#!/usr/bin/env bash
set -euo pipefail

REGISTRY_PREFIX="gitea.04080616.xyz/yiekheng"

usage() {
  cat <<'EOF'
Build and push CM Bot service images to gitea.04080616.xyz/yiekheng.

Usage:
  scripts/publish.sh [tag]

Arguments:
  tag  Optional tag to publish (default: latest). Override with DOCKER_IMAGE_TAG.

Environment:
  DOCKER_IMAGE_TAG     Alternative way to set the tag (overrides CLI argument).
  BUILD_ARGS           Extra arguments passed to each docker build command.
  CM_IMAGE_PLATFORMS   Buildx platforms (default: linux/amd64).
  NO_SUDO=1            Skip the 'sudo' prefix (use if your user is in the docker group).

Authentication:
  The script invokes docker via sudo by default (matching scripts/dev.sh).
  Authenticate as the same user that runs the build:
    sudo docker login gitea.04080616.xyz       # default (sudo path)
    docker login gitea.04080616.xyz            # only with NO_SUDO=1
EOF
}

if [[ "${1:-}" == "-h" || "${1:-}" == "--help" ]]; then
  usage
  exit 0
fi

# Match scripts/dev.sh: prefix docker calls with sudo unless the user opts
# out via NO_SUDO=1 (typically because they're in the docker group).
SUDO="sudo"
[[ "${NO_SUDO:-0}" == "1" ]] && SUDO=""
DOCKER=(${SUDO} docker)

if ! "${DOCKER[@]}" info >/dev/null 2>&1; then
  cat <<EOF >&2
Docker daemon is not reachable as the current effective user.

If you usually run docker via sudo (matching scripts/dev.sh), make sure
your password is cached / interactive — try 'sudo -v' first, then rerun.

If you've added yourself to the docker group, set NO_SUDO=1:
  NO_SUDO=1 bash scripts/publish.sh ${1:-latest}
EOF
  exit 1
fi

if ! "${DOCKER[@]}" system info --format '{{json .IndexServerAddress}}' 2>/dev/null | grep -q "gitea.04080616.xyz"; then
  cat <<EOF >&2
Reminder: authenticate first as the same user that runs the build:
  ${SUDO:+sudo }docker login gitea.04080616.xyz
EOF
fi

IMAGE_TAG="${1:-${DOCKER_IMAGE_TAG:-latest}}"
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
PLATFORMS="${CM_IMAGE_PLATFORMS:-linux/amd64}"

if ! "${DOCKER[@]}" buildx version >/dev/null 2>&1; then
  cat <<'EOF' >&2
Docker Buildx is required for producing registry-compatible images.
Install/enable buildx and rerun, for example:
  docker buildx create --use --name cm-bot-builder
  docker buildx inspect --bootstrap
EOF
  exit 1
fi

echo "Using buildx with platforms: ${PLATFORMS}"
echo

SERVICES=(
  "api docker/api/Dockerfile"
  "telegram docker/telegram/Dockerfile"
  "web docker/web/Dockerfile"
  "transfer docker/transfer/Dockerfile"
)

echo "Publishing CM Bot images to ${REGISTRY_PREFIX}/cm-<service>:${IMAGE_TAG}"
echo

for ENTRY in "${SERVICES[@]}"; do
  SERVICE="${ENTRY%% *}"
  DOCKERFILE="${ENTRY#* }"
  IMAGE_NAME="${REGISTRY_PREFIX}/cm-${SERVICE}:${IMAGE_TAG}"

  echo "==> Building and pushing ${IMAGE_NAME} (${DOCKERFILE})"
  "${DOCKER[@]}" buildx build ${BUILD_ARGS:-} \
    --platform "${PLATFORMS}" \
    -f "${ROOT_DIR}/${DOCKERFILE}" \
    -t "${IMAGE_NAME}" \
    --push \
    "${ROOT_DIR}"
  echo
done

echo "All images pushed to ${REGISTRY_PREFIX} with tag '${IMAGE_TAG}'."