@Library('in0rdr-jenkins-lib@master') _

def updatecli = new Updatecli(this)
def trivy = new Trivy(this)
def buildahbud = new BuildahBud(this)
def buildahpush = new BuildahPush(this)

// https://plugins.jenkins.io/hashicorp-vault-plugin/#user-content-usage-via-jenkinsfile
def secrets = [
    [path: 'kv/jenkins-secrets/git', secretValues: [
        [envVar: 'GIT_USERNAME', vaultKey: 'username'],
        [envVar: 'GIT_PASSWORD', vaultKey: 'password']
    ]]
]

node('podman'){
  scmVars = checkout(scm)
  gitleaks()

  withVault([vaultSecrets: secrets]) {
    updatecli.run('apply')
    trivy.vuln()
    trivy.sbom()
  }

  // build with image context and name
  buildahbud.execute([:], '.', 'myheats-api', "${scmVars.GIT_COMMIT}", 'dockerfiles/api/Dockerfile')
  buildahpush.execute('myheats-api', "${scmVars.GIT_COMMIT}")

  buildahbud.execute([
    VITE_API_URI: "https://myheats-demo.p0c.ch",
    VITE_API_PORT: 443,
    VITE_APP_DOC_TITLE: "MyHeats Demo",
    VITE_SESSION_TTL: 259200, // 72h
    VITE_WS_URI: "wss://myheats-demo.p0c.ch",
    VITE_WS_PORT: 443,
    VITE_LOCALE: "de-CH"
  ], '.', 'myheats-frontend', "${scmVars.GIT_COMMIT}", 'dockerfiles/frontend/Dockerfile')
  buildahpush.execute('myheats-frontend', "${scmVars.GIT_COMMIT}")
}
