SHELL := /usr/bin/env bash
.DEFAULT_GOAL := help

GITEA_RELEASE ?= gitea
GITEA_NAMESPACE ?= default
FORGE_REPO ?= /home/worsch/railiance-forge

VERGABE_RELEASE   ?= vergabe-teilnahme
VERGABE_NAMESPACE ?= vergabe-teilnahme
VERGABE_CHART     ?= charts/vergabe-teilnahme
VERGABE_VALUES    ?= helm/vergabe-teilnahme-values.yaml
VERGABE_INGRESS   ?= manifests/vergabe-teilnahme-ingress.yaml

VERGABE_DB_SECRET ?= vergabe-app-credentials
VERGABE_ENV_SECRET ?= vergabe-teilnahme-env
VERGABE_DB_USER   ?= vergabe
VERGABE_DB_HOST   ?= apps-pg-rw.databases
VERGABE_DB_PORT   ?= 5432
VERGABE_DB_NAME   ?= vergabe_db

SOPS_SENTINEL ?= $(FORGE_REPO)/helm/gitea-values.sops.yaml
DRY_RUN_CREATE_NAMESPACES ?= false

##@ Operator checks

check-tools: ## Check required operator tools and warn about optional diagnostics
	tools/check-tools.sh

check-sops: ## Verify the local SOPS age key can decrypt the configured sentinel
	SOPS_SENTINEL=$(SOPS_SENTINEL) tools/check-sops.sh

k8s-server-dry-run: ## Server-side dry-run rendered Helm and committed manifests
	DRY_RUN_CREATE_NAMESPACES=$(DRY_RUN_CREATE_NAMESPACES) tools/k8s-server-dry-run.sh

##@ Gitea compatibility

gitea-deploy: ## Compatibility wrapper; Gitea deploy ownership moved to railiance-forge
	$(MAKE) -C $(FORGE_REPO) GITEA_RELEASE=$(GITEA_RELEASE) GITEA_NAMESPACE=$(GITEA_NAMESPACE) gitea-deploy

gitea-ingress-deploy: ## Compatibility wrapper; Gitea ingress ownership moved to railiance-forge
	$(MAKE) -C $(FORGE_REPO) GITEA_RELEASE=$(GITEA_RELEASE) GITEA_NAMESPACE=$(GITEA_NAMESPACE) gitea-ingress-deploy

gitea-status: ## Compatibility wrapper; Gitea status ownership moved to railiance-forge
	$(MAKE) -C $(FORGE_REPO) GITEA_RELEASE=$(GITEA_RELEASE) GITEA_NAMESPACE=$(GITEA_NAMESPACE) gitea-status

apps-pg-status: ## Check the shared apps-pg cnpg cluster
	@if kubectl cnpg status apps-pg -n databases >/dev/null 2>&1; then \
		kubectl cnpg status apps-pg -n databases; \
	else \
		echo "kubectl cnpg plugin not available; falling back to cnpg resources"; \
		kubectl get cluster apps-pg -n databases; \
		kubectl get pods -n databases -l cnpg.io/cluster=apps-pg; \
	fi

##@ Vergabe Teilnahme

vergabe-dry-run: ## helm template render (no apply) for inspection
	helm template $(VERGABE_RELEASE) $(VERGABE_CHART) \
		--namespace $(VERGABE_NAMESPACE) \
		-f $(VERGABE_VALUES)

vergabe-deploy: ## Deploy / upgrade vergabe-teilnahme Helm release
	helm upgrade --install $(VERGABE_RELEASE) $(VERGABE_CHART) \
		--namespace $(VERGABE_NAMESPACE) --create-namespace \
		-f $(VERGABE_VALUES) --wait --timeout 3m

vergabe-ingress-deploy: ## Apply the vergabe-teilnahme ingress (whywhynot.de)
	kubectl apply -f $(VERGABE_INGRESS)

vergabe-status: ## Show vergabe-teilnahme pod / svc / ingress / cert state
	kubectl get pods,svc,ingress,certificate -n $(VERGABE_NAMESPACE) -l app.kubernetes.io/instance=$(VERGABE_RELEASE) --ignore-not-found

vergabe-migrate: ## Run Django migrations against the live deployment
	kubectl exec -n $(VERGABE_NAMESPACE) deploy/$(VERGABE_RELEASE) -- python manage.py migrate --noinput

vergabe-seed: ## Run the idempotent seed command
	kubectl exec -n $(VERGABE_NAMESPACE) deploy/$(VERGABE_RELEASE) -- python manage.py seed_dev

vergabe-superuser: ## Open an interactive shell for createsuperuser
	kubectl exec -it -n $(VERGABE_NAMESPACE) deploy/$(VERGABE_RELEASE) -- python manage.py createsuperuser

vergabe-logs: ## Tail vergabe-teilnahme app logs
	kubectl logs -n $(VERGABE_NAMESPACE) -l app.kubernetes.io/instance=$(VERGABE_RELEASE) -f --tail=50

vergabe-db-url-secret: ## Rebuild DATABASE_URL with a URL-encoded cnpg password
	APP_NAMESPACE=$(VERGABE_NAMESPACE) \
	APP_ENV_SECRET=$(VERGABE_ENV_SECRET) \
	APP_DB_SECRET=$(VERGABE_DB_SECRET) \
	APP_DB_USER=$(VERGABE_DB_USER) \
	APP_DB_HOST=$(VERGABE_DB_HOST) \
	APP_DB_PORT=$(VERGABE_DB_PORT) \
	APP_DB_NAME=$(VERGABE_DB_NAME) \
	tools/build-database-url-secret.sh

##@ Help

help: ## Show this help
	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} \
	  /^[a-zA-Z0-9_-]+:.*?##/ { printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2 } \
	  /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) }' $(MAKEFILE_LIST)

.PHONY: check-tools check-sops k8s-server-dry-run gitea-deploy gitea-ingress-deploy gitea-status apps-pg-status vergabe-dry-run vergabe-deploy vergabe-ingress-deploy vergabe-status vergabe-migrate vergabe-seed vergabe-superuser vergabe-logs vergabe-db-url-secret help
