#!/usr/bin/env bash
# =============================================
#  MinusNow Packager (Linux) v2.5
#  February 2026
# =============================================
# Produces source and artifact archives with security filtering.
# Usage:
#   ./package-linux.sh [--build] [--source-only] [--output-dir ./artifacts] [--checksums]

set -euo pipefail

OUTPUT_DIR="${OUTPUT_DIR:-$(pwd)/artifacts}"
BUILD=false
SOURCE_ONLY=false
CHECKSUMS=false

while [[ $# -gt 0 ]]; do
  case "$1" in
    --build)       BUILD=true; shift ;;
    --source-only) SOURCE_ONLY=true; shift ;;
    --output-dir)  OUTPUT_DIR="$2"; shift 2 ;;
    --checksums)   CHECKSUMS=true; shift ;;
    *) echo "Unknown arg: $1"; exit 1 ;;
  esac
done

mkdir -p "$OUTPUT_DIR"
ROOT_DIR=$(pwd)

SECURITY_EXCLUDES="--exclude=founder-credentials.json --exclude=.env --exclude=*.log --exclude=*.tmp --exclude=security-report.json"

echo ""
echo "==> MinusNow Packager (Linux) v2.5"

# --- Source Archive ---
echo "    Creating source archive..."
SRC_STAGE=$(mktemp -d)
rsync -a --delete \
  --exclude=node_modules --exclude=dist --exclude=.git --exclude=.vscode \
  --exclude=artifacts --exclude=audit-logs --exclude=support-tickets \
  --exclude=ticket-responses --exclude=founder-credentials.json \
  --exclude=.env --exclude='*.log' --exclude='*.tmp' --exclude=security-report.json \
  "$ROOT_DIR/" "$SRC_STAGE/"

# Security: double-check sensitive files
find "$SRC_STAGE" -name "founder-credentials.json" -delete 2>/dev/null || true
find "$SRC_STAGE" -name ".env" -delete 2>/dev/null || true

tar -czf "$OUTPUT_DIR/minusnow-itsm-source.tar.gz" -C "$SRC_STAGE" .
rm -rf "$SRC_STAGE"
SRC_SIZE=$(du -h "$OUTPUT_DIR/minusnow-itsm-source.tar.gz" | awk '{print $1}')
echo "    [OK] Source archive: $SRC_SIZE"

if [[ "$SOURCE_ONLY" == "true" ]]; then
  echo "Source-only packaging complete."
  exit 0
fi

# --- Build ---
if [[ "$BUILD" == "true" ]]; then
  echo "    Running build..."
  npm install
  npm run build
fi

# --- Artifact Archive ---
echo "    Creating artifact archive..."
STAGE=$(mktemp -d)
mkdir -p "$STAGE/dist" "$STAGE/shared"
rsync -a "$ROOT_DIR/dist/" "$STAGE/dist/"
rsync -a "$ROOT_DIR/shared/" "$STAGE/shared/"
cp "$ROOT_DIR/package.json" "$STAGE/"

for f in drizzle.config.ts tsconfig.json vite.config.ts postcss.config.js components.json Dockerfile docker-compose.yml; do
  [ -f "$ROOT_DIR/$f" ] && cp "$ROOT_DIR/$f" "$STAGE/"
done

if [ -d "$ROOT_DIR/documentation" ]; then
  rsync -a --exclude=downloads "$ROOT_DIR/documentation/" "$STAGE/documentation/"
fi

# Security check
find "$STAGE" -name "founder-credentials.json" -delete 2>/dev/null || true
find "$STAGE" -name ".env" -delete 2>/dev/null || true

tar -czf "$OUTPUT_DIR/minusnow-itsm-artifact.tar.gz" -C "$STAGE" .
rm -rf "$STAGE"
ART_SIZE=$(du -h "$OUTPUT_DIR/minusnow-itsm-artifact.tar.gz" | awk '{print $1}')
echo "    [OK] Artifact archive: $ART_SIZE"

# --- Checksums ---
if [[ "$CHECKSUMS" == "true" ]]; then
  echo "    Generating SHA256 checksums..."
  CHECKSUM_FILE="$OUTPUT_DIR/SHA256SUMS.txt"
  echo "# MinusNow ITSM Artifact Checksums" > "$CHECKSUM_FILE"
  echo "# Generated: $(date -u +"%Y-%m-%dT%H:%M:%S")" >> "$CHECKSUM_FILE"
  echo "" >> "$CHECKSUM_FILE"
  cd "$OUTPUT_DIR"
  for f in *.tar.gz *.zip; do
    [ -f "$f" ] && sha256sum "$f" >> "$CHECKSUM_FILE"
  done
  cd "$ROOT_DIR"
  echo "    [OK] SHA256SUMS.txt generated"
fi

echo ""
echo "Packaging complete:"
echo "  - $OUTPUT_DIR/minusnow-itsm-source.tar.gz ($SRC_SIZE)"
echo "  - $OUTPUT_DIR/minusnow-itsm-artifact.tar.gz ($ART_SIZE)"