#!/usr/bin/env bash
set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

KUBECTL="kubectl --context=prod"
CLEAR_SANDBOXES=0

usage() {
    echo "Usage: $0 [--sandboxes]"
    echo ""
    echo "Deploy all services to production. Does NOT update secrets (use bin/secret-update)."
    echo ""
    echo "Steps performed:"
    echo "  1. Apply base kustomize manifests (namespaces, RBAC, policies)"
    echo "  2. Apply infrastructure.yaml (statefulsets, deployments)"
    echo "  3. Run bin/config-update prod"
    echo "  4. Build and deploy all application images"
    echo "  5. Wait for rollouts"
    echo ""
    echo "Options:"
    echo "  --sandboxes   Delete sandbox Deployments and Services (PVCs are retained)."
    echo "                      The gateway will recreate sandboxes on next user login."
    echo ""
    exit 1
}

for arg in "$@"; do
    case "$arg" in
        --sandboxes)
            CLEAR_SANDBOXES=1
            ;;
        --help|-h)
            usage
            ;;
        *)
            echo -e "${RED}Unknown argument: $arg${NC}"
            usage
            ;;
    esac
done

echo -e "${YELLOW}╔══════════════════════════════════════════╗${NC}"
echo -e "${YELLOW}║   PRODUCTION FULL DEPLOY                 ║${NC}"
echo -e "${YELLOW}╚══════════════════════════════════════════╝${NC}"
echo ""
echo -e "${YELLOW}⚠️  This will update ALL production services.${NC}"
echo -e "${YELLOW}   Secrets are NOT updated (run bin/secret-update prod separately).${NC}"
if [ "$CLEAR_SANDBOXES" == "1" ]; then
    echo -e "${YELLOW}   Sandbox deployments will be DELETED (PVCs retained).${NC}"
fi
echo ""
read -p "Are you sure you want to continue? (yes/no): " confirm
if [[ "$confirm" != "yes" ]]; then
    echo "Aborted."
    exit 0
fi

step() {
    echo ""
    echo -e "${BLUE}━━━ $1 ━━━${NC}"
}

ok() {
    echo -e "${GREEN}✓${NC} $1"
}

fail() {
    echo -e "${RED}✗ $1${NC}"
    exit 1
}

# ── Step 1: Base kustomize manifests ─────────────────────────────────────────
step "Step 1/5: Applying base kustomize manifests"
cd "$ROOT_DIR"
$KUBECTL apply -k deploy/k8s/prod/
ok "Base manifests applied (namespaces, RBAC, policies, quotas)"

# ── Step 2: Infrastructure ────────────────────────────────────────────────────
step "Step 2/5: Applying infrastructure.yaml"
$KUBECTL -n ai apply -f deploy/k8s/prod/infrastructure.yaml
ok "Infrastructure applied"

# ── Step 3: Configs ───────────────────────────────────────────────────────────
step "Step 3/5: Updating configs"
# config-update prod will prompt for confirmation; we already confirmed above,
# so feed "yes" automatically via stdin.
echo "yes" | "$SCRIPT_DIR/config-update" prod
ok "Configs updated"

# ── Step 4: Build and deploy all application images ───────────────────────────
step "Step 4/5: Building and deploying application images"
echo ""

SERVICES=(gateway web sandbox lifecycle-sidecar flink relay ingestor)

for service in "${SERVICES[@]}"; do
    echo -e "${GREEN}→${NC} Deploying $service..."
    "$SCRIPT_DIR/deploy" "$service" prod
    ok "$service deployed"
    echo ""
done

# ── Step 4b: Optionally clear sandbox deployments ─────────────────────────────
if [ "$CLEAR_SANDBOXES" == "1" ]; then
    step "Step 4b: Clearing sandbox deployments"
    SANDBOX_DEPLOYS=$($KUBECTL -n sandbox get deployments -o name 2>/dev/null || true)
    SANDBOX_SVCS=$($KUBECTL -n sandbox get services -o name 2>/dev/null || true)

    if [ -z "$SANDBOX_DEPLOYS" ]; then
        echo "  No sandbox deployments found."
    else
        echo "  Deleting sandbox deployments..."
        echo "$SANDBOX_DEPLOYS" | xargs $KUBECTL -n sandbox delete
        ok "Sandbox deployments deleted"
    fi

    if [ -n "$SANDBOX_SVCS" ]; then
        echo "  Deleting sandbox services..."
        echo "$SANDBOX_SVCS" | xargs $KUBECTL -n sandbox delete
        ok "Sandbox services deleted"
    fi

    echo -e "${YELLOW}  PVCs retained — gateway will recreate sandboxes on next login.${NC}"
fi

# ── Step 5: Wait for rollouts ─────────────────────────────────────────────────
step "Step 5/5: Waiting for rollouts"

ROLLOUTS=(
    "deployment/gateway"
    "deployment/ai-web"
    "deployment/relay"
    "deployment/ingestor"
    "deployment/flink-jobmanager"
    "deployment/flink-taskmanager"
)

for r in "${ROLLOUTS[@]}"; do
    echo -e "${GREEN}→${NC} Waiting for $r..."
    $KUBECTL -n ai rollout status "$r" --timeout=180s || echo -e "${YELLOW}  ⚠ $r did not become ready within 3 minutes${NC}"
done

echo ""
echo -e "${GREEN}╔══════════════════════════════════════════╗${NC}"
echo -e "${GREEN}║   Deploy complete!                       ║${NC}"
echo -e "${GREEN}╚══════════════════════════════════════════╝${NC}"
echo ""
echo "  Verify: curl -I https://dexorder.ai/api/health"
echo ""