pipeline {
    agent any

    environment {
        REGISTRY = "myharbor.local:80"
        APP_NAME = "ecommerce-app" 
        IMAGE_NAME = "ecommerce-backend"
        IMAGE_TAG = "${REGISTRY}/library/${IMAGE_NAME}:${env.BRANCH_NAME}-${env.BUILD_NUMBER}"
        NAMESPACE = "ecommerce"
        CONTAINERD_ADDR = "/run/containerd-pod/containerd.sock"
    }

    stages {
        stage('Checkout') {
            steps {
                checkout scm
            }
        }

        stage('Build Image') {
            steps {
                script {
                    // Force nerdctl to use the socket by creating the directory it expects
                    sh """
                    sudo mkdir -p /run/buildkit-default
                    sudo mkdir -p /run/buildkit
                    
                    # Search for the buildkit socket in the entire /run directory
                    # and symlink it to the default location nerdctl wants
                    BK_SOCKET=\$(find /run -name "buildkitd.sock" | head -n 1)
                    
                    if [ -n "\$BK_SOCKET" ]; then
                        echo "Found BuildKit socket at \$BK_SOCKET. Linking..."
                        sudo ln -sf \$BK_SOCKET /run/buildkit/buildkitd.sock
                        sudo ln -sf \$BK_SOCKET /run/buildkit-default/buildkitd.sock
                    else
                        echo "BuildKit socket not found. Attempting to start it locally..."
                        sudo nohup buildkitd --addr unix:///run/buildkit/buildkitd.sock > /tmp/buildkitd.log 2>&1 &
                        sleep 10
                    fi
                    
                    # Run the build
                    nerdctl --address ${CONTAINERD_ADDR} build --insecure-registry -t ${IMAGE_TAG} .
                    """
                }
            }
        }

        stage('Push to Harbor') {
            steps {
                script {
                    withCredentials([usernamePassword(credentialsId: 'harbor-creds', passwordVariable: 'PASS', usernameVariable: 'USER')]) {
                        sh "nerdctl --address ${CONTAINERD_ADDR} login ${REGISTRY} -u ${USER} -p ${PASS} --insecure-registry"
                        sh "nerdctl --address ${CONTAINERD_ADDR} push ${IMAGE_TAG} --insecure-registry"
                    }
                }
            }
        }

        stage('Deploy to K8s') {
            steps {
                script {
                    withCredentials([file(credentialsId: 'k8s-config', variable: 'KUBECONFIG')]) {
                        // Using 'Never' because nerdctl builds directly into the containerd store 
                        // shared by the node. 
                        sh """
                        kubectl --kubeconfig=${KUBECONFIG} patch deployment ${APP_NAME} -n ${NAMESPACE} --patch \
                        '{"spec": {"template": {"spec": {"containers": [{"name": "${APP_NAME}", "image": "${IMAGE_TAG}", "imagePullPolicy": "Never"}]}}}}'
                        """
                        sh "kubectl --kubeconfig=${KUBECONFIG} rollout status deployment/${APP_NAME} -n ${NAMESPACE}"
                    }
                }
            }
        }
    }
}