apiVersion: batch/v1
kind: Job
metadata:
  name: harbor-add-project-admins
  namespace: dev-tools
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: apply-group
          image: curlimages/curl
          command:
            - /bin/sh
            - -c
            - |
              apk add --no-cache jq

              echo "📡 Fetching Harbor projects..."
              projects=$(curl -sk -u admin:SuperSecurePassword123 https://harbor.dvirlabs.com/api/v2.0/projects | jq -r '.[].name')

              for project in $projects; do
                echo "🔍 Checking if 'project-admins' group is already in project: $project"
                existing=$(curl -sk -u admin:SuperSecurePassword123 https://harbor.dvirlabs.com/api/v2.0/projects/$project/members | jq -r '.[] | select(.member_group.group_name=="project-admins") | .id')

                if [ -z "$existing" ]; then
                  echo "➕ Adding group 'project-admins' to project $project as Project Admin..."
                  curl -sk -u admin:SuperSecurePassword123 \
                    -X POST https://harbor.dvirlabs.com/api/v2.0/projects/$project/members \
                    -H "Content-Type: application/json" \
                    -d '{
                      "role_id": 1,
                      "member_group": {
                        "group_name": "project-admins",
                        "group_type": 1
                      }
                    }'
                else
                  echo "✅ Group already exists in project $project, skipping."
                fi
              done