package com.redhat.pctsec.tekton;
import com.redhat.pctsec.model.RequestType;
import com.redhat.pctsec.model.ScanTask;
import com.redhat.pctsec.model.ScanTaskState;
import io.fabric8.kubernetes.api.model.ConfigMapVolumeSource;
import io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSource;
import io.fabric8.kubernetes.api.model.PodSecurityContext;
import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder;
import io.fabric8.tekton.client.DefaultTektonClient;
import io.fabric8.tekton.client.TektonClient;
import io.fabric8.tekton.client.DefaultTektonClient;
import io.fabric8.tekton.client.TektonClient;
import io.fabric8.tekton.pipeline.v1beta1.*;

import io.quarkus.vertx.ConsumeEvent;

import io.smallrye.common.annotation.Blocking;
import jakarta.inject.Inject;

import org.apache.commons.lang3.RandomStringUtils;
import org.eclipse.microprofile.config.inject.ConfigProperty;

import java.util.ArrayList;
import java.util.List;

public class TaskHandler {

    @ConfigProperty(name = "quarkus.openshift.namespace")
    String NAMESPACE;
    @ConfigProperty(name = "tekton.pipeline.ref")
    String PIPELINE_REFERENCE;
    @ConfigProperty(name = "tekton.service-account")
    String SERVICE_ACCOUNT;

    @ConfigProperty(name = "tekton.task.ref")
    String TASK_REFERENCE;

    @Inject
    TektonClient tektonClient;

    @ConsumeEvent("tekton")
    @Blocking
    public ScanTask consume(ScanTask scanTask)
    {

        switch(scanTask.getScanRequest().getType())
        {
        case BREW:
            scanTask.setTektonRunId(invokeScanTask(scanTask.getScanRequest().brewBuild.buildRef));
            scanTask.setState(ScanTaskState.RUNNING);
            break;

        case PNC:
            String repo = scanTask.getScanRequest().pncBuild.SCMURL().toString();
            String ref = scanTask.getScanRequest().pncBuild.revision();
            scanTask.setTektonRunId(invokeOshScmScanPipeline(repo, ref));
            scanTask.setState(ScanTaskState.RUNNING);
            break;

        case GIT:
            scanTask.setTektonRunId(invokeOshScmScanPipeline(scanTask.getScanRequest().git.repo.toString(), scanTask.getScanRequest().git.ref));
            scanTask.setState(ScanTaskState.RUNNING);
            break;
        }

        return scanTask;
    }

    public String invokeScanTask(String buildId) {
        // String buildId = "xterm-366-8.el9";
        String scanProfile = "snyk-only-unstable";

        // random taskrun name generating for now
        TaskRun taskRun = new TaskRunBuilder().withNewMetadata().withName("osh-scan-taskrun-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase())
                .endMetadata()
                .withNewSpec()
                .withServiceAccountName(SERVICE_ACCOUNT)
                .withNewTaskRef()
                .withName(TASK_REFERENCE)
                .endTaskRef()
                .withParams(
                        new Param("buildId", new ArrayOrString(buildId)),
                        new Param("scanProfile", new ArrayOrString(scanProfile)))
                .endSpec()
                .build();

        tektonClient.v1beta1().taskRuns().inNamespace(NAMESPACE).resource(taskRun).create();

        return taskRun.getMetadata().getName();
    }

    public String invokeOshScmScanPipeline(String repo, String ref) {

        PodSecurityContext securityContext = new PodSecurityContextBuilder()
                .withRunAsNonRoot(true)
                .withRunAsUser(65532L)
                .build();

        WorkspaceBinding sourcesWorkspaceBinding = new WorkspaceBindingBuilder()
                .withName("sources")
                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-sources", null))
                .build();

        WorkspaceBinding sourceTarsWorkspaceBinding = new WorkspaceBindingBuilder()
                .withName("source-tars")
                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-source-tars", null))
                .build();

        WorkspaceBinding sslCaDirectoryWorkspaceBinding = new WorkspaceBindingBuilder()
                .withName("ssl-ca-directory")
                .withConfigMap(new ConfigMapVolumeSource(null, null, "config-trusted-cabundle", null))
                .build();

        List<WorkspaceBinding> workspaceBindings = new ArrayList<>();
        workspaceBindings.add(sourcesWorkspaceBinding);
        workspaceBindings.add(sourceTarsWorkspaceBinding);
        workspaceBindings.add(sslCaDirectoryWorkspaceBinding);

        PipelineRun pipelineRun = new PipelineRunBuilder()
                .withNewMetadata().withName("osh-scm-scan-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase()).endMetadata()
                .withNewSpec()
                .withNewPodTemplate()
                .withSecurityContext(securityContext)
                .endPodTemplate()
                .withServiceAccountName(SERVICE_ACCOUNT)
                .withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef()
                .addNewParam().withName("repo-url").withNewValue(repo).endParam()
                .addNewParam().withName("revision").withNewValue(ref).endParam()
                .withWorkspaces(workspaceBindings)
                .endSpec()
                .build();

        tektonClient.v1beta1().pipelineRuns().inNamespace(NAMESPACE).resource(pipelineRun).create();

        return pipelineRun.getMetadata().getName();
    }


}