pipeline {
  agent any

  parameters {
    choice(name: 'APP', choices: ['tenant-platform', 'ops-platform'], description: '要构建的 Web 应用')
    string(name: 'IMAGE_TAG', defaultValue: 'latest', description: '镜像 Tag')
    booleanParam(name: 'DEPLOY', defaultValue: true, description: '构建后是否自动部署')
  }

  environment {
    ACR_REGISTRY    = 'crpi-n44qjpuucgjt8e8c.cn-beijing.personal.cr.aliyuncs.com'
    ACR_NAMESPACE   = 'xuqmgroup'
    ACR_USERNAME    = 'xuqinmin12'
    PROD_HOST       = '106.54.23.149'
    PROD_USER       = 'ubuntu'
    COMPOSE_FILE    = '/opt/xuqm/deploy/compose.production.yaml'
    DOCKER_BUILDKIT = '1'
  }

  options {
    timeout(time: 20, unit: 'MINUTES')
    buildDiscarder(logRotator(numToKeepStr: '20'))
    disableConcurrentBuilds()
  }

  stages {
    stage('Checkout') {
      steps {
        checkout([
          $class: 'GitSCM',
          branches: [[name: 'main']],
          extensions: [[$class: 'CleanBeforeCheckout']],
          userRemoteConfigs: scm.userRemoteConfigs
        ])
      }
    }

    stage('Resolve Build Plan') {
      steps {
        script {
          switch (params.APP) {
            case 'tenant-platform':
              env.IMAGE_NAME     = 'tenant-web'
              env.DOCKERFILE     = 'Dockerfile.tenant'
              env.DEPLOY_SERVICE = 'tenant-web'
              env.BUILD_ARGS     = '--build-arg TENANT_APP_BASE=/ --build-arg TENANT_API_BASE_URL=/api'
              break
            case 'ops-platform':
              env.IMAGE_NAME     = 'ops-web'
              env.DOCKERFILE     = 'Dockerfile.ops'
              env.DEPLOY_SERVICE = 'ops-web'
              env.BUILD_ARGS     = '--build-arg OPS_APP_BASE=/ --build-arg OPS_API_BASE_URL=/api'
              break
            default:
              error("Unsupported APP: ${params.APP}")
          }
        }
      }
    }

    stage('Docker Build & Push') {
      steps {
        withCredentials([string(credentialsId: 'ACR_PASSWORD', variable: 'ACR_PASS')]) {
          script {
            def fullImage = "${env.ACR_REGISTRY}/${env.ACR_NAMESPACE}/${env.IMAGE_NAME}:${params.IMAGE_TAG}"
            bat """
              docker login ${env.ACR_REGISTRY} -u ${env.ACR_USERNAME} -p %ACR_PASS%
              docker pull --platform=linux/amd64 ${fullImage} || echo Pull failed, will build fresh
              docker build --platform=linux/amd64 -f ${env.DOCKERFILE} ${env.BUILD_ARGS} --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from ${fullImage} -t ${fullImage} . || exit /b %ERRORLEVEL%
              docker push ${fullImage} || exit /b %ERRORLEVEL%
              docker rmi ${fullImage} || exit 0
            """
          }
        }
      }
    }

    stage('Deploy to Production') {
      when { expression { return params.DEPLOY } }
      steps {
        withCredentials([sshUserPrivateKey(credentialsId: 'PROD_SSH_KEY', keyFileVariable: 'SSH_KEY')]) {
          script {
            def fullImage = "${env.ACR_REGISTRY}/${env.ACR_NAMESPACE}/${env.IMAGE_NAME}:${params.IMAGE_TAG}"
            bat """
              ssh -i "%SSH_KEY%" -o StrictHostKeyChecking=no ${env.PROD_USER}@${env.PROD_HOST} "docker rm -f xuqm-${env.DEPLOY_SERVICE} 2>/dev/null || true; docker pull ${fullImage} || exit 1; docker compose -f ${env.COMPOSE_FILE} up -d --no-deps --force-recreate ${env.DEPLOY_SERVICE} || exit 1; docker image prune -f"
            """
          }
        }
      }
    }
  }

  post {
    success { echo "✅ ${env.IMAGE_NAME}:${params.IMAGE_TAG} 构建部署成功" }
    failure  { echo "❌ 构建失败，请检查日志" }
  }
}
