#!/usr/bin/env bash
set -euo pipefail

if [[ "$(uname -s)" != "Linux" ]]; then
    echo "ERROR: This script is for Linux only."
    echo "Windows users: run GCR/run-all.ps1"
    exit 1
fi

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ENV_FILE="$SCRIPT_DIR/.env"
AUTO_YES="${1:-}"

confirm_run() {
    local label="$1"
    local script_path="$2"

    if [[ "$AUTO_YES" == "--yes" ]]; then
        echo "[x] $label not done yet. Running $script_path (--yes enabled)..."
        bash "$script_path"
        return
    fi

    local answer
    read -rp "[x] $label not done yet. Run now? [y/N]: " answer
    if [[ "$answer" =~ ^[Yy]$ ]]; then
        bash "$script_path"
    fi
}

load_env() {
    # shellcheck disable=SC1090
    source "$ENV_FILE"
    : "${GCP_PROJECT_ID:?GCP_PROJECT_ID is not set in .env}"
    : "${GCP_REGION:?GCP_REGION is not set in .env}"
    : "${GCP_REPOSITORY:?GCP_REPOSITORY is not set in .env}"
    : "${SERVICE_NAME:?SERVICE_NAME is not set in .env}"
}

check_env() {
    [[ -f "$ENV_FILE" ]]
}

check_gcloud_installed() {
    command -v gcloud >/dev/null 2>&1
}

check_login() {
    local active_account
    local current_project
    local current_region
    local docker_cfg

    active_account="$(gcloud auth list --filter=status:ACTIVE --format="value(account)" 2>/dev/null | head -n1 || true)"
    current_project="$(gcloud config get-value project 2>/dev/null || true)"
    current_region="$(gcloud config get-value run/region 2>/dev/null || true)"

    docker_cfg="${DOCKER_CONFIG:-$HOME/.docker}/config.json"
    [[ -n "$active_account" ]] &&
    [[ "$current_project" == "$GCP_PROJECT_ID" ]] &&
    [[ "$current_region" == "$GCP_REGION" ]] &&
    [[ -f "$docker_cfg" ]] &&
    grep -q "\"${GCP_REGION}-docker.pkg.dev\"" "$docker_cfg"
}

check_project_setup() {
    local billing_enabled
    billing_enabled="$(gcloud billing projects describe "$GCP_PROJECT_ID" --format="value(billingEnabled)" 2>/dev/null || true)"
    [[ "$billing_enabled" == "True" ]] || return 1

    gcloud artifacts repositories describe "$GCP_REPOSITORY" \
        --location="$GCP_REGION" \
        --project="$GCP_PROJECT_ID" >/dev/null 2>&1 || return 1

    local api
    for api in run.googleapis.com artifactregistry.googleapis.com secretmanager.googleapis.com cloudresourcemanager.googleapis.com; do
        gcloud services list --enabled --project="$GCP_PROJECT_ID" --format="value(config.name)" 2>/dev/null \
            | grep -Fxq "$api" || return 1
    done
}

check_secrets_setup() {
    local service_account
    service_account="serviceAccount:${GCP_PROJECT_ID}@appspot.gserviceaccount.com"

    gcloud secrets describe mongodb-connection-string --project="$GCP_PROJECT_ID" >/dev/null 2>&1 || return 1

    gcloud secrets get-iam-policy mongodb-connection-string \
        --project="$GCP_PROJECT_ID" \
        --flatten="bindings[].members" \
        --filter="bindings.role=roles/secretmanager.secretAccessor AND bindings.members=${service_account}" \
        --format="value(bindings.members)" 2>/dev/null \
        | grep -Fxq "$service_account"
}

check_deploy_done() {
    gcloud run services describe "$SERVICE_NAME" \
        --region="$GCP_REGION" \
        --project="$GCP_PROJECT_ID" >/dev/null 2>&1
}

print_done() {
    echo "[v] $1"
}

echo "================================================================"
echo "  Htmx deployment flow runner (Linux)"
echo "================================================================"

if check_env; then
    print_done "Step 0: .env exists"
else
    echo "[x] Step 0: GCR/.env is missing"
    echo "    Copy GCR/.env.example to GCR/.env and fill required values."
    exit 1
fi

load_env

if check_gcloud_installed; then
    print_done "Step 1: gcloud installed"
else
    confirm_run "Step 1: gcloud install" "$SCRIPT_DIR/scripts/00-install-gcloud.sh"
fi

if check_login; then
    print_done "Step 2: login + docker auth configured"
else
    confirm_run "Step 2: login" "$SCRIPT_DIR/scripts/01-login.sh"
fi

if check_project_setup; then
    print_done "Step 3: project setup complete"
else
    confirm_run "Step 3: project setup" "$SCRIPT_DIR/scripts/02-setup-project.sh"
fi

if check_secrets_setup; then
    print_done "Step 4: secrets created and access granted"
else
    confirm_run "Step 4: secrets setup" "$SCRIPT_DIR/scripts/03-create-secrets.sh"
fi

if check_deploy_done; then
    print_done "Step 5: service is already deployed"
else
    confirm_run "Step 5: deploy" "$SCRIPT_DIR/scripts/04-deploy.sh"
fi

echo ""
echo "================================================================"
echo "  Final verification"
echo "================================================================"

if check_gcloud_installed; then print_done "Step 1"; else echo "[x] Step 1"; fi
if check_login; then print_done "Step 2"; else echo "[x] Step 2"; fi
if check_project_setup; then print_done "Step 3"; else echo "[x] Step 3"; fi
if check_secrets_setup; then print_done "Step 4"; else echo "[x] Step 4"; fi
if check_deploy_done; then print_done "Step 5"; else echo "[x] Step 5"; fi

echo ""
echo "Tip: run 'bash GCR/run-all.sh --yes' to auto-run missing steps without prompts."