def SERIAL
def CONTAINER_ID_CLIENT
def CONTAINER_ID_SERVER
def ENAMES = [ 'prod', 'dev' ]
def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']

pipeline {
  agent {
    label "swarm"
  }
  environment {
    DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
    DOCKER_IMAGE='iru/ovpn-rsa'
    SERVICE_NAME='ovpn-rsa_server'
    SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
    SWARM_GIT_NAME='stack-deploy'
    PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
    PKI_GIT_NAME='openvpn-pki'
    OVPN_GIT_DIR='openvpn'
    JENKINS_MAIL='jenkins@sdsys.ru'
    DOCKER_CERT_PATH='/run/secrets/swarm'
  }
  parameters {
    string(
      name: "branch",
      defaultValue: "master",
      description: "Which branch to use"
    )
    string(
      name: "mailto",
      defaultValue: "admin@sdsys.ru",
      description: "Email which has to be notified."
    )
  }
  stages {
    stage ("Discover SERIAL") {
      steps {
        script {
          SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
        }
      }
    }
    stage("Pull PKI repo") {
      steps {
        withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
          sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
                GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                git clone ${SWARM_GIT_URL}
             '''
        }
          sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
                ${WORKSPACE}/openvpn/keys
                ls -al ${WORKSPACE}/openvpn/keys/
                cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl ${WORKSPACE}/openvpn/persist
             '''
      }
    }
    stage("Build") {
      steps {
        echo "Building ${DOCKER_IMAGE}:${SERIAL}."
        sh "docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} ."
      }
    }
    stage ("Push to registry") {
      steps {
        script {
          ENAMES.each { item ->
             echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
             sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:${SERIAL}
                   docker push ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:${SERIAL}
                """
          }
        }
      }
    }
    stage("Staging test") {
      steps {
        script {
          CONTAINER_ID_SERVER = sh (script: "docker run -d --rm -e mode=server --privileged ${DOCKER_IMAGE}:${SERIAL}", returnStdout: true).trim()
          CONTAINER_ID_CLIENT = sh (script: "docker run -d --rm -e mode=client -e server=127.0.0.1 --privileged ${DOCKER_IMAGE}:${SERIAL}" , returnStdout: true).trim()
          sh """docker exec -t ${CONTAINER_ID_CLIENT} ping -c 3 -q 10.10.20.1
                if [ \$? != 0 ]; then exit 1; else echo 'OVPN_RSA is working!!!'; fi
             """
        }
      }
    }
    stage ("Tagging") {
      steps {
        script {
          ENAMES.each { item ->
             echo "Setting latest tag for $item"
             sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:latest
                   docker push ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:latest
                """
          }
        }
      echo "Updating tag info in ${SWARM_GIT_NAME} repository"
        withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
          sh """cd ${SWARM_GIT_NAME}
                echo -n ${SERIAL} > tags/${DOCKER_IMAGE}.version
                git add -A
                git config --global user.email "${JENKINS_MAIL}"
                git config --global user.name "Jenkins"
                git commit -m '${DOCKER_IMAGE} version update'
                GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                git push origin master
             """
        }
      }
    }
  }
  post {
    always {
      echo "CleaningUp work directory"
      deleteDir()
      sh """docker stop ${CONTAINER_ID_CLIENT}
            docker stop ${CONTAINER_ID_SERVER}
            docker image rm ${DOCKER_IMAGE}:${SERIAL}
         """
    }
    failure {
      mail charset: 'UTF-8',
           subject: "Jenkins build ERROR",
           mimeType: 'text/html',
           to: "${mailto}",
           body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
    }
    success {
      mail charset: 'UTF-8',
           subject: "Jenkins build SUSCCESS",
           mimeType: 'text/html',
           to: "${mailto}",
           body: "<b>Congradulations!!!</b> <b><br> Jenkins job succefully finished.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
    }
  }
}