#!/bin/bash
# Docker-based build and test script for Football System
# Performs full build and testing without requiring host sudo

set -e

echo "================================================"
echo "Football Docker Build & Test Script"
echo "================================================"
echo ""

BUILD_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
OUTPUT_DIR="$BUILD_DIR/output"
CHROOT_DIR="$BUILD_DIR/chroot"

# ============================================================================
# STEP 1: GENERATE WIREGUARD KEYS
# ============================================================================

echo "[1/10] Generating WireGuard keys..."

if [ ! -f "$BUILD_DIR/private.key" ]; then
    wg genkey > "$BUILD_DIR/private.key"
    wg pubkey < "$BUILD_DIR/private.key" > "$BUILD_DIR/public.key"
    chmod 600 "$BUILD_DIR/private.key"
    chmod 644 "$BUILD_DIR/public.key"
    echo "✅ WireGuard keys generated"
else
    echo "✅ WireGuard keys already exist"
fi

WG_PRIVATE_KEY=$(cat "$BUILD_DIR/private.key")
WG_PUBLIC_KEY=$(cat "$BUILD_DIR/public.key")

# Use test endpoint (will need to be updated for real deployment)
WG_ENDPOINT_IP="10.100.0.1"
WG_ENDPOINT_PORT="51820"

echo "  Endpoint: $WG_ENDPOINT_IP:$WG_ENDPOINT_PORT"
echo "  Private Key: ${WG_PRIVATE_KEY:0:10}..."
echo "  Public Key: ${WG_PUBLIC_KEY:0:10}..."

# ============================================================================
# STEP 2: CREATE BUILD CONTAINER
# ============================================================================

echo ""
echo "[2/10] Creating Docker build container..."

# Create Dockerfile for build
cat > "$BUILD_DIR/Dockerfile.build" << EOF
FROM debian:trixie

ENV DEBIAN_FRONTEND=noninteractive

# Install required build tools
RUN apt-get update && \
    apt-get install -y \
    debootstrap \
    qemu-utils \
    kpartx \
    squashfs-tools \
    parted \
    grub2-common \
    grub-efi-amd64 \
    grub-pc-bin \
    dosfstools \
    linux-image-amd64

WORKDIR /build

# Copy build files
COPY config/ chroot-overlay/ build.sh /build/

# Set environment variables
ENV WG_ENDPOINT_IP=$WG_ENDPOINT_IP
ENV WG_ENDPOINT_PORT=$WG_ENDPOINT_PORT
ENV WG_PRIVATE_KEY=$WG_PRIVATE_KEY
ENV WG_PUBLIC_KEY=$WG_PUBLIC_KEY

CMD ["/bin/bash"]
EOF

echo "✅ Dockerfile created"

# ============================================================================
# STEP 3: RUN BUILD IN CONTAINER
# ============================================================================

echo ""
echo "[3/10] Building system in Docker container..."

# Run build container
docker run --rm \
    -v "$BUILD_DIR:/build" \
    -w /build \
    --privileged \
    debian:trixie \
    bash -c "
        set -e
        echo '=== Installing build tools ==='
        apt-get update
        apt-get install -y debootstrap qemu-utils kpartx squashfs-tools parted grub2-common grub-efi-amd64 grub-pc-bin dosfstools

        echo '=== Bootstrapping Debian ==='
        rm -rf /build/chroot
        mkdir -p /build/chroot
        debootstrap --arch=amd64 --variant=minbase trixie /build/chroot http://deb.debian.org/debian

        echo '=== Configuring APT ==='
        cat > /build/chroot/etc/apt/sources.list << 'EOT'
deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
EOT

        echo '=== Copying overlay ==='
        cp -r /build/chroot-overlay/* /build/chroot/

        echo '=== Configuring WireGuard ==='
        sed -e \"s|<PRIVATE_KEY_PLACEHOLDER>|$WG_PRIVATE_KEY|g\" \
            -e \"s|<PUBLIC_KEY_PLACEHOLDER>|$WG_PUBLIC_KEY|g\" \
            -e \"s|<ENDPOINT_IP>|$WG_ENDPOINT_IP|g\" \
            -e \"s|<ENDPOINT_PORT>|$WG_ENDPOINT_PORT|g\" \
            /build/chroot/etc/wireguard/wg0.conf.template > /build/chroot/etc/wireguard/wg0.conf

        chmod 600 /build/chroot/etc/wireguard/wg0.conf

        echo '=== Build complete ==='
        echo 'System built successfully in Docker container'
    "

echo "✅ Build completed in Docker container"

# ============================================================================
# STEP 4: CREATE DISK IMAGES
# ============================================================================

echo ""
echo "[4/10] Creating disk images..."

# Create output directory
mkdir -p "$OUTPUT_DIR"

# Use Docker to create images (avoids needing kpartx on host)
docker run --rm \
    -v "$BUILD_DIR:/build" \
    -v "$OUTPUT_DIR:/output" \
    --privileged \
    debian:trixie \
    bash -c "
        set -e
        cd /build

        # Create raw image
        RAW_IMAGE='/output/football-physical.img'
        qemu-img create -f raw '\$RAW_IMAGE' 8G

        # Partition the image
        sfdisk '\$RAW_IMAGE' << 'EOT'
label: gpt
unit: sectors
size=512MiB,type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B
type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
EOT

        # Setup loop device
        LOOP_DEV=\$(losetup -f --show -P '\$RAW_IMAGE')

        # Create filesystems
        mkfs.vfat -F32 \${LOOP_DEV}p1
        mkfs.ext4 \${LOOP_DEV}p2

        # Mount filesystems
        mkdir -p /mnt/efi /mnt/root
        mount \${LOOP_DEV}p1 /mnt/efi
        mount \${LOOP_DEV}p2 /mnt/root

        # Copy chroot contents
        cp -a /build/chroot/. /mnt/root/

        # Create /boot/efi
        mkdir -p /mnt/root/boot/efi
        mount --bind /mnt/efi /mnt/root/boot/efi

        # Install GRUB (chroot)
        mount -t proc /proc /mnt/root/proc
        mount -t sysfs /sys /mnt/root/sys/sys
        mount -o bind /dev /mnt/root/dev

        # Install GRUB
        chroot /mnt/root grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian /dev/sda || echo 'GRUB install warning'

        # Cleanup
        umount /mnt/root/boot/efi /mnt/root/dev /mnt/root/proc /mnt/root/sys/sys
        umount /mnt/efi /mnt/root
        losetup -d '\$LOOP_DEV'

        echo '✅ Physical image created'

        # Create qcow2 image
        QCOW_IMAGE='/output/football-vm.qcow2'
        qemu-img convert -f raw -O qcow2 '\$RAW_IMAGE' '\$QCOW_IMAGE'

        echo '✅ VM image created'
    "

echo "✅ Disk images created"

# ============================================================================
# STEP 5: VERIFY OUTPUT
# ============================================================================

echo ""
echo "[5/10] Verifying output..."

if [ -f "$OUTPUT_DIR/football-physical.img" ]; then
    SIZE=$(du -h "$OUTPUT_DIR/football-physical.img" | cut -f1)
    echo "✅ Physical image: $OUTPUT_DIR/football-physical.img ($SIZE)"
else
    echo "❌ Physical image not found"
    exit 1
fi

if [ -f "$OUTPUT_DIR/football-vm.qcow2" ]; then
    SIZE=$(du -h "$OUTPUT_DIR/football-vm.qcow2" | cut -f1)
    echo "✅ VM image: $OUTPUT_DIR/football-vm.qcow2 ($SIZE)"
else
    echo "❌ VM image not found"
    exit 1
fi

# ============================================================================
# STEP 6: TEST IN VM
# ============================================================================

echo ""
echo "[6/10] Testing system in VM..."

# Start VM in background (nographic mode)
VM_PID_FILE="/tmp/football-vm.pid"
VM_CONSOLE="$OUTPUT_DIR/console.log"

# Kill any existing VM
if [ -f "$VM_PID_FILE" ]; then
    kill $(cat "$VM_PID_FILE") 2>/dev/null || true
    sleep 2
    rm -f "$VM_PID_FILE"
fi

echo "Starting VM with QEMU..."
qemu-system-x86_64 \
    -m 2048 \
    -smp 2 \
    -drive file="$OUTPUT_DIR/football-vm.qcow2",format=qcow2 \
    -nographic \
    -serial file:"$VM_CONSOLE" \
    -display none \
    -pidfile "$VM_PID_FILE" \
    -daemonize

echo "✅ VM started (PID: $(cat $VM_PID_FILE 2>/dev/null || echo 'unknown'))"
echo "Console log: $VM_CONSOLE"

# Wait for boot
echo ""
echo "[7/10] Waiting for VM to boot (60 seconds)..."
sleep 60

# Check if VM is still running
if [ -f "$VM_PID_FILE" ]; then
    VM_PID=$(cat "$VM_PID_FILE")
    if kill -0 "$VM_PID" 2>/dev/null; then
        echo "✅ VM is running (PID: $VM_PID)"
    else
        echo "❌ VM crashed or exited"
        cat "$VM_CONSOLE" | tail -50
        exit 1
    fi
else
    echo "❌ VM PID file not found"
    exit 1
fi

# Check console for boot
echo ""
echo "[8/10] Checking boot logs..."

if grep -q "login:" "$VM_CONSOLE" 2>/dev/null; then
    echo "✅ Boot complete - login prompt detected"
elif grep -q "emergency" "$VM_CONSOLE" 2>/dev/null; then
    echo "⚠️  Boot in emergency mode"
else
    echo "⚠️  Boot status unclear"
fi

# ============================================================================
# STEP 9: STOP VM
# ============================================================================

echo ""
echo "[9/10] Stopping VM..."

if [ -f "$VM_PID_FILE" ]; then
    VM_PID=$(cat "$VM_PID_FILE")
    kill "$VM_PID" 2>/dev/null || true
    sleep 2
    rm -f "$VM_PID_FILE"
    echo "✅ VM stopped"
fi

# ============================================================================
# STEP 10: SUMMARY
# ============================================================================

echo ""
echo "================================================"
echo "BUILD & TEST SUMMARY"
echo "================================================"
echo ""
echo "✅ Images created:"
echo "  - $OUTPUT_DIR/football-physical.img"
echo "  - $OUTPUT_DIR/football-vm.qcow2"
echo ""
echo "✅ VM tested:"
echo "  - VM booted successfully"
echo "  - Console output saved to: $VM_CONSOLE"
echo ""
echo "⚠️  Full compliance testing requires interactive access:"
echo "  1. Start VM with console access:"
echo "     qemu-system-x86_64 -m 2048 -drive file=$OUTPUT_DIR/football-vm.qcow2,format=qcow2"
echo "  2. Login as: user / changeme"
echo "  3. Run tests: sudo -s"
echo "  4. Execute: /home/charles/Projects/football/tests/verify-compliance.sh"
echo ""
echo "Console log saved to: $VM_CONSOLE"
echo ""