#!/bin/bash
# Script to set GitHub Secrets for Cloudflare configuration
# Requires GitHub CLI (gh) installed and authenticated

set -e

# Configuration
VAULT_FILE="config/vault.json"
ENV_FILE=".env"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color

function show_usage() {
    echo "Usage: $0 [vault|env]"
    echo ""
    echo "Arguments:"
    echo "  vault    Read credentials from config/vault.json (default)"
    echo "  env      Read credentials from .env file"
}

function set_secret() {
    local name=$1
    local value=$2
    if [ -z "$value" ]; then
        echo -e "${RED}Error: Value for $name is empty.${NC}"
        return 1
    fi
    echo "Setting secret $name..."
    gh secret set "$name" --body "$value"
}

# Source of truth
SOURCE=${1:-vault}

if [ "$SOURCE" == "vault" ]; then
    if [ -f "$VAULT_FILE" ]; then
        echo "Reading credentials from $VAULT_FILE..."
        # Check if python3 is available for robust JSON parsing
        if command -v python3 >/dev/null 2>&1; then
            ZONE_ID=$(python3 -c "import json; v=json.load(open('$VAULT_FILE')); print(v.get('cloudflare', {}).get('zone_id', ''))")
            ACCOUNT_ID=$(python3 -c "import json; v=json.load(open('$VAULT_FILE')); print(v.get('cloudflare', {}).get('account_id', ''))")
            DOMAIN=$(python3 -c "import json; v=json.load(open('$VAULT_FILE')); print(v.get('cloudflare', {}).get('domain', ''))")
        else
            echo -e "${RED}Error: python3 not found for JSON parsing.${NC}"
            exit 1
        fi
    else
        echo -e "${RED}Error: $VAULT_FILE not found.${NC}"
        echo "Please create it with the following structure:"
        echo '{
    "cloudflare": {
        "zone_id": "your_zone_id",
        "account_id": "your_account_id",
        "domain": "your_domain.com"
    }
}'
        exit 1
    fi
elif [ "$SOURCE" == "env" ]; then
    if [ -f "$ENV_FILE" ]; then
        echo "Reading credentials from $ENV_FILE..."
        ZONE_ID=$(grep CLOUDFLARE_ZONE_ID "$ENV_FILE" | cut -d '=' -f2)
        ACCOUNT_ID=$(grep CLOUDFLARE_ACCOUNT_ID "$ENV_FILE" | cut -d '=' -f2)
        DOMAIN=$(grep DOMAIN_NAME "$ENV_FILE" | cut -d '=' -f2)
    else
        echo -e "${RED}Error: $ENV_FILE not found.${NC}"
        exit 1
    fi
else
    show_usage
    exit 1
fi

# Set the secrets
set_secret CLOUDFLARE_ZONE_ID "$ZONE_ID"
set_secret CLOUDFLARE_ACCOUNT_ID "$ACCOUNT_ID"
set_secret DOMAIN_NAME "$DOMAIN"

echo -e "${GREEN}✅ GitHub Secrets set successfully!${NC}"