kind: pipeline
type: docker
name: default

steps:
  - name: Run SonarQube Scan
    image: sonarsource/sonar-scanner-cli
    environment:
      SONAR_HOST_URL:
        from_secret: SCANNER_HOST_URL
      SONAR_LOGIN:
        from_secret: SCANNER_LOGIN
      SONAR_TOKEN:
        from_secret: SCANNER_TOKEN
    commands:
      - mkdir -p /tmp/.scannerwork
      - chmod -R 777 /tmp/.scannerwork
      - >
        sonar-scanner
        -Dsonar.login=$SONAR_LOGIN
        -Dsonar.token=$SONAR_TOKEN
        -Dsonar.host.url=$SONAR_HOST_URL
        -Dsonar.projectKey=crud_app
        -Dsonar.projectName=crud_app
        -Dsonar.working.directory=/tmp/.scannerwork
        -Dsonar.modules=frontend,employee-service
        -Dfrontend.sonar.projectBaseDir=frontend
        -Dfrontend.sonar.sources=src
        -Dfrontend.sonar.exclusions=**/node_modules/**
        -Demployee-service.sonar.projectBaseDir=employee-service
        -Demployee-service.sonar.sources=src/main/java
        -Demployee-service.sonar.exclusions=**/*.class  # ป้องกันไม่ให้ Scan ไฟล์ .class

  - name: Deploy to Server
    image: curlimages/curl:latest
    environment:
      WEBHOOK_URL:
        from_secret: WEBHOOK_URL
      WEBHOOK_SECRET:
        from_secret: WEBHOOK_SECRET
    commands:
      - >
        curl -X POST -H "Content-Type: application/json"
        -H "Authorization: Bearer $WEBHOOK_SECRET"
        -d "{\"branch\":\"master\"}" "$WEBHOOK_URL"