pipeline {
  agent none

  options {
    disableConcurrentBuilds()
    timestamps()
  }

  parameters {
    string(name: 'SOURCE_NODE_NAME', defaultValue: '', description: '上游构建节点名')
    string(name: 'SOURCE_WORKSPACE_ROOT', defaultValue: '', description: '上游源码根目录')
    string(name: 'BUILD_VERSION', defaultValue: '', description: '待部署版本号')
    string(name: 'DEPLOY_DIRECTORY', defaultValue: '/var/lib/jenkins/deploy/Genarrative', description: '固定部署目录')
    string(name: 'EXPECTED_UPSTREAM_JOB', defaultValue: '', description: '允许触发本作业的上游作业名')
  }

  stages {
    stage('校验触发来源') {
      agent {
        label 'built-in'
      }

      steps {
        script {
          // Pipeline 的 build 步骤通常会把下游触发原因记录成 BuildUpstreamCause，
          // 直接只查经典 UpstreamCause 会把真实的上游触发误判成“人工执行”。
          def pipelineUpstreamCauses = currentBuild.getBuildCauses('org.jenkinsci.plugins.workflow.support.steps.build.BuildUpstreamCause')
          def classicUpstreamCauses = currentBuild.getBuildCauses('hudson.model.Cause$UpstreamCause')
          def upstreamCause = null

          if (pipelineUpstreamCauses && !pipelineUpstreamCauses.isEmpty()) {
            upstreamCause = pipelineUpstreamCauses[0]
          } else if (classicUpstreamCauses && !classicUpstreamCauses.isEmpty()) {
            upstreamCause = classicUpstreamCauses[0]
          }

          if (!upstreamCause) {
            error('部署流水线禁止人工直接执行，只允许由上游构建并部署流水线触发。')
          }

          def actualUpstreamJob = upstreamCause?.upstreamProject ?: ''
          def expectedUpstreamJob = params.EXPECTED_UPSTREAM_JOB?.trim()
          def allowedUpstreamJob = env.GENARRATIVE_ALLOWED_UPSTREAM_JOB?.trim()

          if (!params.BUILD_VERSION?.trim()) {
            error('BUILD_VERSION 不能为空。')
          }

          if (!params.SOURCE_WORKSPACE_ROOT?.trim()) {
            error('SOURCE_WORKSPACE_ROOT 不能为空。')
          }

          if (!params.SOURCE_NODE_NAME?.trim()) {
            error('SOURCE_NODE_NAME 不能为空。')
          }

          if (!actualUpstreamJob?.trim()) {
            error('无法从上游触发原因中解析作业名，请检查 Jenkins Pipeline Build Step 插件版本与触发链。')
          }

          if (expectedUpstreamJob && actualUpstreamJob != expectedUpstreamJob) {
            error("上游作业校验失败，期望 ${expectedUpstreamJob}，实际 ${actualUpstreamJob}")
          }

          if (allowedUpstreamJob && actualUpstreamJob != allowedUpstreamJob) {
            error("环境门禁校验失败，仅允许 ${allowedUpstreamJob} 触发，实际 ${actualUpstreamJob}")
          }

          env.UPSTREAM_JOB_NAME = actualUpstreamJob
        }
      }
    }

    stage('部署指定版本') {
      agent {
        label "${params.SOURCE_NODE_NAME}"
      }

      steps {
        dir("${params.SOURCE_WORKSPACE_ROOT}") {
          sh """
            bash -lc '
              set -euo pipefail
              test -d "build/${params.BUILD_VERSION}"
              chmod +x scripts/jenkins-deploy-release.sh
              # 只部署上游已构建好的版本目录，避免部署阶段再次构建产生漂移。
              ./scripts/jenkins-deploy-release.sh \
                --source-dir "build/${params.BUILD_VERSION}" \
                --deploy-dir "${params.DEPLOY_DIRECTORY}"
            '
          """
        }
      }
    }
  }

  post {
    success {
      echo "部署完成，版本号: ${params.BUILD_VERSION}，上游作业: ${env.UPSTREAM_JOB_NAME}"
    }
  }
}