#!/usr/bin/env bash
set -euo pipefail

# Déploiement initial A→Z sans certificats (auto-signé local)
# Usage: ./scripts/deploy_first_install_no_certs.sh [--skip-ui]

ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
BUILD_UI=1

while [[ $# -gt 0 ]]; do
  case "$1" in
    --skip-ui) BUILD_UI=0; shift;;
    *) echo "Option inconnue: $1" >&2; exit 2;;
  esac
done

echo "[1/5] Préparation des dossiers (certs)"
mkdir -p "$ROOT_DIR/certs"

echo "[2/5] Génération de certificats auto-signés (script projet)"
if [[ -x "$ROOT_DIR/scripts/generate_certs.sh" ]]; then
  ( cd "$ROOT_DIR" && ./scripts/generate_certs.sh )
else
  echo "scripts/generate_certs.sh introuvable ou non exécutable. Abandon." >&2
  exit 1
fi

echo "[3/5] Optionnel: build UI locale (ihm_client/dist)"
if [[ $BUILD_UI -eq 1 && -x "$ROOT_DIR/scripts/build_ui_local.sh" ]]; then
  ( cd "$ROOT_DIR" && ./scripts/build_ui_local.sh ) || true
fi

echo "[4/5] Démarrage complet de l’infrastructure (build si nécessaire)"
docker compose -f "$ROOT_DIR/docker-compose.yml" up -d --build

echo "[5/5] Vérifications rapides"
curl -skI https://127.0.0.1/signer/health | head -n 1 || true
curl -skI https://127.0.0.1/ | head -n 1 || true

echo "Déploiement initial (auto-signé) terminé. Accès local: https://127.0.0.1/"