#!/usr/bin/env bash
# Deploy Phoenix Deploy API to the dev VM (canonical: VMID 5700, IP_DEV_VM).
# Installs to /opt/phoenix-deploy-api and enables systemd (see phoenix-deploy-api/scripts/install-systemd.sh).
#
# Layout on the workstation: repo root must contain phoenix-deploy-api/ and
# config/public-sector-program-manifest.json (copied into /opt by install-systemd).
# Include phoenix-deploy-api/.env in your tree before deploy (not committed); it is packed if present.
#
# Requires: LAN SSH to the Proxmox node that hosts VMID 5700 (see get_host_for_vmid in
# scripts/lib/load-project-env.sh). Default PVE: r630-02 for 5700.
#
# Usage:
#   ./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --dry-run
#   ./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --apply
#   ./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --apply --start-ct   # pct start 5700 on PVE if stopped
#
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# shellcheck source=/dev/null
source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh" 2>/dev/null || {
  echo "ERROR: load-project-env.sh not found at ${PROJECT_ROOT}/scripts/lib/load-project-env.sh" >&2
  exit 1
}

VMID="${PHOENIX_DEPLOY_DEV_VM_VMID:-5700}"
PVE_HOST="${PHOENIX_DEPLOY_PVE_HOST:-$(get_host_for_vmid "$VMID")}"
PVE_USER="${PHOENIX_DEPLOY_PVE_USER:-root}"
SSH_OPTS="${PHOENIX_DEPLOY_SSH_OPTS:--o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new}"
IP_DEV_VM="${IP_DEV_VM:-192.168.11.59}"

DRY_RUN=1
START_CT=0
for a in "$@"; do
  if [[ "$a" == "--apply" ]]; then DRY_RUN=0; fi
  if [[ "$a" == "--dry-run" ]]; then DRY_RUN=1; fi
  if [[ "$a" == "--start-ct" ]]; then START_CT=1; fi
done

MANIFEST="${PROJECT_ROOT}/config/public-sector-program-manifest.json"
if [[ ! -f "$MANIFEST" ]]; then
  echo "WARN: missing ${MANIFEST} — install on CT will warn; add file or fix path." >&2
fi

if [[ ! -d "${PROJECT_ROOT}/phoenix-deploy-api" ]]; then
  echo "ERROR: ${PROJECT_ROOT}/phoenix-deploy-api not found." >&2
  exit 1
fi

echo "=============================================="
echo "Phoenix Deploy API → dev VM"
echo "  VMID:     $VMID (expected IP: $IP_DEV_VM)"
echo "  PVE host: ${PVE_USER}@${PVE_HOST}"
echo "  Dry-run:  $DRY_RUN"
echo "=============================================="

REMOTE_TAR="/tmp/pda-deploy-bundle.tar.gz"
STAGE="/tmp/proxmox-pda-stage"

remote_block() {
  # shellcheck disable=SC2029
  ssh $SSH_OPTS "${PVE_USER}@${PVE_HOST}" "$@"
}

if [[ "$DRY_RUN" -eq 1 ]]; then
  echo "Dry-run only. Would:"
  echo "  1. tar czf (phoenix-deploy-api + config/public-sector-program-manifest.json)"
  echo "  2. scp bundle → ${PVE_USER}@${PVE_HOST}:${REMOTE_TAR}"
  echo "  3. pct push ${VMID} … /root/pda-deploy.tar.gz && pct exec ${VMID} -- install-systemd.sh"
  echo "  4. curl http://${IP_DEV_VM}:4001/health"
  echo "Optional: --start-ct starts VMID ${VMID} on ${PVE_HOST} if it is stopped (pct must target a running CT)."
  echo "Re-run with --apply to execute."
  exit 0
fi

TMP_TAR="$(mktemp /tmp/pda-deploy-XXXXXX.tar.gz)"
cleanup() { rm -f "$TMP_TAR"; }
trap cleanup EXIT

cd "$PROJECT_ROOT"
tar czf "$TMP_TAR" phoenix-deploy-api config/public-sector-program-manifest.json

ensure_ct_running() {
  if remote_block "pct exec ${VMID} -- true 2>/dev/null"; then
    return 0
  fi
  echo "CT ${VMID} is not running or not reachable (pct exec failed)." >&2
  if [[ "$START_CT" -eq 1 ]]; then
    echo "Starting CT ${VMID} on ${PVE_HOST} (--start-ct)..."
    if ! remote_block "pct start ${VMID}"; then
      echo "pct start failed — CT may not exist on this node. Find VMID: ssh ${PVE_USER}@${PVE_HOST} \"pct list\"" >&2
      echo "Override: PHOENIX_DEPLOY_PVE_HOST=<node-ip> PHOENIX_DEPLOY_DEV_VM_VMID=<id> $0 --apply" >&2
      exit 1
    fi
    sleep 3
    if ! remote_block "pct exec ${VMID} -- true 2>/dev/null"; then
      echo "CT ${VMID} still not reachable after start." >&2
      exit 1
    fi
    return 0
  fi
  echo "Start the dev VM first, e.g. on ${PVE_HOST}: pct start ${VMID}" >&2
  echo "Or re-run with --apply --start-ct (scoped to this script only)." >&2
  exit 1
}

run_deploy() {
  ensure_ct_running
  echo "[1/3] Upload bundle to PVE..."
  scp $SSH_OPTS "$TMP_TAR" "${PVE_USER}@${PVE_HOST}:${REMOTE_TAR}"

  echo "[2/3] pct push → CT ${VMID}, extract, install-systemd..."
  remote_block bash -s <<REMOTE_EOF
set -euo pipefail
pct push ${VMID} ${REMOTE_TAR} /root/pda-deploy.tar.gz
pct exec ${VMID} -- bash -c "set -euo pipefail; rm -rf ${STAGE}; mkdir -p ${STAGE}; tar xzf /root/pda-deploy.tar.gz -C ${STAGE}; cd ${STAGE} && bash phoenix-deploy-api/scripts/install-systemd.sh; rm -f /root/pda-deploy.tar.gz"
rm -f ${REMOTE_TAR}
REMOTE_EOF

  echo "[3/3] Health check on dev VM (LAN)..."
  if command -v curl >/dev/null 2>&1; then
    curl -sS --max-time 10 -o /dev/null -w "  http://${IP_DEV_VM}:4001/health → HTTP %{http_code}\n" "http://${IP_DEV_VM}:4001/health" || echo "  (curl failed — check firewall or service)"
  else
    echo "  (curl not installed locally; skip health check)"
  fi
}

run_deploy
echo "Done."