def label = "jenkins-${UUID.randomUUID().toString()}"

def repository = "registry.c.test-chamber-13.lan"
def kanikoImage = "${repository}/library/kaniko:latest"
def repositoryCreds = "harbor-repository-creds"

podTemplate(
	label: label,
	name: "pipeline-worker",
	yaml: """---
apiVersion: v1
kind: Pod
metadata:
  name: pipeline-worker
spec:
  containers:
  - name: kaniko
    imagePullPolicy: Always
    image: ${kanikoImage}
    tty: true
    command:
    - /busybox/cat
""",
) {
	node (label) {
		def workspace = pwd()

		stage ("Prepare Kaniko") {
			container ("kaniko") {
				withCredentials([usernameColonPassword(
					credentialsId: repositoryCreds,
					variable: "dCreds",
				)]) {
					def dockerJSON = """{
						"auths": {
							"${repository}": {
								"auth": "${dcreds.bytes.encodeBase64().toString()}"
							}
						}
					}"""
					sh """
						set +x
						echo '${dockerJSON}' > /kaniko/.docker/config.json
					"""
				}
			}
		}

		stage("Build Latest Alpine with CA") {
			container("kaniko") {
				def DF = """FROM ${repository}/dockerhub/gitea/gitea:latest-rootless

USER root

RUN printf '%s\\n' "-----BEGIN CERTIFICATE-----" \\
      "MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\
      "JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\
      "DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\
      "TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\
      "ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\
      "ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\
      "XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\
      "Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\
      "BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\
      "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\
      "xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\
      "UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\
      "-----END CERTIFICATE-----" > /usr/local/share/ca-certificates/test-chamber-13.lan.root.crt && \\
    update-ca-certificates --verbose

USER git
"""
				writeFile(file: workspace + "/Dockerfile", text: DF)
				sh "/kaniko/executor --cleanup --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/library/gitea:latest-rootless\" --single-snapshot"
			}
		}
	}
}