#!/usr/bin/env bash
set -euo pipefail

NS="${NS:-activity-core}"

kubectl apply -f k8s/railiance/00-namespace.yaml

secret_exists() {
  kubectl -n "$NS" get secret "$1" >/dev/null 2>&1
}

random_password() {
  openssl rand -base64 32 | tr -d '\n'
}

if ! secret_exists actcore-app-db-secret; then
  APP_DB_PASSWORD="$(random_password)"
  kubectl -n "$NS" create secret generic actcore-app-db-secret \
    --from-literal=username=actcore \
    --from-literal=database=actcore \
    --from-literal=password="$APP_DB_PASSWORD"
else
  APP_DB_PASSWORD="$(kubectl -n "$NS" get secret actcore-app-db-secret -o jsonpath='{.data.password}' | base64 -d)"
fi

if ! secret_exists actcore-temporal-db-secret; then
  kubectl -n "$NS" create secret generic actcore-temporal-db-secret \
    --from-literal=username=temporal \
    --from-literal=database=temporal \
    --from-literal=password="$(random_password)"
fi

ACTCORE_DB_URL="postgresql+asyncpg://actcore:${APP_DB_PASSWORD}@actcore-app-db:5432/actcore"

if ! secret_exists actcore-runtime-secret; then
  kubectl -n "$NS" create secret generic actcore-runtime-secret \
    --from-literal=ACTCORE_DB_URL="$ACTCORE_DB_URL" \
    --from-literal=WEBHOOK_SECRET_GITEA="" \
    --from-literal=WEBHOOK_SECRET_GITHUB=""
fi