kind: pipeline
name: default
type: docker

steps:
  - name: load_secret
    image: debian:buster-slim
    volumes:
      - name: ssh
        path: /root/.ssh/
    environment:
      SSH_KEY:
        from_secret: gitea_id_ed25519
    commands:
      - mkdir -p $HOME/.ssh/
      - echo "$SSH_KEY" | base64 -d > $HOME/.ssh/id_ed25519

  - name: build
    image: kasperhermansen/cuddle:latest
    pull: always
    volumes:
      - name: ssh
        path: /root/.ssh/
      - name: dockersock
        path: /var/run
    commands:
      - eval `ssh-agent`
      - chmod -R 600 ~/.ssh
      - ssh-add
      - cuddle x build_cuddle_image
    environment:
      DOCKER_BUILDKIT: 1
      CUDDLE_SECRETS_PROVIDER: 1password
      CUDDLE_ONE_PASSWORD_DOT_ENV: ".env.ci"
      CUDDLE_SSH_AGENT: "true"
      OP_SERVICE_ACCOUNT_TOKEN:
        from_secret: op_service_account_token

    depends_on:
      - "load_secret"

services:
- name: docker
  image: docker:dind
  privileged: true
  volumes:
  - name: dockersock
    path: /var/run

volumes:
  - name: ssh
    temp: {}
  - name: dockersock
    temp: {}