#!/usr/bin/env bash
# ia_dev — conf.json handling identical for every managed project (jq, secrets_path → SECRETS_BASE).
# Add here any new deploy.* field that must be read the same way for all projects.
# Do not put project-specific paths, hostnames, or phase ordering here beyond generic keys.

_DEPLOY_LIB_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=../../lib/conf_path_resolve.sh
source "${_DEPLOY_LIB_DIR}/../../lib/conf_path_resolve.sh"

# ia_dev_deploy_require_jq <log_tag> — exit 1 if jq missing (e.g. log_tag="[orchestrator]")
ia_dev_deploy_require_jq() {
	local tag="${1:-[ia_dev][deploy]}"
	if ! command -v jq >/dev/null 2>&1; then
		echo "${tag}[ERROR] jq is required to read deploy.* from conf.json" >&2
		exit 1
	fi
}

# ia_dev_deploy_secrets_export_from_conf <conf_path> — export SECRETS_BASE + LECOFFRE_SECRETS_BASE when deploy.secrets_path is a directory
ia_dev_deploy_secrets_export_from_conf() {
	local conf="${1:?}"
	local secrets_path
	secrets_path="$(jq -r '.deploy.secrets_path // empty' "$conf")"
	secrets_path="$(ia_dev_resolve_path_from_conf "$conf" "$secrets_path")"
	if [[ -n "$secrets_path" && "$secrets_path" != "null" && -d "$secrets_path" ]]; then
		export SECRETS_BASE="$secrets_path"
		export LECOFFRE_SECRETS_BASE="$secrets_path"
	fi
}

# ia_dev_deploy_ensure_nested_secrets_symlinks <secrets_parent> <env>
# LeCoffre connect-db-paths expects `.secrets/<site>/<env>/` under secrets_parent. ia_dev conf often has a flat `<env>/` tree only.
# For each site in lecoffreio, enso, genealogie: if `<secrets_parent>/<site>/<env>` is missing and `<secrets_parent>/<env>` is a directory,
# create `<site>/<env>` as a symlink to `../<env>` (same convention as a manual `ln -sfn ../pprod lecoffreio/pprod`).
# Skips a site when a real (non-symlink) directory already exists at the nested path.
ia_dev_deploy_ensure_nested_secrets_symlinks() {
	local secrets_parent="${1:?}"
	local env_name="${2:?}"
	if [[ ! -d "$secrets_parent" ]]; then
		return 0
	fi
	if [[ ! "$env_name" =~ ^(test|pprod|prod)$ ]]; then
		return 0
	fi
	local flat="${secrets_parent}/${env_name}"
	if [[ ! -d "$flat" ]]; then
		return 0
	fi
	local site nested
	for site in lecoffreio enso genealogie; do
		nested="${secrets_parent}/${site}/${env_name}"
		if [[ -d "$nested" && ! -L "$nested" ]]; then
			continue
		fi
		if [[ -e "$nested" && ! -L "$nested" ]]; then
			echo "[ia_dev][deploy][WARN] ${nested} exists and is not a symlink or directory; skip" >&2
			continue
		fi
		mkdir -p "${secrets_parent}/${site}"
		ln -sfn "../${env_name}" "$nested"
		echo "[ia_dev][deploy] Nested secrets path: ${nested} -> ../${env_name}" >&2
	done
}

# ia_dev_deploy_export_runtime_context <repository_root> <env> — required handoff to project orchestrator (blocking checks below)
ia_dev_deploy_export_runtime_context() {
	local repo="${1:?}"
	local env="${2:?}"
	export IA_DEV_DEPLOY_REPO_ROOT="$repo"
	export IA_DEV_DEPLOY_ENV="$env"
}

# ia_dev_deploy_assert_handoff_context <repository_root> <env> <log_tag> — exit 1 if exports missing or inconsistent (no fallback)
ia_dev_deploy_assert_handoff_context() {
	local repo="${1:?}"
	local env="${2:?}"
	local tag="${3:-[orchestrator]}"
	if [[ -z "$repo" || ! -d "$repo" ]]; then
		echo "${tag}[ERROR] Handoff: repository root invalid or not a directory: ${repo}" >&2
		exit 1
	fi
	if [[ -z "$env" ]]; then
		echo "${tag}[ERROR] Handoff: env is empty" >&2
		exit 1
	fi
	if [[ "${IA_DEV_DEPLOY_REPO_ROOT:-}" != "$repo" ]]; then
		echo "${tag}[ERROR] Handoff: IA_DEV_DEPLOY_REPO_ROOT mismatch or unset (expected ${repo})" >&2
		exit 1
	fi
	if [[ "${IA_DEV_DEPLOY_ENV:-}" != "$env" ]]; then
		echo "${tag}[ERROR] Handoff: IA_DEV_DEPLOY_ENV mismatch or unset (expected ${env}, got ${IA_DEV_DEPLOY_ENV:-})" >&2
		exit 1
	fi
}