#!/bin/bash
# Gitea 集成设置脚本

set -e

echo "🔗 设置 Gitea 集成..."

# 配置变量
GITEA_HOST="gitea"
GITEA_USER="ben"
GITEA_SSH_URL="git@${GITEA_HOST}"
REPO_NAME="mgmt"
GITEA_HTTP_URL="http://${GITEA_HOST}:3000"

# 检查 SSH 连接
echo "🔍 检查 Gitea SSH 连接..."
if ssh -o ConnectTimeout=5 -o BatchMode=yes "${GITEA_SSH_URL}" 2>&1 | grep -q "successfully authenticated"; then
    echo "✅ SSH 连接正常"
else
    echo "❌ SSH 连接失败，请检查："
    echo "   1. Gitea 服务是否运行"
    echo "   2. SSH 密钥是否已添加到 Gitea"
    echo "   3. 网络连接是否正常"
    exit 1
fi

# 检查是否已经是 Git 仓库
if [ ! -d ".git" ]; then
    echo "📦 初始化 Git 仓库..."
    git init
    git config user.name "${GITEA_USER}"
    git config user.email "${GITEA_USER}@example.com"
else
    echo "✅ Git 仓库已存在"
fi

# 检查远程仓库配置
if git remote get-url origin >/dev/null 2>&1; then
    CURRENT_ORIGIN=$(git remote get-url origin)
    echo "ℹ️  当前远程仓库: $CURRENT_ORIGIN"
    
    if [[ "$CURRENT_ORIGIN" != *"${GITEA_HOST}"* ]]; then
        echo "🔄 更新远程仓库地址..."
        git remote set-url origin "${GITEA_SSH_URL}:${GITEA_USER}/${REPO_NAME}.git"
    fi
else
    echo "➕ 添加远程仓库..."
    git remote add origin "${GITEA_SSH_URL}:${GITEA_USER}/${REPO_NAME}.git"
fi

# 创建 .gitignore
echo "📝 创建 .gitignore..."
cat > .gitignore << 'EOF'
# OpenTofu/Terraform
*.tfstate
*.tfstate.*
*.tfvars
!*.tfvars.example
.terraform/
.terraform.lock.hcl
crash.log
crash.*.log

# Ansible
*.retry
.vault_pass
host_vars/*/vault.yml
group_vars/*/vault.yml

# Docker
.env
docker-compose.override.yml

# IDE
.vscode/
.idea/
*.swp
*.swo
*~

# OS
.DS_Store
Thumbs.db

# Logs
*.log
logs/

# Temporary files
tmp/
temp/
.tmp/

# Backup files
backup-*/
*.bak

# Secrets
secrets/
*.pem
*.key
*.crt
!*.example.*

# Node modules (if any)
node_modules/

# Python
__pycache__/
*.pyc
*.pyo
*.pyd
.Python
env/
venv/
.venv/
pip-log.txt
pip-delete-this-directory.txt
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.log
.git
.mypy_cache
.pytest_cache
.hypothesis

# Local development
.local/
local-*
EOF

# 创建 Gitea Actions 工作流
echo "🔄 创建 Gitea Actions 工作流..."

# 基础设施 CI/CD
cat > .gitea/workflows/infrastructure.yml << 'EOF'
name: Infrastructure CI/CD

on:
  push:
    branches: [ main, develop ]
    paths:
      - 'infrastructure/**'
      - '.gitea/workflows/infrastructure.yml'
  pull_request:
    branches: [ main ]
    paths:
      - 'infrastructure/**'

jobs:
  validate:
    runs-on: ubuntu-latest
    name: Validate Infrastructure
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup OpenTofu
        uses: opentofu/setup-opentofu@v1
        with:
          tofu_version: 1.10.6

      - name: Validate OpenTofu configurations
        run: |
          for dir in infrastructure/providers/*/; do
            if [ -d "$dir" ]; then
              echo "Validating $dir"
              cd "$dir"
              tofu init -backend=false
              tofu validate
              cd - > /dev/null
            fi
          done

      - name: Check formatting
        run: |
          tofu fmt -check -recursive infrastructure/

      - name: Security scan
        run: |
          # 这里可以添加 tfsec 或 checkov 扫描
          echo "Security scan placeholder"

  plan:
    runs-on: ubuntu-latest
    name: Plan Infrastructure
    needs: validate
    if: github.event_name == 'pull_request'
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup OpenTofu
        uses: opentofu/setup-opentofu@v1
        with:
          tofu_version: 1.10.6

      - name: Plan infrastructure changes
        run: |
          cd infrastructure/environments/dev
          tofu init
          tofu plan -var-file="terraform.tfvars" -out=tfplan
        env:
          # 这里需要配置云服务商的环境变量
          TF_VAR_environment: dev

  apply:
    runs-on: ubuntu-latest
    name: Apply Infrastructure
    needs: validate
    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup OpenTofu
        uses: opentofu/setup-opentofu@v1
        with:
          tofu_version: 1.10.6

      - name: Apply infrastructure changes
        run: |
          cd infrastructure/environments/dev
          tofu init
          tofu apply -var-file="terraform.tfvars" -auto-approve
        env:
          TF_VAR_environment: dev
EOF

# 应用部署工作流
cat > .gitea/workflows/deploy.yml << 'EOF'
name: Application Deployment

on:
  push:
    branches: [ main ]
    paths:
      - 'configuration/**'
      - 'containers/**'
      - '.gitea/workflows/deploy.yml'
  workflow_dispatch:
    inputs:
      environment:
        description: 'Target environment'
        required: true
        default: 'dev'
        type: choice
        options:
          - dev
          - staging
          - production

jobs:
  ansible-check:
    runs-on: ubuntu-latest
    name: Ansible Syntax Check
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'

      - name: Install Ansible
        run: |
          pip install ansible ansible-core
          ansible-galaxy collection install community.general
          ansible-galaxy collection install ansible.posix
          ansible-galaxy collection install community.docker

      - name: Ansible syntax check
        run: |
          cd configuration
          for playbook in playbooks/*/*.yml; do
            if [ -f "$playbook" ]; then
              echo "Checking $playbook"
              ansible-playbook --syntax-check "$playbook"
            fi
          done

  deploy:
    runs-on: ubuntu-latest
    name: Deploy Applications
    needs: ansible-check
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'

      - name: Install Ansible
        run: |
          pip install ansible ansible-core
          ansible-galaxy collection install community.general
          ansible-galaxy collection install ansible.posix
          ansible-galaxy collection install community.docker

      - name: Deploy applications
        run: |
          cd configuration
          ENV="${{ github.event.inputs.environment || 'dev' }}"
          ansible-playbook -i "inventories/${ENV}/inventory.ini" playbooks/bootstrap/main.yml
        env:
          ANSIBLE_HOST_KEY_CHECKING: False
EOF

# Docker 构建工作流
cat > .gitea/workflows/docker.yml << 'EOF'
name: Docker Build and Deploy

on:
  push:
    branches: [ main ]
    paths:
      - 'containers/**'
      - 'Dockerfile*'
      - '.gitea/workflows/docker.yml'

jobs:
  build:
    runs-on: ubuntu-latest
    name: Build Docker Images
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.REGISTRY_URL }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Build and push images
        run: |
          # 构建应用镜像
          for dockerfile in containers/applications/*/Dockerfile; do
            if [ -f "$dockerfile" ]; then
              app_name=$(basename $(dirname "$dockerfile"))
              echo "Building $app_name"
              docker build -t "${{ secrets.REGISTRY_URL }}/$app_name:${{ github.sha }}" -f "$dockerfile" .
              docker push "${{ secrets.REGISTRY_URL }}/$app_name:${{ github.sha }}"
            fi
          done

  deploy-swarm:
    runs-on: ubuntu-latest
    name: Deploy to Docker Swarm
    needs: build
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Deploy to Swarm
        run: |
          # 这里可以通过 SSH 连接到 Swarm 管理节点进行部署
          echo "Deploy to Swarm placeholder"
EOF

# 创建项目配置文件
echo "⚙️ 创建项目配置文件..."

# Gitea 仓库配置
cat > .gitea/settings.yml << 'EOF'
# Gitea 仓库设置
repository:
  name: mgmt
  description: "基础设施管理项目 - OpenTofu + Ansible + Docker Swarm"
  website: ""
  default_branch: main
  
  # 功能开关
  has_issues: true
  has_wiki: true
  has_projects: true
  has_actions: true
  
  # 权限设置
  private: false
  allow_merge_commits: true
  allow_squash_merge: true
  allow_rebase_merge: true
  delete_branch_on_merge: true

# Actions 设置
actions:
  enabled: true
  allow_fork_pull_request_run: true
  default_actions_url: "https://gitea.com"

# 分支保护
branch_protection:
  main:
    enable_push: false
    enable_push_whitelist: true
    push_whitelist_usernames: ["ben"]
    require_signed_commits: false
    enable_merge_whitelist: true
    merge_whitelist_usernames: ["ben"]
    enable_status_check: true
    status_check_contexts: ["validate", "plan"]
    enable_approvals_whitelist: false
    approvals_whitelist_usernames: []
    block_on_rejected_reviews: true
    dismiss_stale_approvals: true
    require_signed_commits: false
EOF

# 添加所有文件到 Git
echo "📦 添加文件到 Git..."
git add .

# 检查是否有变更需要提交
if git diff --staged --quiet; then
    echo "ℹ️  没有新的变更需要提交"
else
    echo "💾 提交变更..."
    git commit -m "feat: 集成 OpenTofu + Ansible + Gitea CI/CD

- 重构项目目录结构
- 添加 OpenTofu 多云支持
- 配置 Ansible 自动化部署
- 集成 Gitea Actions CI/CD 流水线
- 添加 Docker Swarm 管理
- 完善监控和安全配置"
fi

# 推送到远程仓库
echo "🚀 推送到 Gitea..."
if git push -u origin main; then
    echo "✅ 成功推送到 Gitea"
else
    echo "⚠️  推送失败，可能需要先在 Gitea 创建仓库"
    echo "   请访问: ${GITEA_HTTP_URL}/repo/create"
    echo "   创建名为 '${REPO_NAME}' 的仓库"
fi

echo ""
echo "🎉 Gitea 集成设置完成！"
echo ""
echo "📋 下一步操作："
echo "1. 访问 Gitea: ${GITEA_HTTP_URL}/${GITEA_USER}/${REPO_NAME}"
echo "2. 配置 Actions Secrets (如果需要):"
echo "   - REGISTRY_URL: 容器镜像仓库地址"
echo "   - REGISTRY_USERNAME: 仓库用户名"
echo "   - REGISTRY_PASSWORD: 仓库密码"
echo "3. 配置云服务商凭据 (通过 Secrets 或环境变量)"
echo "4. 测试 CI/CD 流水线"
echo ""
echo "🔗 有用的命令："
echo "  git status                    - 查看仓库状态"
echo "  git log --oneline            - 查看提交历史"
echo "  git push                     - 推送变更"
echo "  make help                    - 查看项目命令"