#!/usr/bin/env bash
set -euo pipefail

# Gitea backup helper — interacts with the S3 bucket via a temporary pod
# Uses the gitea-backup-s3 secret in the gitea namespace
#
# Usage:
#   ./scripts/gitea-backup.sh list                          # list all backups
#   ./scripts/gitea-backup.sh download <filename>           # download a backup to current dir
#   ./scripts/gitea-backup.sh download latest               # download the most recent backup

NAMESPACE="gitea"
SECRET="gitea-backup-s3"
IMAGE="minio/mc:latest"
POD_NAME="gitea-backup-helper"
ALIAS_CMD='mc alias set upcloud ${S3_ENDPOINT} ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY} > /dev/null'

cleanup() {
  kubectl -n "$NAMESPACE" delete pod "$POD_NAME" --ignore-not-found --grace-period=0 > /dev/null 2>&1 || true
}

mc_run() {
  cleanup
  kubectl -n "$NAMESPACE" run "$POD_NAME" --restart=Never \
    --image="$IMAGE" \
    --overrides="{
      \"spec\":{\"containers\":[{
        \"name\":\"$POD_NAME\",
        \"image\":\"$IMAGE\",
        \"env\":[{\"name\":\"HOME\",\"value\":\"/tmp\"}],
        \"command\":[\"sh\",\"-c\",\"${ALIAS_CMD}; $1\"],
        \"envFrom\":[{\"secretRef\":{\"name\":\"$SECRET\"}}]
      }]}
    }" > /dev/null 2>&1

  kubectl -n "$NAMESPACE" wait --for=jsonpath='{.status.phase}'=Succeeded "pod/$POD_NAME" --timeout=120s > /dev/null 2>&1
  kubectl -n "$NAMESPACE" logs "$POD_NAME"
  cleanup
}

case "${1:-help}" in
  list)
    echo "Listing backups..."
    mc_run 'mc ls upcloud/${S3_BUCKET}/'
    ;;

  download)
    FILE="${2:?Usage: $0 download <filename|latest>}"

    if [ "$FILE" = "latest" ]; then
      echo "Finding latest backup..."
      FILE=$(mc_run 'mc ls upcloud/${S3_BUCKET}/' | sort | tail -1 | awk '{print $NF}' | tr -d '[:space:]')
      if [ -z "$FILE" ]; then
        echo "No backups found."
        exit 1
      fi
      echo "Latest: $FILE"
    fi

    echo "Downloading $FILE..."
    cleanup
    kubectl -n "$NAMESPACE" run "$POD_NAME" --restart=Never \
      --image="$IMAGE" \
      --overrides="{
        \"spec\":{\"containers\":[{
          \"name\":\"$POD_NAME\",
          \"image\":\"$IMAGE\",
          \"env\":[{\"name\":\"HOME\",\"value\":\"/tmp\"}],
          \"command\":[\"sh\",\"-c\",\"sleep 300\"],
          \"envFrom\":[{\"secretRef\":{\"name\":\"$SECRET\"}}]
        }]}
      }" > /dev/null 2>&1

    kubectl -n "$NAMESPACE" wait --for=condition=Ready "pod/$POD_NAME" --timeout=60s > /dev/null 2>&1

    echo "Saving to ./$FILE ..."
    kubectl -n "$NAMESPACE" exec "$POD_NAME" -- sh -c "${ALIAS_CMD} && mc cat upcloud/\${S3_BUCKET}/$FILE" > "./$FILE"
    cleanup

    echo "Downloaded: ./$FILE"
    ;;

  *)
    echo "Gitea backup helper"
    echo ""
    echo "Usage:"
    echo "  $0 list                    List all backups in S3"
    echo "  $0 download <filename>     Download a specific backup"
    echo "  $0 download latest         Download the most recent backup"
    ;;
esac