// Jenkinsfile — Kaniko build + K8s deploy (latest only)
def L      = 'kaniko-and-deploy'
def REG    = 'harbor.sayinfo.co.kr'
def IMAGE  = 'sayit-helpdesk/helpdesk-service'   // Harbor 프로젝트/레포 이름에 맞게 유지 또는 수정
def APP_NS = 'sayit-helpdesk'                   // 실제 K8s 네임스페이스와 일치해야 함
def DEPLOY = 'sayit-helpdesk-service'           // 실제 Deployment 이름과 일치해야 함

podTemplate(
  label: L,
  yaml: """
apiVersion: v1
kind: Pod
spec:
  serviceAccountName: default
  securityContext:
    fsGroup: 1001
    fsGroupChangePolicy: OnRootMismatch
  hostAliases:
    - ip: "192.168.0.210"
      hostnames:
        - "harbor.sayinfo.co.kr"
        - "nexus.sayinfo.co.kr"
  containers:
    - name: maven
      image: maven:3.9.9-eclipse-temurin-8
      command: ["/bin/sh","-lc"]
      args: ["sleep 99d"]
      tty: true
      volumeMounts:
        - name: workspace-volume
          mountPath: /home/jenkins/agent
        - name: maven-cache
          mountPath: /root/.m2
    - name: kaniko
      image: gcr.io/kaniko-project/executor:debug
      command: ["/busybox/sh","-c"]
      args: ["sleep 99d"]
      tty: true
      volumeMounts:
        - name: kaniko-auth
          mountPath: /kaniko/.docker
        - name: workspace-volume
          mountPath: /home/jenkins/agent
    - name: kubectl
      image: bitnamilegacy/kubectl:latest
      command: ["/bin/sh","-lc"]
      args: ["sleep 99d"]
      securityContext:
        runAsUser: 0
        runAsGroup: 0
      tty: true
      volumeMounts:
        - name: workspace-volume
          mountPath: /home/jenkins/agent
  volumes:
    - name: kaniko-auth
      projected:
        sources:
          - secret:
              name: regcred-sayit-helpdesk
              items:
                - key: .dockerconfigjson
                  path: config.json
    - name: workspace-volume
      emptyDir: {}
    - name: maven-cache
      persistentVolumeClaim:
        claimName: maven-repo-pvc
"""
) {
  node(L) {
    timestamps {
      stage('Checkout') {
        checkout scm
      }

      stage('Maven Build') {
        container('maven') {
          sh '''
            set -eux
            cd "${WORKSPACE}"
            mvn -B -q -e -T 1C -s .mvn/settings.xml clean package -DskipTests
          '''
        }
      }

      stage('Preflight (Kaniko)') {
        container('kaniko') {
          sh '''
            set -eux
            cd "${WORKSPACE}"
            test -f /kaniko/.docker/config.json
            nslookup harbor.sayinfo.co.kr || true
            grep harbor /etc/hosts || true
          '''
        }
      }

      stage('Build & Push (Kaniko)') {
        container('kaniko') {
          sh """
            set -eux
            cd "\${WORKSPACE}"
            /kaniko/executor \\
              --context=. \\
              --dockerfile=Dockerfile \\
              --destination=${REG}/${IMAGE}:latest \\
              --snapshot-mode=redo \\
              --skip-tls-verify \\
              --cache=true \\
              --cache-repo=${REG}/sayit-helpdesk/build-cache
          """
        }
      }

       stage('Deploy to Kubernetes') {
        container('kubectl') {
          sh """
            set -eux
            kubectl -n ${APP_NS} set image deploy/${DEPLOY} ${DEPLOY}=${REG}/${IMAGE}:latest
            kubectl -n ${APP_NS} rollout restart deploy/${DEPLOY}
            kubectl -n ${APP_NS} rollout status deploy/${DEPLOY} --timeout=300s

            kubectl -n ${APP_NS} get deploy ${DEPLOY} -o wide
            kubectl -n ${APP_NS} get pods -l app=${DEPLOY} -o wide
            kubectl -n ${APP_NS} get pod -l app=${DEPLOY} -o jsonpath='{.items[*].spec.containers[*].image}'; echo
          """
        }
      }
    }
  }
}