#!/usr/bin/env bash
set -e
export KUBECONFIG=/home/chpark/.kube/config
SUDO="echo qlalfqjsgh11 | sudo -S"

cd /home/chpark
if [ -d insurance ]; then
  echo "[*] Updating insurance repo"
  cd insurance && git pull origin master
else
  echo "[*] Cloning insurance repo"
  git clone https://git.junggomoa.com/chpark/insurance.git
  cd insurance
fi

echo "[*] Building web image"
docker build \
  --build-arg EXPO_PUBLIC_API_BASE=https://api.insurance.junggomoa.com \
  -t localhost:5000/insurance/web:latest \
  -f Dockerfile .

echo "[*] Building api image"
docker build -t localhost:5000/insurance/api:latest -f server/Dockerfile server

echo "[*] Pushing to local registry"
docker push localhost:5000/insurance/web:latest
docker push localhost:5000/insurance/api:latest

echo "[*] Applying Kubernetes manifests"
kubectl apply -f deploy/k8s/namespace.yaml

POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-$(openssl rand -hex 24)}"
JWT_SECRET="${JWT_SECRET:-$(openssl rand -hex 32)}"

kubectl -n insurance create secret generic postgres-credentials \
  --from-literal=username=insurance \
  --from-literal=password="$POSTGRES_PASSWORD" \
  --dry-run=client -o yaml | kubectl apply -f -

kubectl -n insurance create secret generic api-secrets \
  --from-literal=jwtSecret="$JWT_SECRET" \
  --from-literal=databaseUrl="postgresql://insurance:${POSTGRES_PASSWORD}@postgres:5432/insurance?schema=public" \
  --dry-run=client -o yaml | kubectl apply -f -

kubectl apply -f deploy/k8s/postgres.yaml
kubectl -n insurance rollout status statefulset/postgres --timeout=180s

kubectl apply -f deploy/k8s/api.yaml
kubectl -n insurance rollout restart deployment/insurance-api || true
kubectl -n insurance rollout status deployment/insurance-api --timeout=240s

kubectl apply -f deploy/k8s/deployment.yaml
kubectl apply -f deploy/k8s/service.yaml
kubectl -n insurance rollout restart deployment/insurance-web || true
kubectl -n insurance rollout status deployment/insurance-web --timeout=180s

echo "[*] Installing Traefik dynamic routing"
eval "$SUDO cp deploy/traefik-dynamic.yml /opt/docker/traefik/dynamic/insurance.yml"
eval "$SUDO chmod 644 /opt/docker/traefik/dynamic/insurance.yml"

echo "[*] Saving secrets for reuse"
cat > /home/chpark/.insurance-secrets <<EOF
POSTGRES_PASSWORD=$POSTGRES_PASSWORD
JWT_SECRET=$JWT_SECRET
EOF
chmod 600 /home/chpark/.insurance-secrets

echo ""
echo "===== DEPLOY STATUS ====="
kubectl -n insurance get pods,svc
echo ""
echo "🚀 Web: https://insurance.junggomoa.com"
echo "🔌 API: https://api.insurance.junggomoa.com"