#!/bin/bash -e
set -o pipefail

function kapply() {
    for f in "$@"; do
        kubectl apply -f <(envsubst < "manifests/$f")
    done
}; export -f kapply

function kcreatesec() {
    kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
}; export -f kcreatesec

function kcreatecm() {
    kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
}; export -f kcreatecm

function kgseckey() {
    local sec="$1"; shift
    local key="$1"; shift

    if ! kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\" // empty" | base64 -d; then
        return 1
    fi
}; export -f kgseckey

function kgcmkey() {
    local cm="$1";  shift
    local key="$1"; shift

    if ! kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\" // empty"; then
        return 1
    fi
}; export -f kgcmkey


kapply common/db.yaml

export REDIS_HOST=valkey
export REDIS_DB=0
export REDIS_PORT=6379
export POSTGRES_HOST;     POSTGRES_HOST="$(kgseckey postgres-app host)"
export POSTGRES_PORT;     POSTGRES_PORT="$(kgseckey postgres-app port)"
export POSTGRES_DB;       POSTGRES_DB="$(kgseckey postgres-app dbname)"
export POSTGRES_USER;     POSTGRES_USER="$(kgseckey postgres-app user)"
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"

# shellcheck disable=SC1090,SC2016
. <(kubectl run -i --rm --image "$IMAGEAPP" secrets -- bash <<< 'echo SECRET_KEY="$(gitea generate secret SECRET_KEY)" INTERNAL_TOKEN="$(gitea generate secret INTERNAL_TOKEN)" JWT_SECRET="$(gitea generate secret JWT_SECRET)"' | head -n1)

kcreatesec gitea \
    --from-literal=secret_key="$(kgseckey gitea secret_key               || echo "$SECRET_KEY")" \
    --from-literal=internal_token="$(kgseckey gitea internal_token       || echo "$INTERNAL_TOKEN")" \
    --from-literal=oauth2_jwt_secret="$(kgseckey gitea oauth2_jwt_secret || echo "$JWT_SECRET")"

kcreatecm gitea \
    --from-file=app.ini=<(envsubst < config/app.ini)

kapply common/job.yaml \
    common/valkey.yaml \
    common/app.yaml

kubectl rollout restart statefulset app

kubectl rollout status statefulset app
kubectl wait --timeout=5m --for=condition=complete job/migrate

./manifests/bin/createadmin.sh gitea
./manifests/bin/createadmin.sh renovate 'write:repository,read:user,write:issue,read:organization'

kcreatesec runner \
    --from-literal=token="$(kgseckey runner token || kubectl exec statefulset/app -- gitea actions generate-runner-token)"

kapply common/runner.yaml common/renovate.yaml

kubectl rollout restart statefulset runner