resource "kubernetes_namespace_v1" "ns-tekton" {
  count = var.haveGitea && var.haveTekton?1:0
  metadata {
    annotations = local.annotations
    labels = merge(local.common_labels, local.annotations)
    name = "${var.domain}-ci-${var.instance}"
  }
}

resource "kubectl_manifest" "tekton" {
  count = var.haveGitea && var.haveTekton?1:0
  depends_on = [kubernetes_namespace_v1.ns-tekton]
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "tekton-base"
      namespace: "${var.domain}-ci-${var.instance}"
      labels: ${jsonencode(local.common_labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "share"
      component: "gitea-tekton-org"
      options:
        domain: "${var.domain}"
        domain_name: "${var.domain_name}"
        issuer: "${var.issuer}"
        organization: "${trimprefix(var.instance,"org-")}"
        stages: ${jsonencode(local.sorted-stage-name)}
        haveFlux: ${jsonencode(var.haveFlux)}
        autoCD: ${jsonencode(var.autoCD)}
        gitea_ssh_prefix: ${jsonencode(var.gitea_ssh_prefix)}
        gitea_ssh_port: ${jsonencode(var.gitea_ssh_port)}
  EOF
}

resource "kubectl_manifest" "tasks" {
  count = var.haveGitea && var.haveTekton?1:0
  depends_on = [kubernetes_namespace_v1.ns-tekton]
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "tasks-base"
      namespace: "${var.domain}-ci-${var.instance}"
      labels: ${jsonencode(local.common_labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "share"
      component: "tekton-tasks"
      options: {}
  EOF
}

resource "kubectl_manifest" "ci-ssh-creds" {
  depends_on = [kubernetes_namespace_v1.ns-tekton]
  count = var.haveGitea && var.haveTekton?1:0
  yaml_body  = <<-EOF
    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
    kind: "SSHKeyPair"
    metadata:
      name: "ssh-credentials"
      namespace: "${var.domain}-ci-${var.instance}"
      labels: ${jsonencode(local.common_labels)}
    spec:
      length: "2048"
      forceRegenerate: false
      data:
        known_hosts: "${data.local_file.known_host[0].content}"
  EOF
  lifecycle {
    ignore_changes = [
      yaml_body,
    ]
  }
}

data "kubernetes_secret_v1" "ci-ssh-creds-read" {
  depends_on = [kubectl_manifest.ci-ssh-creds]
  count = var.haveGitea && var.haveTekton?1:0
  metadata {
    name = "ssh-credentials"
    namespace = "${var.domain}-ci-${var.instance}"
  }
}
resource "gitea_public_key" "ci-user-keys" {
  count = var.haveGitea && var.haveTekton?1:0
  title = "Tekton token to read repository ${var.instance}"
  username  = gitea_user.user-ci[0].username
  key = data.kubernetes_secret_v1.ci-ssh-creds-read[count.index].data["ssh-publickey"]
}

resource "kubernetes_secret" "ci-docker-config" {
  count = var.haveGitea && var.haveTekton?1:0
  metadata {
    name = "gitea-docker"
    namespace = "${var.domain}-ci-${var.instance}"
  }
  type = "kubernetes.io/dockerconfigjson"
  data = {
    ".dockerconfigjson" = jsonencode({
      auths = {
        "${data.kubernetes_ingress_v1.gitea.spec[0].rule[0].host}" = {
          "username" = gitea_user.user-ci[0].username
          "password" = local.ci-user-password
          "email"    = "auto-ci@${data.kubernetes_ingress_v1.gitea.spec[0].rule[0].host}"
          "auth"     = base64encode("${gitea_user.user-ci[0].username}:${local.ci-user-password}")
        }
      }
    })
  }
}