SHELL := /bin/bash
ENVIRONMENT ?= au-syd1
ENV_DIR = environments/$(ENVIRONMENT)

.PHONY: clean init plan apply venv hiera output

define vault_env
	@export VAULT_ADDR="https://vault.service.consul:8200" && \
	export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID) && \
	export PUPPET_CERT_CA=$$(vault kv get -field=public_key kv/service/puppet/certificates/ca) && \
	export PUPPET_CERT_PUB=$$(vault kv get -field=public_key kv/service/puppet/certificates/terraform) && \
	export PUPPET_CERT_PRIV=$$(vault kv get -field=private_key kv/service/puppet/certificates/terraform) && \
	export TG_QUEUE_EXCLUDE_DIR="templates/base" && \
	export TG_PROVIDER_CACHE=1 && \
	export TG_TF_PATH=terraform && \
	eval "$$(vault read -format=json kv/data/service/terraform/incus \
	  | jq -r '.data.data | to_entries[] | "export \(.key)=\(.value|@sh)"')" && \
	export INCUS_CONFIG_DIR=$$(mktemp -d) && \
	trap "rm -rf $$INCUS_CONFIG_DIR" EXIT && \
	mkdir -p $$INCUS_CONFIG_DIR && \
	mkdir -p $$INCUS_CONFIG_DIR/servercerts && \
	printf '%s\n' "$$INCUS_CONF_INCUSIMAGES_CERT" > $$INCUS_CONFIG_DIR/servercerts/incus-images.crt && \
	printf '%s\n' "$$INCUS_CONF_CONFIG_YAML" > $$INCUS_CONFIG_DIR/config.yml && \
	if [ -f /etc/pki/tls/vault/certificate.crt ] && [ -f /etc/pki/tls/vault/private.key ]; then \
		cp /etc/pki/tls/vault/certificate.crt $$INCUS_CONFIG_DIR/client.crt && \
		cp /etc/pki/tls/vault/private.key $$INCUS_CONFIG_DIR/client.key; \
	elif [ -f $$HOME/.config/incus/client.crt ] && [ -f $$HOME/.config/incus/client.key ]; then \
		cp $$HOME/.config/incus/client.crt $$INCUS_CONFIG_DIR/client.crt && \
		cp $$HOME/.config/incus/client.key $$INCUS_CONFIG_DIR/client.key; \
	else \
		printf '%s\n' "$$INCUS_CLIENT_CRT" > $$INCUS_CONFIG_DIR/client.crt && \
		printf '%s\n' "$$INCUS_CLIENT_KEY" > $$INCUS_CONFIG_DIR/client.key; \
	fi
endef

clean:
	@echo "Cleaning Terraform files..."
	@find ./ -wholename '*.terragrunt-cache*' -delete
	@find ./ -name 'terragrunt_rendered.json' -delete
	@echo "Cleaning Python VENV..."
	@rm -rf .venv

init:
	@$(call vault_env) && \
	terragrunt run --all --non-interactive init -- -upgrade

plan: init
	@$(call vault_env) && \
	terragrunt run --all --parallelism 4 --non-interactive plan

apply: init
	@$(call vault_env) && \
	terragrunt run --all --parallelism 2 --non-interactive apply

output:
	@$(call vault_env) && \
	rm -f tf_outputs.json && \
	terragrunt run --all --parallelism 10 --non-interactive output -json >> tf_outputs.json

hiera:
	@echo "Setting up virtual environment with uv..."
	uv venv .venv && \
		source .venv/bin/activate && \
		uv pip install -r ci/autonode/requirements.txt

	@echo "Running update_hiera"
	.venv/bin/python ci/autonode/update_hiera.py \
	  --output-json tf_outputs.json \
	  --repo-url https://git.query.consul/unkinben/puppet-prod.git \
	  --clone-path $$(mktemp) \
	  --commit-template "Add Hiera config for {{ vmname }}" \
	  --file-template ci/autonode/templates/node.yaml.j2 \
	  --base-branch develop

venv:
	uv venv --python 3.12 venv && \
	source venv/bin/activate && \
	uv pip install -r ci/requirements.txt

list:
	source venv/bin/activate && \
	python ci/review.py
