#Requires -Version 5.1
param()
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Continue'

$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
$EnvFile   = Join-Path $ScriptDir "..\\.env"
if (-not (Test-Path $EnvFile)) { Write-Error "ERROR: $EnvFile not found."; exit 1 }

$config = @{}
foreach ($line in Get-Content $EnvFile) {
    if ($line -match '^\s*$' -or $line -match '^\s*#') { continue }
    if ($line -match '^([^=]+)=(.*)$') { $config[$Matches[1].Trim()] = $Matches[2].Trim() }
}

$GCP_PROJECT_ID = if ($config['GCP_PROJECT_ID']) { $config['GCP_PROJECT_ID'] } else { '' }
$GCP_REGION     = if ($config['GCP_REGION'])     { $config['GCP_REGION'] }     else { '' }
$GCP_REPOSITORY = if ($config['GCP_REPOSITORY']) { $config['GCP_REPOSITORY'] } else { '' }
if (-not $GCP_PROJECT_ID) { Write-Error "GCP_PROJECT_ID not set"; exit 1 }
if (-not $GCP_REGION)     { Write-Error "GCP_REGION not set";     exit 1 }
if (-not $GCP_REPOSITORY) { Write-Error "GCP_REPOSITORY not set"; exit 1 }

Write-Host ">>> Active project: $GCP_PROJECT_ID"
Write-Host ">>> Region:         $GCP_REGION"
Write-Host ">>> AR repository:  $GCP_REPOSITORY"

Write-Host ""
Write-Host ">>> Checking billing..."
$billing = gcloud billing projects describe $GCP_PROJECT_ID --format='value(billingEnabled)' 2>$null
if ($billing -eq 'True') {
    Write-Host "    Billing already enabled."
} else {
    Write-Host "    Billing NOT enabled. Listing accounts..."
    gcloud billing accounts list --format='table(name,displayName,open)' 2>$null
    $BILLING_ACCOUNT_ID = Read-Host "    Enter BILLING_ACCOUNT_ID"
    gcloud billing projects link $GCP_PROJECT_ID --billing-account=$BILLING_ACCOUNT_ID 2>$null
    if ($LASTEXITCODE -ne 0) { Write-Error "Failed to link billing."; exit 1 }
    Write-Host "    Billing linked."
}

Write-Host ""
Write-Host ">>> Enabling required APIs..."
gcloud services enable run.googleapis.com artifactregistry.googleapis.com secretmanager.googleapis.com cloudresourcemanager.googleapis.com --project=$GCP_PROJECT_ID 2>$null
if ($LASTEXITCODE -ne 0) { Write-Error "Failed to enable APIs."; exit 1 }
Write-Host "    APIs enabled."

Write-Host ""
Write-Host ">>> Checking Artifact Registry repository: $GCP_REPOSITORY ..."
gcloud artifacts repositories describe $GCP_REPOSITORY --location=$GCP_REGION --project=$GCP_PROJECT_ID 2>$null | Out-Null
if ($LASTEXITCODE -eq 0) {
    Write-Host "    Repository already exists."
} else {
    Write-Host "    Creating repository..."
    gcloud artifacts repositories create $GCP_REPOSITORY --repository-format=docker --location=$GCP_REGION --description="Container images for Htmx app" --project=$GCP_PROJECT_ID 2>$null
    if ($LASTEXITCODE -ne 0) { Write-Error "Failed to create repository."; exit 1 }
    Write-Host "    Repository created."
}

$CURRENT_USER = (gcloud config get-value account 2>$null).Trim()
Write-Host ""
Write-Host ">>> Granting IAM roles to $CURRENT_USER ..."
foreach ($role in @("roles/run.developer","roles/artifactregistry.writer","roles/iam.serviceAccountUser","roles/secretmanager.admin","roles/secretmanager.secretAccessor","roles/secretmanager.secretVersionAdder")) {
    Write-Host "    $role"
    gcloud projects add-iam-policy-binding $GCP_PROJECT_ID --member="user:$CURRENT_USER" --role=$role --quiet 2>$null | Out-Null
}

Write-Host ""
Write-Host ">>> Project setup complete."
Write-Host ">>> Next step: run GCR\scripts\03-create-secrets.ps1"