#!/bin/bash
# Build bastion container image (multi-arch) and push to Gitea container registry
set -e

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
cd "$PROJECT_ROOT"

# Load .env for GITEA_TOKEN
if [ -f .env ]; then
  set -a; source .env; set +a
fi

# ── Argument parsing ───────────────────────────────────────────────
PUSH=false
PLATFORMS="linux/amd64,linux/arm64"

usage() {
  cat <<EOF
Usage: $(basename "$0") [OPTIONS] [TAG]

Build bastion container image (multi-arch) and optionally push to registry.

Options:
  --push             Push to registry after building
  --platforms LIST   Comma-separated platforms (default: linux/amd64,linux/arm64)
  -h, --help         Show this help message

Arguments:
  TAG                Image tag (default: version from package.json)

Examples:
  $(basename "$0")                          # build multi-arch, no push
  $(basename "$0") --push                   # build + push with version tag
  $(basename "$0") --push latest            # build + push as :latest
  $(basename "$0") --platforms linux/amd64   # build amd64 only
EOF
  exit 0
}

POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
  case "$1" in
    --push)
      PUSH=true
      shift
      ;;
    --platforms)
      PLATFORMS="$2"
      shift 2
      ;;
    -h|--help)
      usage
      ;;
    *)
      POSITIONAL_ARGS+=("$1")
      shift
      ;;
  esac
done

REGISTRY="${GITEA_REGISTRY:-mysources.co.uk}"
REPO="michal/lab/bastion"
FULL_IMAGE="$REGISTRY/$REPO"
VERSION=$(node -p "require('./package.json').version")
TAG="${POSITIONAL_ARGS[0]:-$VERSION}"

echo "==> Building bastion image"
echo "    Tag:       $TAG"
echo "    Platforms: $PLATFORMS"
echo "    Registry:  $FULL_IMAGE"

# ── Build multi-arch manifest ────────────────────────────────────
MANIFEST="lab-bastion:$TAG"

# Remove existing manifest/image with the same tag
podman manifest rm "$MANIFEST" 2>/dev/null || true
podman rmi "$MANIFEST" 2>/dev/null || true

echo "==> Building for platforms: $PLATFORMS..."
podman build \
  --platform "$PLATFORMS" \
  --manifest "$MANIFEST" \
  -f Dockerfile.bastion \
  .

echo "==> Build complete. Manifest:"
podman manifest inspect "$MANIFEST" | grep -E '"(architecture|os)"'

# ── Push ─────────────────────────────────────────────────────────
if [ "$PUSH" = true ]; then
  if [ -z "$GITEA_TOKEN" ]; then
    # Try reading from ~/.gitea-token
    if [ -f "$HOME/.gitea-token" ]; then
      GITEA_TOKEN="$(cat "$HOME/.gitea-token")"
    else
      echo "ERROR: GITEA_TOKEN not set and ~/.gitea-token not found"
      exit 1
    fi
  fi

  # Use --tls-verify=false for plain HTTP registries (e.g. 10.0.0.194:3012)
  TLS_FLAG=""
  if [[ "$REGISTRY" =~ ^[0-9] ]] || [[ "$REGISTRY" =~ ^localhost ]]; then
    TLS_FLAG="--tls-verify=false"
  fi

  echo "==> Logging in to $REGISTRY..."
  podman login $TLS_FLAG -u michal -p "$GITEA_TOKEN" "$REGISTRY"

  echo "==> Pushing $FULL_IMAGE:$TAG..."
  podman manifest push --all $TLS_FLAG "$MANIFEST" "docker://$FULL_IMAGE:$TAG"

  # Also tag as :latest if not already
  if [ "$TAG" != "latest" ]; then
    echo "==> Also pushing as :latest..."
    podman manifest push --all $TLS_FLAG "$MANIFEST" "docker://$FULL_IMAGE:latest"
  fi

  # Link package to repository if script exists
  if [ -f "$SCRIPT_DIR/link-package.sh" ]; then
    source "$SCRIPT_DIR/link-package.sh"
    link_package "container" "bastion"
  fi

  echo "==> Pushed successfully!"
else
  echo "==> Skipping push (use --push to push to registry)"
fi

echo "==> Done!"
echo "    Image: $FULL_IMAGE:$TAG"
echo "    Platforms: $PLATFORMS"