kind: pipeline
type: docker
name: build-and-push

# BuildKit-Service für parallele Multiarch-Builds
services:
  - name: buildkitd
    image: moby/buildkit:buildx-stable-1
    privileged: true
    command: ["buildkitd", "--addr", "tcp://0.0.0.0:1234", "--debug"]
    # Netzwerk explizit öffnen
    network_mode: host

steps:
  - name: build-amd64
    image: docker:26
    privileged: true
    environment:
      BUILDKIT_HOST: tcp://buildkitd:1234
      REGISTRY_URL:
        from_secret: REGISTRY_URL
      DOCKER_USER:
        from_secret: DOCKER_USER
      DOCKER_PASS:
        from_secret: DOCKER_PASS
    volumes:
      - name: docker_sock
        path: /var/run/docker.sock
    commands:
      - |
        echo "=== Building amd64 image ==="
        docker login "$REGISTRY_URL" -u "$DOCKER_USER" -p "$DOCKER_PASS"
        docker buildx create --use --driver docker-container --driver-opt network=host
        docker buildx inspect --bootstrap
        docker buildx build \
          --platform linux/amd64 \
          --output=type=registry \
          --provenance=false \
          -t ${REGISTRY_URL}/portainer-agent-tailscale:amd64 \
          --push .

  - name: build-arm64
    image: docker:26
    privileged: true
    environment:
      BUILDKIT_HOST: tcp://buildkitd:1234
      REGISTRY_URL:
        from_secret: REGISTRY_URL
      DOCKER_USER:
        from_secret: DOCKER_USER
      DOCKER_PASS:
        from_secret: DOCKER_PASS
    volumes:
      - name: docker_sock
        path: /var/run/docker.sock
    commands:
      - |
        echo "=== Building arm64 image ==="
        docker login "$REGISTRY_URL" -u "$DOCKER_USER" -p "$DOCKER_PASS"
        docker buildx create --use --driver docker-container --driver-opt network=host
        docker buildx inspect --bootstrap
        docker buildx build \
          --platform linux/arm64 \
          --output=type=registry \
          --provenance=false \
          -t ${REGISTRY_URL}/portainer-agent-tailscale:arm64 \
          --push .

  - name: create-manifest
    image: docker:26
    privileged: true
    environment:
      REGISTRY_URL:
        from_secret: REGISTRY_URL
      DOCKER_USER:
        from_secret: DOCKER_USER
      DOCKER_PASS:
        from_secret: DOCKER_PASS
    volumes:
      - name: docker_sock
        path: /var/run/docker.sock
    commands:
      - |
        echo "=== Creating multi-arch manifest ==="
        docker login "$REGISTRY_URL" -u "$DOCKER_USER" -p "$DOCKER_PASS"
        docker manifest create ${REGISTRY_URL}/portainer-agent-tailscale:latest \
          --amend ${REGISTRY_URL}/portainer-agent-tailscale:amd64 \
          --amend ${REGISTRY_URL}/portainer-agent-tailscale:arm64
        docker manifest push ${REGISTRY_URL}/portainer-agent-tailscale:latest

volumes:
  - name: docker_sock
    host:
      path: /var/run/docker.sock