						set +x
						echo '${dockerJSON}' > /kaniko/.docker/config.json
					"""
				}
			}
		}

		stage("Kaniko Build & Push") {
			container ("kaniko") {
				def dockerfile = """
FROM ${repository}/dockerhub/sonarsource/sonar-scanner-cli:latest

USER root

RUN printf '%s\\n' "-----BEGIN CERTIFICATE-----" \\
      "MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\
      "JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\
      "DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\
      "TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\
      "ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\
      "ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\
      "XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\
      "Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\
      "BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\
      "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\
      "xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\
      "UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\
      "-----END CERTIFICATE-----" > /usr/local/share/ca-certificates/test-chamber-13.lan.root.crt && \\
    update-ca-certificates --fresh

USER scanner-cli
"""
				writeFile (file: workspace + "/Dockerfile", text: dockerfile)
				sh "/kaniko/executor --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/library/sonarscanner:latest\""
			}
		}
	}
}