@Library('in0rdr-jenkins-lib@master') _

def updatecli = new Updatecli(this)
def trivy = new Trivy(this)
def buildahbud = new BuildahBud(this)
def buildahpush = new BuildahPush(this)

// https://plugins.jenkins.io/hashicorp-vault-plugin/#user-content-usage-via-jenkinsfile
def secrets = [
    [path: 'kv/jenkins-secrets/git', secretValues: [
        [envVar: 'GIT_USERNAME', vaultKey: 'username'],
        [envVar: 'GIT_PASSWORD', vaultKey: 'password']
    ]]
]

node('podman'){
  scmVars = checkout(scm)
  gitleaks()

  withVault([vaultSecrets: secrets]) {
    updatecli.run('apply')
    trivy.vuln()
    trivy.sbom()
  }

  // build with image context and name
  buildahbud.execute([:], '.', 'hivedav', "${scmVars.GIT_COMMIT}")
  buildahpush.execute('hivedav', "${scmVars.GIT_COMMIT}")
}
