---
apiVersion: batch/v1
kind: Job
metadata:
  name: {{ jobname }}-{{ major }}-{{ architecture }}-{{ buildTime }}
  namespace: {{ namespace }}
spec:
  template:
    metadata:
      labels:
        peridot.rockylinux.org/workflow-tolerates-arch: {{ architecture }}
    spec:
      containers:
      - name: {{ jobname }}-{{ major }}-{{ architecture }}
        image: {{ imageName }}
        command: ["/bin/bash", "-c"]
        args:
          - |
{%- for c in command -%}
{%- if c is string %}
            {{ c }}
{%- else %}
            {{ ' '.join(c) }}
{%- endif %}
{%- endfor %}
        securityContext:
          runAsUser: 0
          runAsGroup: 0
          privileged: true
          runAsNonRoot: false
          allowPrivilegeEscalation: true
        volumeMounts:
          - mountPath: /etc/resolv.conf
            name: resolv-conf
          - mountPath: /var/lib/mock/
            name: mock
        env:
        - name: AWS_REGION
          value: us-east-2
        - name: AWS_ACCESS_KEY_ID
          valueFrom:
            secretKeyRef:
              name: empanadas-s3
              key: ID
        - name: AWS_SECRET_ACCESS_KEY
          valueFrom:
            secretKeyRef:
              name: empanadas-s3
              key: SECRET
      tolerations:
      - effect: NoSchedule
        key: peridot.rockylinux.org/workflow-tolerates-arch
        operator: Equal
        value: {{ architecture }}
      restartPolicy: {{ restartPolicy }}
      volumes:
      - name: resolv-conf
        hostPath:
          path: /etc/resolv.conf
          type: File
      - name: mock
        emptyDir: {}
  backoffLimit: {{ backoffLimit }}