#!/bin/bash
set -e

GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m'

if [ "$EUID" -ne 0 ]; then SUDO="sudo"; else SUDO=""; fi

echo -e "${YELLOW}=== Configuração de Agentes Self-Hosted Jenkins (BUILD) ===${NC}\n"

# 1. Coleta informações
read -p "URL do Jenkins [default: https://jenkins.sittax.com.br]: " JENKINS_URL
if [ -z "$JENKINS_URL" ]; then JENKINS_URL="https://jenkins.sittax.com.br"; fi
JENKINS_URL="${JENKINS_URL%/}"

read -p "Usuário Jenkins (admin recomendado) [default: admin]: " JENKINS_USER
if [ -z "$JENKINS_USER" ]; then JENKINS_USER="admin"; fi

echo -n "API Token do Jenkins (gere em ${JENKINS_URL}/me/configure): "
read -s JENKINS_API_TOKEN
echo ""

if [ -z "$JENKINS_API_TOKEN" ]; then
  echo -e "${RED}API Token é obrigatório.${NC}"; exit 1
fi

read -p "Labels do nó [default: linux docker dotnet build sittax-build]: " AGENT_LABELS
if [ -z "$AGENT_LABELS" ]; then AGENT_LABELS="linux docker dotnet build sittax-build"; fi

read -p "Quantos agentes deseja criar? [default: 2]: " NUM_AGENTS
if [ -z "$NUM_AGENTS" ]; then NUM_AGENTS="2"; fi

read -p "Prefixo dos agentes? [default: sittax-build]: " AGENTS_PREFIX
if [ -z "$AGENTS_PREFIX" ]; then AGENTS_PREFIX="sittax-build"; fi

read -p "Quantos executors por agente? [default: 1]: " NUM_EXECUTORS
if [ -z "$NUM_EXECUTORS" ]; then NUM_EXECUTORS="1"; fi

if ! [[ "$NUM_AGENTS" =~ ^[0-9]+$ ]] || [ "$NUM_AGENTS" -lt 1 ]; then
    echo -e "${RED}Quantidade de agentes deve ser inteiro positivo.${NC}"; exit 1
fi

# 2. Valida autenticação e captura CRUMB (CSRF)
echo -e "\n${YELLOW}Validando credenciais no Jenkins...${NC}"
CRUMB_JSON=$(curl -sf -u "${JENKINS_USER}:${JENKINS_API_TOKEN}" \
    "${JENKINS_URL}/crumbIssuer/api/json" || echo "")
if [ -z "$CRUMB_JSON" ]; then
    echo -e "${RED}Falha de autenticação. Verifique URL/usuário/token.${NC}"; exit 1
fi
CRUMB=$(echo "$CRUMB_JSON" | jq -r '.crumb')
CRUMB_FIELD=$(echo "$CRUMB_JSON" | jq -r '.crumbRequestField')
echo -e "${GREEN}Autenticado em ${JENKINS_URL}.${NC}"

# 3. Cria nodes via REST API e coleta secrets
declare -A AGENT_SECRETS

for (( i=1; i<=$NUM_AGENTS; i++ )); do
    AGENT_NAME="$AGENTS_PREFIX-$i"
    echo -e "\n${YELLOW}--- ${AGENT_NAME} ---${NC}"

    EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -u "${JENKINS_USER}:${JENKINS_API_TOKEN}" \
        "${JENKINS_URL}/computer/${AGENT_NAME}/api/json" || true)

    if [ "$EXISTS" = "200" ]; then
        echo -e "${YELLOW}Node já existe no Jenkins. Reaproveitando.${NC}"
    else
        echo "Criando node no Jenkins..."
        NODE_JSON=$(cat <<EOF
{
  "name": "${AGENT_NAME}",
  "nodeDescription": "Sittax Jenkins build agent (Docker, Ubuntu 24.04)",
  "numExecutors": "${NUM_EXECUTORS}",
  "remoteFS": "/home/jenkins/agent",
  "labelString": "${AGENT_LABELS}",
  "mode": "NORMAL",
  "launcher": {
    "stapler-class": "hudson.slaves.JNLPLauncher",
    "\$class": "hudson.slaves.JNLPLauncher",
    "workDirSettings": {
      "disabled": false,
      "workDirPath": "",
      "internalDir": "remoting",
      "failIfWorkDirIsMissing": false
    },
    "webSocket": true,
    "tunnel": ""
  },
  "retentionStrategy": {"stapler-class": "hudson.slaves.RetentionStrategy\$Always"},
  "nodeProperties": {"stapler-class-bag": "true"},
  "type": "hudson.slaves.DumbSlave"
}
EOF
)
        HTTP_CODE=$(curl -s -o /tmp/jenkins-create.log -w "%{http_code}" -X POST \
            -u "${JENKINS_USER}:${JENKINS_API_TOKEN}" \
            -H "${CRUMB_FIELD}: ${CRUMB}" \
            --data-urlencode "name=${AGENT_NAME}" \
            --data-urlencode "type=hudson.slaves.DumbSlave" \
            --data-urlencode "json=${NODE_JSON}" \
            "${JENKINS_URL}/computer/doCreateItem")
        if [ "$HTTP_CODE" != "200" ] && [ "$HTTP_CODE" != "302" ]; then
            echo -e "${RED}Falha ao criar node (HTTP ${HTTP_CODE}).${NC}"
            cat /tmp/jenkins-create.log
            exit 1
        fi
        echo -e "${GREEN}Node criado.${NC}"
    fi

    # Extrai o secret JNLP
    JNLP=$(curl -sf -u "${JENKINS_USER}:${JENKINS_API_TOKEN}" \
        "${JENKINS_URL}/computer/${AGENT_NAME}/jenkins-agent.jnlp") || {
        echo -e "${RED}Não consegui ler o JNLP do node ${AGENT_NAME}.${NC}"; exit 1
    }
    SECRET=$(echo "$JNLP" | grep -oP '(?<=<argument>)[a-f0-9]{32,}(?=</argument>)' | head -1)
    if [ -z "$SECRET" ]; then
        echo -e "${RED}Não consegui extrair o secret do node ${AGENT_NAME}.${NC}"; exit 1
    fi
    echo "Secret obtido."
    AGENT_SECRETS[$AGENT_NAME]="$SECRET"
done

# 4. Gera docker-compose.yml
COMPOSE_FILE="docker-compose.yml"
echo "services:" > $COMPOSE_FILE

for (( i=1; i<=$NUM_AGENTS; i++ )); do
    AGENT_NAME="$AGENTS_PREFIX-$i"
    SECRET="${AGENT_SECRETS[$AGENT_NAME]}"
    cat <<EOF >> $COMPOSE_FILE
  $AGENT_NAME:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: $AGENT_NAME
    restart: always
    privileged: true
    dns:
      - 8.8.8.8
      - 1.1.1.1
    tmpfs:
      - /tmp:rw,size=2g
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${AGENT_NAME}-work:/home/jenkins/agent
      - /opt/sittax/cache/nuget:/home/jenkins/.nuget/packages
      - /opt/sittax/cache/npm:/home/jenkins/.npm
    environment:
      - JENKINS_URL=${JENKINS_URL}
      - JENKINS_AGENT_NAME=${AGENT_NAME}
      - JENKINS_SECRET=${SECRET}
      - JENKINS_AGENT_WORKDIR=/home/jenkins/agent
EOF
done

echo "" >> $COMPOSE_FILE
echo "volumes:" >> $COMPOSE_FILE
for (( i=1; i<=$NUM_AGENTS; i++ )); do
    echo "  $AGENTS_PREFIX-$i-work:" >> $COMPOSE_FILE
done

echo -e "\n${GREEN}docker-compose.yml gerado com ${NUM_AGENTS} agente(s) de build.${NC}"

# 5. Cria diretórios de cache compartilhados
echo "Criando diretórios de cache no host..."
$SUDO mkdir -p /opt/sittax/cache/nuget /opt/sittax/cache/npm
$SUDO chmod 777 /opt/sittax/cache/nuget /opt/sittax/cache/npm

# 6. Sobe os containers
echo -e "\n${YELLOW}Build e subida dos containers...${NC}"
$SUDO docker compose up -d --build

echo -e "\n${GREEN}=== Configuração concluída! ===${NC}"
echo "Verifique em ${JENKINS_URL}/manage/computer/"
echo "Monitorar logs: sudo docker compose logs -f"