# Woodpecker CI for rdev platform
# Builds and deploys rdev-api, rdev-worker, and rdev-claudebox
#
# TODO: Remove skip-tls-verify from Kaniko steps once cert verification is tested.
#       Registry has valid LE cert via Traefik — Kaniko should be able to verify it.
#       Test by removing from one step first. If Kaniko can't verify (runs inside
#       cluster hitting internal service), mount the CA bundle instead.

variables:
  - &when_main
    branch: main
    event: push

steps:
  # Run tests first
  test:
    image: golang:1.25-alpine
    depends_on: []
    commands:
      - apk add --no-cache git
      - go test ./...
    when:
      <<: *when_main

  # Build rdev-api image
  build-api:
    image: woodpeckerci/plugin-kaniko
    depends_on: [test]
    settings:
      registry: registry.threesix.ai
      repo: rdev/api
      tags:
        - latest
        - ${CI_COMMIT_SHA:0:8}
      context: .
      dockerfile: Dockerfile.api
      cache: true
      skip-tls-verify: true
    when:
      <<: *when_main

  # Build rdev-worker image
  build-worker:
    image: woodpeckerci/plugin-kaniko
    depends_on: [test]
    settings:
      registry: registry.threesix.ai
      repo: rdev/worker
      tags:
        - latest
        - ${CI_COMMIT_SHA:0:8}
      context: .
      dockerfile: Dockerfile.worker
      cache: true
      skip-tls-verify: true
    when:
      <<: *when_main

  # Build rdev-claudebox image
  build-claudebox:
    image: woodpeckerci/plugin-kaniko
    depends_on: [test]
    settings:
      registry: registry.threesix.ai
      repo: rdev/claudebox
      tags:
        - latest
        - ${CI_COMMIT_SHA:0:8}
      context: .
      dockerfile: Dockerfile
      cache: true
      skip-tls-verify: true
    when:
      <<: *when_main

  # Deploy to k3s cluster
  deploy:
    image: bitnami/kubectl:latest
    depends_on: [build-api, build-worker, build-claudebox]
    commands:
      - echo "Deploying rdev-api..."
      - kubectl set image deployment/rdev-api rdev-api=registry.threesix.ai/rdev/api:${CI_COMMIT_SHA:0:8} -n rdev
      - kubectl rollout status deployment/rdev-api -n rdev --timeout=120s
      - echo "Deploying rdev-worker..."
      - kubectl set image deployment/rdev-worker worker=registry.threesix.ai/rdev/worker:${CI_COMMIT_SHA:0:8} claudebox=registry.threesix.ai/rdev/claudebox:${CI_COMMIT_SHA:0:8} -n rdev
      - kubectl rollout status deployment/rdev-worker -n rdev --timeout=120s
      - echo "Deploying claudebox statefulset..."
      - kubectl set image statefulset/claudebox claudebox=registry.threesix.ai/rdev/claudebox:${CI_COMMIT_SHA:0:8} -n rdev
      - kubectl rollout status statefulset/claudebox -n rdev --timeout=300s
    when:
      <<: *when_main