package main

import (
	"errors"
	"fmt"
	"os"
	"regexp"
	"strings"
	"time"

	log "github.com/sirupsen/logrus"
	"github.com/spf13/cobra"

	"github.com/authelia/authelia/v4/internal/utils"
)

var arch string

var supportedArch = []string{"amd64", "arm32v7", "arm64v8", "coverage"}
var defaultArch = "amd64"
var buildkiteQEMU = os.Getenv("BUILDKITE_AGENT_META_DATA_QEMU")
var ciBranch = os.Getenv("BUILDKITE_BRANCH")
var ciPullRequest = os.Getenv("BUILDKITE_PULL_REQUEST")
var ciTag = os.Getenv("BUILDKITE_TAG")
var dockerTags = regexp.MustCompile(`v(?P<Patch>(?P<Minor>(?P<Major>\d+)\.\d+)\.\d+.*)`)
var ignoredSuffixes = regexp.MustCompile("alpha|beta")
var publicRepo = regexp.MustCompile(`.*:.*`)
var tags = dockerTags.FindStringSubmatch(ciTag)

func init() {
	DockerBuildCmd.PersistentFlags().StringVar(&arch, "arch", defaultArch, "target architecture among: "+strings.Join(supportedArch, ", "))
	DockerPushCmd.PersistentFlags().StringVar(&arch, "arch", defaultArch, "target architecture among: "+strings.Join(supportedArch, ", "))
}

func checkArchIsSupported(arch string) {
	for _, a := range supportedArch {
		if arch == a {
			return
		}
	}

	log.Fatal("Architecture is not supported. Please select one of " + strings.Join(supportedArch, ", ") + ".")
}

func dockerBuildOfficialImage(arch string) error {
	docker := &Docker{}
	// Set default Architecture Dockerfile to amd64.
	dockerfile := "Dockerfile"

	// If not the default value.
	if arch != defaultArch {
		dockerfile = fmt.Sprintf("%s.%s", dockerfile, arch)
	}

	if arch == "arm32v7" || arch == "arm64v8" {
		if buildkiteQEMU != stringTrue {
			err := utils.CommandWithStdout("docker", "run", "--rm", "--privileged", "multiarch/qemu-user-static", "--reset", "-p", "yes").Run()
			if err != nil {
				log.Fatal(err)
			}
		}
	}

	flags, err := getXFlags(ciBranch, os.Getenv("BUILDKITE_BUILD_NUMBER"), "")
	if err != nil {
		log.Fatal(err)
	}

	return docker.Build(IntermediateDockerImageName, dockerfile, ".",
		strings.Join(flags, " "))
}

// DockerBuildCmd Command for building docker image of Authelia.
var DockerBuildCmd = &cobra.Command{
	Use:   "build",
	Short: "Build the docker image of Authelia",
	Run: func(cmd *cobra.Command, args []string) {
		log.Infof("Building Docker image %s...", DockerImageName)
		checkArchIsSupported(arch)
		err := dockerBuildOfficialImage(arch)

		if err != nil {
			log.Fatal(err)
		}

		docker := &Docker{}
		err = docker.Tag(IntermediateDockerImageName, DockerImageName)

		if err != nil {
			log.Fatal(err)
		}
	},
}

// DockerPushCmd Command for pushing Authelia docker image to DockerHub.
var DockerPushCmd = &cobra.Command{
	Use:   "push-image",
	Short: "Publish Authelia docker image to Docker Hub",
	Run: func(cmd *cobra.Command, args []string) {
		log.Infof("Pushing Docker image %s to Docker Hub...", DockerImageName)
		checkArchIsSupported(arch)
		publishDockerImage(arch)
	},
}

// DockerManifestCmd Command for pushing Authelia docker manifest to DockerHub.
var DockerManifestCmd = &cobra.Command{
	Use:   "push-manifest",
	Short: "Publish Authelia docker manifest to Docker Hub",
	Run: func(cmd *cobra.Command, args []string) {
		log.Infof("Pushing Docker manifest of %s to Docker Hub...", DockerImageName)
		publishDockerManifest()
	},
}

func login(docker *Docker, registry string) {
	username := ""
	password := ""

	switch registry {
	case dockerhub:
		username = os.Getenv("DOCKER_USERNAME")
		password = os.Getenv("DOCKER_PASSWORD")
	case ghcr:
		username = os.Getenv("GHCR_USERNAME")
		password = os.Getenv("GHCR_PASSWORD")
	}

	if username == "" {
		log.Fatal(errors.New("DOCKER_USERNAME/GHCR_USERNAME is empty"))
	}

	if password == "" {
		log.Fatal(errors.New("DOCKER_PASSWORD/GHCR_PASSWORD is empty"))
	}

	log.Infof("Login to %s as %s", registry, username)
	err := docker.Login(username, password, registry)

	if err != nil {
		log.Fatalf("Login to %s failed: %s", registry, err)
	}
}

func deploy(docker *Docker, tag, registry string) {
	imageWithTag := registry + "/" + DockerImageName + ":" + tag

	log.Infof("Docker image %s will be deployed on %s", imageWithTag, registry)

	if err := docker.Tag(DockerImageName, imageWithTag); err != nil {
		log.Fatal(err)
	}

	if err := docker.Push(imageWithTag); err != nil {
		log.Fatal(err)
	}
}

func deployManifest(docker *Docker, tag, amd64tag, arm32v7tag, arm64v8tag, registry string) {
	dockerImagePrefix := registry + "/" + DockerImageName + ":"

	log.Infof("Docker manifest %s%s will be deployed on %s", dockerImagePrefix, tag, registry)

	err := docker.Manifest(dockerImagePrefix+tag, dockerImagePrefix+amd64tag, dockerImagePrefix+arm32v7tag, dockerImagePrefix+arm64v8tag)

	if err != nil {
		log.Fatal(err)
	}

	tags := []string{amd64tag, arm32v7tag, arm64v8tag}

	if registry == dockerhub {
		for _, t := range tags {
			log.Infof("Docker removing tag for %s%s on Docker Hub", dockerImagePrefix, t)

			if err := utils.RunFuncWithRetry(3, 10*time.Second, func() (err error) {
				err = docker.CleanTag(t)
				return
			}); err != nil {
				log.Fatal(err)
			}
		}
	}
}

func publishDockerImage(arch string) {
	docker := &Docker{}

	for _, registry := range registries {
		switch {
		case ciTag != "":
			if len(tags) == 4 {
				log.Infof("Detected tags: '%s' | '%s' | '%s'", tags[1], tags[2], tags[3])
				login(docker, registry)
				deploy(docker, tags[1]+"-"+arch, registry)

				if !ignoredSuffixes.MatchString(ciTag) {
					deploy(docker, tags[2]+"-"+arch, registry)
					deploy(docker, tags[3]+"-"+arch, registry)
					deploy(docker, "latest-"+arch, registry)
				}
			} else {
				log.Fatal("Docker image will not be published, the specified tag does not conform to the standard")
			}
		case ciBranch != masterTag && !publicRepo.MatchString(ciBranch):
			login(docker, registry)
			deploy(docker, ciBranch+"-"+arch, registry)
		case ciBranch != masterTag && publicRepo.MatchString(ciBranch):
			login(docker, registry)
			deploy(docker, "PR"+ciPullRequest+"-"+arch, registry)
		case ciBranch == masterTag && ciPullRequest == stringFalse:
			login(docker, registry)
			deploy(docker, "master-"+arch, registry)
		default:
			log.Info("Docker image will not be published")
		}
	}
}

func publishDockerManifest() {
	docker := &Docker{}

	for _, registry := range registries {
		switch {
		case ciTag != "":
			if len(tags) == 4 {
				log.Infof("Detected tags: '%s' | '%s' | '%s'", tags[1], tags[2], tags[3])
				login(docker, registry)
				deployManifest(docker, tags[1], tags[1]+"-amd64", tags[1]+"-arm32v7", tags[1]+"-arm64v8", registry)

				if registry == dockerhub {
					publishDockerReadme(docker)
				}

				if !ignoredSuffixes.MatchString(ciTag) {
					deployManifest(docker, tags[2], tags[2]+"-amd64", tags[2]+"-arm32v7", tags[2]+"-arm64v8", registry)
					deployManifest(docker, tags[3], tags[3]+"-amd64", tags[3]+"-arm32v7", tags[3]+"-arm64v8", registry)
					deployManifest(docker, "latest", "latest-amd64", "latest-arm32v7", "latest-arm64v8", registry)

					if registry == dockerhub {
						publishDockerReadme(docker)
					}
				}
			} else {
				log.Fatal("Docker manifest will not be published, the specified tag does not conform to the standard")
			}
		case ciBranch != masterTag && !publicRepo.MatchString(ciBranch):
			login(docker, registry)
			deployManifest(docker, ciBranch, ciBranch+"-amd64", ciBranch+"-arm32v7", ciBranch+"-arm64v8", registry)
		case ciBranch != masterTag && publicRepo.MatchString(ciBranch):
			login(docker, registry)
			deployManifest(docker, "PR"+ciPullRequest, "PR"+ciPullRequest+"-amd64", "PR"+ciPullRequest+"-arm32v7", "PR"+ciPullRequest+"-arm64v8", registry)
		case ciBranch == masterTag && ciPullRequest == stringFalse:
			login(docker, registry)
			deployManifest(docker, "master", "master-amd64", "master-arm32v7", "master-arm64v8", registry)

			if registry == dockerhub {
				publishDockerReadme(docker)
			}
		default:
			log.Info("Docker manifest will not be published")
		}
	}
}

func publishDockerReadme(docker *Docker) {
	log.Info("Docker pushing README.md to Docker Hub")

	if err := docker.PublishReadme(); err != nil {
		log.Fatal(err)
	}
}