pipeline {
    agent any

    environment {
        TS = credentials('jc_turnstile')
        DISCORD = credentials('jc_discord')
        DISCORD_ERR_STAGING = credentials('jc_discord_err_staging')
        DISCORD_ERR_PROD = credentials('jc_discord_err_prod')
        NEWRELIC_KEY = credentials('newrelic')
    }

    stages{
        stage ('Set up parameters') {
            steps {
                script{
                properties ([
                    parameters([
                        booleanParam(defaultValue: true, description: 'Build from source', name: 'Build'),
                        booleanParam(defaultValue: true, description: 'Deploy to servers', name: 'Deploy'),
                        booleanParam(defaultValue: true, description: 'Update posts', name: 'Update'),
                        ])
                    ])
                }
            }
        }
        stage('Build') {
            when {
                expression { 
                   return params.Build == true
                }
            }
            steps {
                git branch: 'master',
                    credentialsId: 'Git',
                    url: 'git@git.jakecharman.co.uk:jake/jc-ng.git'
                sh "sed -i s/dummy/$NEWRELIC_KEY/"
                sh "./build.sh git.jakecharman.co.uk/jake/jakecharman.co.uk $BUILD_NUMBER"
                sh "./build.sh europe-west2-docker.pkg.dev/jakecharman/web/jakecharman.co.uk $BUILD_NUMBER"
            }
        }

        stage('Security scan') {
            when {
                expression { 
                return params.Build == true
                }
            }
            steps {
                catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
                    sh "docker kill sectest || true"
                    sh "docker rm sectest || true"
                    sh "docker run -d --name sectest git.jakecharman.co.uk/jake/jakecharman.co.uk:$BUILD_NUMBER"
                    sh "docker exec sectest pip3 install pip-audit --break-system-packages"
                    sh "docker exec sectest pip-audit"
                    sh "docker stop sectest"
                    sh "docker rm sectest"
                }
            }
        }

        stage('Push to local registry') {
            when {
                expression { 
                   return params.Build == true
                }
            }
            steps {
                sh "docker push git.jakecharman.co.uk/jake/jakecharman.co.uk:$BUILD_NUMBER"
                sh "docker push git.jakecharman.co.uk/jake/jakecharman.co.uk:latest"
            }
        }

        stage('Deploy to staging server') {
            when {
                expression { 
                   return params.Deploy == true
                }
            }
            steps{
                node('web-staging') {
                    sh "docker pull git.jakecharman.co.uk/jake/jakecharman.co.uk:latest"
                    sh "docker stop jake || true"
                    sh "docker rm jake || true"
                    sh "docker run --name jake -e DISCORD_ERR_HOOK=$DISCORD_ERR_STAGING -e DISCORD_WEBHOOK=$DISCORD -e TURNSTILE_SECRET=$TS --restart always --network containers_default -v /opt/containers/jc/projects/:/var/www/jc/projects/ -d git.jakecharman.co.uk/jake/jakecharman.co.uk:latest"
                }
            }
        }

        stage('Update content on staging server') {
            when {
                expression { 
                   return params.Update == true
                }
            }
            steps {
                node('web-staging') {
                    git branch: 'master',
                        credentialsId: 'Git',
                        url: 'git@git.jakecharman.co.uk:jake/jc-content.git'
                    sh "rsync -rv --delete ./ /opt/containers/jc/projects/"
                }
            }
        }

        stage('Wait for confirmation to push to prod') {
            steps {
                timeout(time: 30, unit: 'MINUTES') {
                       input "Deploy to production?"
                }
            }
        }

        stage('Push to GCP registry') {
            when {
                expression { 
                   return params.Build == true
                }
            }
            steps {
                sh "docker push europe-west2-docker.pkg.dev/jakecharman/web/jakecharman.co.uk:latest"
            }
        }

        stage('Deploy to production') {
            when {
                expression { 
                   return params.Deploy == true
                }
            }
            steps{
                sh "gcloud run deploy --project jakecharman --region europe-west1 --image europe-west2-docker.pkg.dev/jakecharman/web/jakecharman.co.uk:latest jakecharman-co-uk"
            }
        }

        stage('Update content on production server') {
            when {
                expression { 
                   return params.Update == true
                }
            }
            steps {
                git branch: 'master',
                    credentialsId: 'Git',
                    url: 'git@git.jakecharman.co.uk:jake/jc-content.git'
                sh "gsutil rsync -rcd . gs://jakecharman.co.uk"
            }
        }

        stage('Clear cache') {
            steps{
                sh "/var/lib/jenkins/clearCFCache/clearCache.py a514fb61e1413b88aabbb19df16b8508"
            }
        }
    }
}