pipeline {
  agent any

  triggers {
    GenericTrigger(
      causeString: 'Triggered by push event',
      token: 'tag-trigger-secret',
      printContributedVariables: true,
      printPostContent: true,
      genericVariables: [
        [key: 'ref', value: '$.ref'],
        [key: 'after', value: '$.after']
      ]
    )
  }

  environment {
    REGISTRY = 'codeberg.org'
    IMAGE_NAME = "${REGISTRY}/lvl0/incr"
    DOCKER_CREDENTIALS_ID = 'codeberg-registry'
  }

  stages {
    stage('Tag Push Filter') {
      steps {
        script {
          if (!env.ref?.startsWith('refs/tags/')) {
            echo "Not a tag push (ref = ${env.ref}). Skipping build."
            currentBuild.result = 'NOT_BUILT'
            return
          }

          if (env.after == null || env.after ==~ /^0{40}$/) {
            echo "After SHA is null or zeroed (after = ${env.after}). Skipping build."
            currentBuild.result = 'NOT_BUILT'
            return
          }

          echo "Valid tag push detected: ${env.ref} (${env.after})"
        }
      }
    }

    stage('Build & Push Docker Image') {
      when {
        expression {
          return env.ref?.startsWith('refs/tags/') && env.GIT_COMMIT && env.GIT_COMMIT != ""
        }
      }
      steps {
        sh 'docker build -t $IMAGE_NAME:$GIT_COMMIT -f docker/Dockerfile .'
        withCredentials([usernamePassword(credentialsId: "$DOCKER_CREDENTIALS_ID", usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
          sh """
            echo "$PASSWORD" | docker login $REGISTRY -u "$USERNAME" --password-stdin
            docker push $IMAGE_NAME:$GIT_COMMIT
          """
        }
      }
    }
  }
}