kind: pipeline
type: docker
name: build-and-publish

services:
  - name: docker
    image: docker:dind
    privileged: true
    environment:
      DOCKER_TLS_CERTDIR: "" # Disable TLS and Unix socket - use TCP only

trigger:
  branch:
    - main
    - ci-build-container # TODO: Remove after testing
  event:
    - push
    - tag

steps:
  - name: build-and-publish-container
    image: docker:cli
    environment:
      DOCKER_HOST: tcp://docker:2375 # Connect to dind service
      REGISTRY: git.local-it.org/ci-builder
      IMAGE_NAME: mitgliederverwaltung
      REGISTRY_USERNAME:
        from_secret: DRONE_REGISTRY_USERNAME
      REGISTRY_TOKEN:
        from_secret: DRONE_REGISTRY_TOKEN
    commands:
      - sleep 5 # give docker time to start
      - docker info # verify docker is ready
      # Build image once
      - docker build --tag $REGISTRY/$IMAGE_NAME:build-$DRONE_BUILD_NUMBER .
      # Login to registry
      - echo "$REGISTRY_TOKEN" | docker login --username "$REGISTRY_USERNAME" --password-stdin git.local-it.org
      # Tag and push based on event type
      - |
        if [ "$DRONE_BUILD_EVENT" = "tag" ]; then
          # For tag events: use tag version (e.g., v1.0.0 -> 1.0.0) and latest
          VERSION=$(echo $DRONE_TAG | sed 's/^v//')
          echo "Tagging and pushing version $VERSION"
          docker tag $REGISTRY/$IMAGE_NAME:build-$DRONE_BUILD_NUMBER $REGISTRY/$IMAGE_NAME:$VERSION
          docker tag $REGISTRY/$IMAGE_NAME:build-$DRONE_BUILD_NUMBER $REGISTRY/$IMAGE_NAME:latest
          docker push $REGISTRY/$IMAGE_NAME:$VERSION
          docker push $REGISTRY/$IMAGE_NAME:latest
        else
          # For main branch pushes: use commit SHA and latest
          echo "Tagging and pushing commit $DRONE_COMMIT_SHA"
          docker tag $REGISTRY/$IMAGE_NAME:build-$DRONE_BUILD_NUMBER $REGISTRY/$IMAGE_NAME:$DRONE_COMMIT_SHA
          docker tag $REGISTRY/$IMAGE_NAME:build-$DRONE_BUILD_NUMBER $REGISTRY/$IMAGE_NAME:latest
          docker push $REGISTRY/$IMAGE_NAME:$DRONE_COMMIT_SHA
          docker push $REGISTRY/$IMAGE_NAME:latest
        fi


# No volumes needed - docker:cli connects to dind service via TCP

---
kind: pipeline
type: docker
name: renovate

trigger:
  event:
    - cron
    - custom
  branch:
    - main

environment:
  LOG_LEVEL: debug

steps:
  - name: renovate
    image: renovate/renovate:41.151
    environment:
      RENOVATE_CONFIG_FILE: "renovate_backend_config.js"
      RENOVATE_TOKEN:
        from_secret: RENOVATE_TOKEN
      GITHUB_COM_TOKEN:
        from_secret: GITHUB_COM_TOKEN
    commands:
      # https://github.com/renovatebot/renovate/discussions/15049
      - unset GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL
      - renovate-config-validator
      - renovate