pipeline {
  agent any

  parameters {
    string(name: 'IMAGE_TAG', defaultValue: 'latest', description: '镜像 Tag')
    booleanParam(name: 'DEPLOY', defaultValue: true, description: '构建后是否自动部署')
  }

  environment {
    ACR_REGISTRY    = 'crpi-n44qjpuucgjt8e8c.cn-beijing.personal.cr.aliyuncs.com'
    ACR_NAMESPACE   = 'xuqmgroup'
    ACR_USERNAME    = 'xuqinmin12'
    PROD_HOST       = '106.54.23.149'
    PROD_USER       = 'ubuntu'
    COMPOSE_FILE    = '/opt/xuqm/deploy/compose.production.yaml'
    DOCKER_BUILDKIT = '1'
    IMAGE_NAME      = 'ops-web'
    DOCKERFILE      = 'Dockerfile.ops'
    DEPLOY_SERVICE  = 'ops-web'
    BUILD_ARGS      = '--build-arg OPS_APP_BASE=/ --build-arg OPS_API_BASE_URL=/api'
  }

  options {
    timeout(time: 20, unit: 'MINUTES')
    buildDiscarder(logRotator(numToKeepStr: '20'))
    disableConcurrentBuilds()
  }

  stages {
    stage('Checkout') {
      steps {
        checkout([
          $class: 'GitSCM',
          branches: [[name: 'main']],
          extensions: [[$class: 'CleanBeforeCheckout']],
          userRemoteConfigs: scm.userRemoteConfigs
        ])
      }
    }

    stage('Docker Build & Push') {
      steps {
        withCredentials([string(credentialsId: 'ACR_PASSWORD', variable: 'ACR_PASS')]) {
          script {
            def fullImage = "${env.ACR_REGISTRY}/${env.ACR_NAMESPACE}/${env.IMAGE_NAME}:${params.IMAGE_TAG}"
            bat """
              docker login ${env.ACR_REGISTRY} -u ${env.ACR_USERNAME} -p %ACR_PASS%
              docker pull --platform=linux/amd64 ${fullImage} || echo Pull failed, will build fresh
              docker build --platform=linux/amd64 -f ${env.DOCKERFILE} ${env.BUILD_ARGS} --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from ${fullImage} -t ${fullImage} .
              docker push ${fullImage}
              docker rmi ${fullImage} || exit 0
            """
          }
        }
      }
    }

    stage('Deploy to Production') {
      when { expression { return params.DEPLOY } }
      steps {
        withCredentials([sshUserPrivateKey(credentialsId: 'PROD_SSH_KEY', keyFileVariable: 'SSH_KEY')]) {
          script {
            def fullImage = "${env.ACR_REGISTRY}/${env.ACR_NAMESPACE}/${env.IMAGE_NAME}:${params.IMAGE_TAG}"
            bat """
              ssh -i "%SSH_KEY%" -o StrictHostKeyChecking=no ${env.PROD_USER}@${env.PROD_HOST} "docker pull ${fullImage} && docker compose -f ${env.COMPOSE_FILE} up -d --no-deps --force-recreate ${env.DEPLOY_SERVICE} && docker image prune -f"
            """
          }
        }
      }
    }
  }

  post {
    success { echo "✅ ${env.IMAGE_NAME}:${params.IMAGE_TAG} 构建部署成功" }
    failure  { echo "❌ 构建失败，请检查日志" }
  }
}