#!/bin/bash -e
set -o pipefail

function kapply() {
    for f in "$@"; do
        kubectl apply -f \
            <(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
    done
}

function kcreatesec() {
    kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
}

function kcreatecm() {
    kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
}

function kgseckey() {
    local sec="$1"; shift
    local key="$1"; shift
    local ret

    ret="$(kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d)"
    if [ "$?" -ne 0 ] || [ -z "$ret" ]; then
        return 1
    fi
    echo "$ret"
}

function kgcmkey() {
    local cm="$1"; shift
    local key="$1"; shift
    local ret;

    ret="$(kubectl get configmap "$cm" -o jsonpath="{.data.$key}")"
    if [ "$?" -ne 0 ] || [ -z "$ret" ]; then
        return 1
    fi
    echo "$ret"
}


kapply common/db.yaml

export REDIS_HOST=redis
export REDIS_DB=0
export REDIS_PORT=6379
export POSTGRES_HOST;     POSTGRES_HOST="$(kgseckey postgres-app host)"
export POSTGRES_PORT;     POSTGRES_PORT="$(kgseckey postgres-app port)"
export POSTGRES_DB;       POSTGRES_DB="$(kgseckey postgres-app dbname)"
export POSTGRES_USER;     POSTGRES_USER="$(kgseckey postgres-app user)"
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"

GITEA_USERNAME="$(kgseckey gitea-admin username || echo gitea)"
GITEA_PASSWORD="$(kgseckey gitea-admin password || openssl rand -hex 32)"

kcreatesec gitea-admin \
    --from-literal=email="gitea@$BASE_URL" \
    --from-literal=username="$GITEA_USERNAME" \
    --from-literal=password="$GITEA_PASSWORD"

kubectl run --rm --attach --image "$IMAGEAPP" secrets sleep 60 & &> /dev/null
sleep 5
kubectl wait --timeout=5m --for=condition=ready pod secrets
kcreatesec gitea \
    --from-literal=secret_key="$(kgseckey gitea secret_key               || kubectl exec secrets -- gitea generate secret SECRET_KEY)" \
    --from-literal=internal_token="$(kgseckey gitea internal_token       || kubectl exec secrets -- gitea generate secret INTERNAL_TOKEN)" \
    --from-literal=oauth2_jwt_secret="$(kgseckey gitea oauth2_jwt_secret || kubectl exec secrets -- gitea generate secret JWT_SECRET)"

kcreatecm gitea \
    --from-file=app.ini=<(envsubst "$(env | xargs printf '$%s ')" < config/app.ini)

kapply common/job.yaml \
    common/redis.yaml \
    common/app.yaml

kubectl rollout restart statefulset app

kubectl wait --timeout=5m --for=condition=complete job/createadminuser

kcreatesec runner \
    --from-literal=token="$(kgseckey runner token || kubectl exec app-0 -- gitea actions generate-runner-token)"

kcreatesec renovate \
    --from-literal=token="$(kgseckey renovate token || kubectl exec app-0 -- gitea admin user generate-access-token --username "$GITEA_USERNAME" --token-name RENOVATE --scopes 'write:repository,read:user,write:issue,read:organization' | grep -o '[a-f0-9]\+$')"

kapply common/runner.yaml common/renovate.yaml

kubectl rollout restart statefulset runner