#!/bin/bash
set -e

apk add --no-cache git bash curl yq jq

echo "🔍 Scanning for apps with cname.yaml..."

mkdir -p generated-values
rm -rf .tmp-repos
mkdir -p .tmp-repos

SANDBOX_REPO_URL="https://git.dvirlabs.com/dvirlabs/sandbox.git"
INFRA_REPO_URL="https://${GIT_TOKEN}@git.dvirlabs.com/dvirlabs/infra.git"
SANDBOX_CLONE=".tmp-repos/sandbox"
INFRA_CLONE=".tmp-repos/infra"
GENERATED_FILE="/woodpecker/src/git.dvirlabs.com/dvirlabs/apps-gitops"
ORIGINAL_FILE="$INFRA_CLONE/manifests/cloudflared/values.yaml"
MERGED_FILE="$INFRA_CLONE/manifests/cloudflared/values.yaml"

echo "📦 Cloning sandbox-apps..."
git clone --depth=1 "$SANDBOX_REPO_URL" "$SANDBOX_CLONE"
echo "📦 Cloning infra..."
git clone --depth=1 "$INFRA_REPO_URL" "$INFRA_CLONE"

echo "⚙️  Generating sandbox ingress list..."
cat <<EOF > "$GENERATED_FILE"
ingress: []
EOF

find "$SANDBOX_CLONE/manifests" -name cname.yaml | while read -r cname_file; do
  app_dir=$(dirname "$cname_file")
  app_name=$(basename "$app_dir")
  namespace=$(basename "$(dirname "$app_dir")")

  enabled=$(yq '.enabled' "$cname_file")
  if [[ "$enabled" == "true" ]]; then
    hostname=$(yq '.hostname' "$cname_file")
    service="http://${app_name}.${namespace}.svc.cluster.local:80"

    echo "✅ Found $hostname → $service"
    yq eval ".ingress += [{\"hostname\": \"$hostname\", \"service\": \"$service\", \"namespace\": \"$namespace\"}]" -i "$GENERATED_FILE"
  fi
done

echo "📄 Generated Ingress:"
cat "$GENERATED_FILE"

echo "🔁 Merging new entries into: $ORIGINAL_FILE"

TEMP_FILE=$(mktemp)
cp "$ORIGINAL_FILE" "$TEMP_FILE"

yq eval -o=json '.cloudflare.ingress' "$TEMP_FILE" > /tmp/existing.json

yq eval '.ingress' "$GENERATED_FILE" | yq -o=json | jq -c '.[]' | while read -r new_entry; do
  hostname=$(echo "$new_entry" | jq -r '.hostname')
  service=$(echo "$new_entry" | jq -r '.service')
  namespace=$(echo "$new_entry" | jq -r '.namespace')

  exists=$(jq --arg hostname "$hostname" '.[] | select(.hostname == $hostname)' /tmp/existing.json)

  if [ -z "$exists" ]; then
    echo "➕ Adding $hostname → $service"
    yq eval ".cloudflare.ingress += [{\"hostname\": \"$hostname\", \"service\": \"$service\", \"namespace\": \"$namespace\"}]" -i "$TEMP_FILE"
  else
    echo "⚠️  $hostname already exists, skipping"
  fi
done

echo "🧼 Grouping ingress entries by namespace..."
GROUPED=$(mktemp)
yq eval 'del(.cloudflare.ingress)' "$TEMP_FILE" > "$GROUPED"

echo "  ingress:" >> "$GROUPED"

yq eval '.cloudflare.ingress' "$TEMP_FILE" | yq -o=json | jq -s 'group_by(.namespace)[]' | while read -r group; do
  namespace=$(echo "$group" | jq -r '.[0].namespace')
  echo "    # ############ $namespace ############" >> "$GROUPED"
  echo "$group" | jq -c '.[]' | while read -r item; do
    hostname=$(echo "$item" | jq -r '.hostname')
    service=$(echo "$item" | jq -r '.service')
    echo "    - hostname: $hostname" >> "$GROUPED"
    echo "      service: $service" >> "$GROUPED"
  done
done >> "$GROUPED"

sed -i '/^cloudflare:/r /dev/stdin' "$GROUPED" <<< "$(tail -n +2 "$GROUPED")"

cp "$GROUPED" "$MERGED_FILE"

echo "✅ Final merged values.yaml:"
cat "$MERGED_FILE"

cd "$INFRA_CLONE"
git config user.name "woodpecker-bot"
git config user.email "ci@dvirlabs.com"
git remote set-url origin "https://${GIT_TOKEN}@git.dvirlabs.com/dvirlabs/infra.git"

if ! git diff --quiet manifests/cloudflared/values.yaml; then
  git add manifests/cloudflared/values.yaml
  git commit -m "chore(cloudflared): grouped ingress by namespace"
  git push origin HEAD
  echo "✅ Changes pushed successfully."
else
  echo "ℹ️  No changes to commit."
fi

echo "🌐 Creating CNAME records in Cloudflare..."
CLOUDFLARE_API="https://api.cloudflare.com/client/v4"
TARGET="b50bbf48-0a2f-47ce-b73e-336b6718318b.cfargotunnel.com"

: "${CLOUDFLARE_API_TOKEN:?CLOUDFLARE_API_TOKEN not set}"
: "${CLOUDFLARE_ZONE_ID:?CLOUDFLARE_ZONE_ID not set}"

yq eval '.ingress' "$GENERATED_FILE" | yq -o=json | jq -c '.[]' | while read -r record; do
  name=$(echo "$record" | jq -r '.hostname' | sed 's/\.dvirlabs\.com//')

  exists=$(curl -s -X GET "$CLOUDFLARE_API/zones/$CLOUDFLARE_ZONE_ID/dns_records?type=CNAME&name=$name.dvirlabs.com" \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" -H "Content-Type: application/json" | jq '.result | length')

  if [ "$exists" -eq 0 ]; then
    echo "➕ Creating CNAME: $name.dvirlabs.com → $TARGET"
    curl -s -X POST "$CLOUDFLARE_API/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
      -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
      -H "Content-Type: application/json" \
      --data "{
        \"type\": \"CNAME\",
        \"name\": \"$name\",
        \"content\": \"$TARGET\",
        \"ttl\": 1,
        \"proxied\": true
      }" > /dev/null
  else
    echo "⚠️  CNAME for $name.dvirlabs.com already exists, skipping"
  fi
done