vaultwarden/Jenkinsfile

pipeline {
    agent any

    parameters {
        choice(name: 'USER_NAME', choices: ['lucas', 'interstices'], description: 'Quelle instance déployer ?')
    }

    environment {
        SSH_TARGET = "57.129.77.192"
        SSH_PORT   = "34567"
        SSH_USER   = "lucas"

        GITEA_REPO_PATH = "lucas/vaultwarden"
        GITEA_API_URL = "https://gitea.lucasroyer.fr/api/v1"
        BASE_DIR = "/home/lucas/services/vaultwarden/${params.USER_NAME}"
    }

    stages {
        stage('Check git...') {
            steps {
                checkout scm
            }
        }
        stage('Deploy') {
            steps {
                withCredentials([
                    sshUserPrivateKey(credentialsId: 'ssh-lucas-vps1', keyFileVariable: 'SSH_KEY'),
                    file(credentialsId: "vaultwarden-app-env-${params.USER_NAME}", variable: 'SECRET_ENV')
                ]) {
                    script {
                        echo "Deploying Vaultwarden for ${params.USER_NAME}..."
                        
                        // Prepare folder
                        sh '''
                            ssh -4 -p $SSH_PORT -i $SSH_KEY -o StrictHostKeyChecking=no $SSH_USER@$SSH_TARGET \
                            "mkdir -p $BASE_DIR/vw-data"
                        '''
                        
                        // Send files
                        sh '''
                            scp -4 -P $SSH_PORT -i $SSH_KEY -o StrictHostKeyChecking=no \
                            docker-compose.yml $SSH_USER@$SSH_TARGET:$BASE_DIR/docker-compose.yml
                        '''
                        
                        sh '''
                            scp -4 -P $SSH_PORT -i $SSH_KEY -o StrictHostKeyChecking=no \
                            $SECRET_ENV $SSH_USER@$SSH_TARGET:$BASE_DIR/app.env
                        '''
                        
                        // Run
                        sh """
                            ssh -4 -p \$SSH_PORT -i \$SSH_KEY -o StrictHostKeyChecking=no \$SSH_USER@\$SSH_TARGET \
                            "cd \$BASE_DIR && USER_NAME=${params.USER_NAME} docker compose -p vw-${params.USER_NAME} up -d --force-recreate --remove-orphans"
                        """
                    }
                }
            }
        }
    }


    post {
        always {
            script {
                echo "Send Gitea check..."
                // Get and store SHA
                def commitSha = sh(script: 'git rev-parse HEAD', returnStdout: true).trim()
                
                // Convert from Jenkins to Gitea API
                def buildState = (currentBuild.currentResult == 'SUCCESS') ? 'success' : 'failure'
                def buildDesc  = (currentBuild.currentResult == 'SUCCESS') ? 'Build successful' : 'Build failed'

                // Send it to Gitea API with secret 'gitea-token'
                withCredentials([string(credentialsId: 'gitea-token', variable: 'GITEA_TOKEN')]) {
                    // Use \$TOKEN to avoid jenkins to print token in logs
                    sh """
                        curl -f -X POST "${GITEA_API_URL}/repos/${GITEA_REPO_PATH}/statuses/${commitSha}" \
                             -H "Authorization: token \$GITEA_TOKEN" \
                             -H "Content-Type: application/json" \
                             -d '{"state": "${buildState}", "target_url": "${env.BUILD_URL}", "description": "${buildDesc}", "context": "jenkins-ci"}'
                    """
                }
            }
            echo "Clean unused image..."
            sh "docker image prune -f"
        }
        success { echo "Success !" }
        failure { echo "Failed." }
    }
}