#!/usr/bin/env bash
# Pipekit deployment — idempotent. Re-run any time.
#
# Steps:
#   1. Check prerequisites (python3, jrunner on PATH)
#   2. Create Python venv at $REPO/.venv and install requirements
#   3. Install launcher at /usr/local/bin/pipekit (wraps the venv python)
#   4. Ensure /etc/pipekit/secrets.env exists (mode 0600, placeholder body)
#   5. Run `pipekit init` to create/upgrade the SQLite schema
#   6. Register driver rows for every JDBC jar shipped with jrunner
#
# After running:
#   - Set DB passwords with: sudo pipekit secrets set <KEY>
#   - See systemd/pipekit.service for a unit file template

set -euo pipefail

REPO_DIR="${PIPEKIT_REPO:-$(cd "$(dirname "$0")" && pwd)}"
VENV_DIR="$REPO_DIR/.venv"
LAUNCHER="/usr/local/bin/pipekit"
CONFIG_DIR="/etc/pipekit"
SECRETS_FILE="$CONFIG_DIR/secrets.env"

if [ "$EUID" -ne 0 ]; then
    exec sudo -H -E "$0" "$@"
fi

echo "== pipekit deploy =="
echo "repo:    $REPO_DIR"
echo "venv:    $VENV_DIR"
echo "secrets: $SECRETS_FILE"
echo ""

command -v python3 >/dev/null || { echo "ERROR: python3 not on PATH"; exit 1; }
command -v jrunner >/dev/null || { echo "ERROR: jrunner not on PATH — install /opt/jrunner first"; exit 1; }

if [ ! -d "$VENV_DIR" ]; then
    echo "Creating venv at $VENV_DIR"
    python3 -m venv "$VENV_DIR"
fi
"$VENV_DIR/bin/pip" install --quiet --upgrade pip
"$VENV_DIR/bin/pip" install --quiet -r "$REPO_DIR/requirements.txt"
echo "Python deps installed."

cat > "$REPO_DIR/bin/pipekit" <<EOF
#!/usr/bin/env bash
set -euo pipefail
exec "$VENV_DIR/bin/python3" -m pipekit "\$@"
EOF
chmod +x "$REPO_DIR/bin/pipekit"
ln -sf "$REPO_DIR/bin/pipekit" "$LAUNCHER"
echo "Launcher: $LAUNCHER -> $REPO_DIR/bin/pipekit"

install -d -m 0755 "$CONFIG_DIR"
if [ ! -f "$SECRETS_FILE" ]; then
    install -m 0600 /dev/null "$SECRETS_FILE"
    cat > "$SECRETS_FILE" <<'EOF'
# pipekit secrets — sourced by the service process (EnvironmentFile=)
# or by the shell before `pipekit serve`. One KEY=VALUE per line.
# Connection rows reference these as $KEY (e.g. password: "$DB2PW").
#
# This file must stay mode 0600 and out of version control.
# Use `sudo pipekit secrets set <KEY>` to add entries safely.
EOF
    chmod 0600 "$SECRETS_FILE"
    echo "Created $SECRETS_FILE"
else
    echo "Keeping existing $SECRETS_FILE"
fi

"$LAUNCHER" init

# Register drivers for each JDBC jar jrunner ships with.
JR_LIB="$(dirname "$(readlink -f "$(command -v jrunner)")")/../lib"
register_jar() {
    local kind="$1" pattern="$2"
    local jar
    jar="$(find "$JR_LIB" -maxdepth 1 -name "$pattern" 2>/dev/null | head -1)"
    if [ -n "$jar" ]; then
        "$LAUNCHER" drivers register "$kind" --jar "$jar"
    else
        echo "  (no $pattern in $JR_LIB — skipping $kind)"
    fi
}
register_jar db2   "jt400-*.jar"
register_jar pg    "postgresql-*.jar"
register_jar mssql "mssql-jdbc-*.jar"

echo ""
echo "pipekit deployed."
echo ""
echo "Next steps:"
echo "  1. Set passwords:  sudo pipekit secrets set DB2PW"
echo "                     sudo pipekit secrets set PGPW"
echo "  2. Start the server manually:"
echo "       set -a; source $SECRETS_FILE; set +a"
echo "       pipekit serve"
echo "  3. Or install the systemd unit:"
echo "       sudo cp $REPO_DIR/systemd/pipekit.service /etc/systemd/system/"
echo "       sudo systemctl daemon-reload"
echo "       sudo systemctl enable --now pipekit"