/**
 * UAT: Checkout -> Maven -> (optional) push images to Harbor -> deploy jar + docker restart.
 *
 * Jenkins Job: Pipeline script from SCM
 * Script Path: docs/jenkins/Jenkinsfile-uat-build-deploy.groovy
 *
 * Harbor (153.68): when PUSH_TO_HARBOR=true, push uat-latest (+ archive prior as uat-build-<N>).
 * Prod promote: SOURCE_TAG=uat-latest
 */

def filterHarborPushScope(List allServices, String scope) {
    def s = (scope ?: 'all-java-services').trim()
    if (s == 'all-java-services') {
        return allServices
    }
    if (s.endsWith('-only')) {
        def repo = s.substring(0, s.length() - '-only'.length())
        def picked = allServices.findAll { it.repo == repo }
        if (picked.isEmpty()) {
            error("Unknown HARBOR_PUSH_SCOPE: ${scope}")
        }
        return picked
    }
    error("Unknown HARBOR_PUSH_SCOPE: ${scope}")
}

/** POSIX sh only — Jenkins sh step uses /bin/sh, not bash. */
def pruneHarborUatTags(def script, String reg, String proj, List repoNames, int keepCount, String tagPrefix, String currentBuildTag, String latestTag) {
    if (repoNames == null || repoNames.isEmpty() || keepCount < 1) {
        return
    }
    def repos = repoNames.join(' ')
    script.sh """
        set -e
        REG='${reg}'
        PROJ='${proj}'
        KEEP=${keepCount}
        PREFIX='${tagPrefix}'
        CURRENT='${currentBuildTag}'
        LATEST='${latestTag}'
        if ! command -v jq >/dev/null 2>&1; then
          echo '>>> Harbor prune skipped: jq not installed on Jenkins agent'
          exit 0
        fi
        for repo in ${repos}; do
          enc_repo=\$(printf '%s' "\${repo}" | jq -sRr @uri)
          tags_file=\$(mktemp)
          curl -fsS -u "\${HARBOR_USER}:\${HARBOR_PASS}" \\
            "http://\${REG}/api/v2.0/projects/\${PROJ}/repositories/\${enc_repo}/artifacts?page_size=100" \\
            | jq -r '.[] | .tags[]? | .name' | grep "^\${PREFIX}" | sort -t- -k3 -n > "\${tags_file}" || true
          count=\$(wc -l < "\${tags_file}" | tr -d ' ')
          echo ">>> prune \${repo}: \${count} tag(s) matching \${PREFIX}*"
          if [ "\${count}" -le "\${KEEP}" ]; then
            rm -f "\${tags_file}"
            continue
          fi
          del_count=\$((count - KEEP))
          deleted=0
          while IFS= read -r t; do
            [ -z "\${t}" ] && continue
            if [ "\${t}" = "\${CURRENT}" ] || [ "\${t}" = "\${LATEST}" ]; then
              continue
            fi
            if [ "\${deleted}" -ge "\${del_count}" ]; then
              break
            fi
            echo ">>> DELETE Harbor tag \${repo}:\${t}"
            if ! curl -fsS -X DELETE -u "\${HARBOR_USER}:\${HARBOR_PASS}" \\
              "http://\${REG}/api/v2.0/projects/\${PROJ}/repositories/\${enc_repo}/artifacts/\${t}/tags/\${t}"; then
              echo ">>> WARN: delete failed \${repo}:\${t}"
            fi
            deleted=\$((deleted + 1))
          done < "\${tags_file}"
          rm -f "\${tags_file}"
        done
    """
}

def pushOneHarborImage(String workspace, String dockerfile, String reg, String proj, Map svc, String latestTag, String buildTag) {
    def jarName = "${svc.module}-1.0.0.jar"
    def imageLatest = "${reg}/${proj}/${svc.repo}:${latestTag}"
    def imageBuild = "${reg}/${proj}/${svc.repo}:${buildTag}"
    def withLibFlag = svc.withLib ? 'true' : 'false'
    sh """
        set -e
        export DOCKER_BUILDKIT=1
        test -f ${workspace}/${svc.module}/target/${jarName}
        cd ${workspace}/${svc.module}
        rm -rf .jenkins_docker_ctx && mkdir -p .jenkins_docker_ctx/lib
        cp -f target/${jarName} .jenkins_docker_ctx/${jarName}
        if [ "${withLibFlag}" = "true" ] && [ -d target/lib ]; then
          cp -rf target/lib/. .jenkins_docker_ctx/lib/
        else
          touch .jenkins_docker_ctx/lib/.keep
        fi
        cd .jenkins_docker_ctx
        if docker pull ${imageLatest} 2>/dev/null; then
          echo ">>> archive previous ${latestTag} -> ${buildTag}"
          docker tag ${imageLatest} ${imageBuild}
          docker push ${imageBuild}
        fi
        docker build -f ${workspace}/${dockerfile} \\
          --build-arg BASE_IMAGE=${reg}/${proj}/base/openjdk8-ffmpeg:v1 \\
          --build-arg JAR_FILE=${jarName} \\
          --build-arg SERVER_PORT=${svc.port} \\
          --build-arg WITH_LIB=${svc.withLib} \\
          -t ${imageLatest} .
        docker push ${imageLatest}
        echo ">>> pushed ${imageLatest}"
        docker rmi ${imageLatest} 2>/dev/null || true
        cd ${workspace}/${svc.module}
        rm -rf .jenkins_docker_ctx
    """
}

def deployOneService(String workspace, String moduleName, String dirName) {
    def sourceJar = "${workspace}/${moduleName}/target/${moduleName}-1.0.0.jar"
    def sourceLib = "${workspace}/${moduleName}/target/lib"
    def targetDir = "/app_deploy_uat/${dirName}"
    sh """
        set -e
        echo ">>> Deploy module: ${moduleName}"
        if [ -f "${sourceJar}" ]; then
            mkdir -p "${targetDir}"
            if [ -d "${sourceLib}" ]; then
                rm -rf "${targetDir}/lib"
                cp -rf "${sourceLib}" "${targetDir}"
            fi
            cp -f "${sourceJar}" "${targetDir}/"
            if docker ps -a --format '{{.Names}}' | grep -wq "${dirName}"; then
                docker restart "${dirName}"
                echo ">>> [${dirName}] restarted"
            else
                echo ">>> [${dirName}] container missing, jar copied only"
            fi
        else
            echo ">>> [${dirName}] jar missing, skip"
        fi
    """
}

pipeline {
    agent any

    options {
        buildDiscarder(logRotator(numToKeepStr: '15'))
        disableConcurrentBuilds()
        timestamps()
        timeout(time: 90, unit: 'MINUTES')
    }

    parameters {
        string(
                name: 'GIT_BRANCH',
                defaultValue: 'uat-20260202',
                trim: true,
                description: 'Git branch, must match remote (e.g. uat-20260202)'
        )
        booleanParam(name: 'FORCE_UPDATE', defaultValue: false, description: 'mvn -U (leave unchecked for routine builds)')
        booleanParam(name: 'ALLOW_SNAPSHOTS', defaultValue: true, description: 'allow SNAPSHOT deps')
        booleanParam(
                name: 'PUSH_TO_HARBOR',
                defaultValue: true,
                description: 'After Maven: docker build + push Harbor (uat-latest). Uncheck for jar-only deploy.'
        )
        choice(
                name: 'HARBOR_PUSH_SCOPE',
                choices: [
                        'all-java-services',
                        'gateway-only',
                        'store-only',
                        'second-only',
                        'store-platform-only',
                        'lawyer-only',
                        'job-only',
                        'dining-only',
                ],
                description: 'Only when PUSH_TO_HARBOR=true'
        )
        string(name: 'HARBOR_REGISTRY', defaultValue: '39.105.153.68', trim: true)
        string(name: 'HARBOR_PROJECT', defaultValue: 'alien_cloud', trim: true)
        booleanParam(name: 'HARBOR_PRUNE_OLD_TAGS', defaultValue: true, description: 'Delete old uat-build-* tags (never uat-latest)')
        string(name: 'HARBOR_KEEP_TAG_COUNT', defaultValue: '10', trim: true)
        booleanParam(name: 'HARBOR_PUSH_PARALLEL', defaultValue: true, description: 'Build/push Harbor images in parallel (faster, uses more CPU/disk)')
    }

    environment {
        MAVEN_HOME = tool '3.6.3'
        PATH = "${MAVEN_HOME}/bin:${env.PATH}"
        GIT_URL = 'http://8.152.195.41:3000/alien/alien_cloud'
        GIT_CREDENTIALS = 'zhanghaomimapingzheng'
        HARBOR_CREDENTIALS = 'harbor-robot-alien'
        UAT_HARBOR_LATEST_TAG = 'uat-latest'
        UAT_HARBOR_BUILD_TAG = "uat-build-${env.BUILD_NUMBER}"
        DOCKERFILE_JAVA = 'docs/jenkins/produ/docker/Dockerfile.java-service'
        MAVEN_LOCAL_REPO = '/var/jenkins_home/.m2/repository'
    }

    stages {
        stage('Checkout') {
            steps {
                script {
                    def branch = (params.GIT_BRANCH ?: 'uat-20260202').trim()
                    if (!branch) {
                        error('GIT_BRANCH is required')
                    }
                    env.GIT_BRANCH = branch
                    echo ">>> Checkout branch: ${env.GIT_BRANCH}"
                    git branch: "${env.GIT_BRANCH}",
                            credentialsId: "${env.GIT_CREDENTIALS}",
                            url: "${env.GIT_URL}"
                    sh """
                        set -e
                        git fetch origin
                        git reset --hard origin/${env.GIT_BRANCH}
                        git log -1 --oneline
                    """
                }
            }
        }

        stage('Prepare Maven Settings') {
            steps {
                writeFile file: 'settings.xml', text: """<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
    <mirrors>
        <mirror>
            <id>aliyunmaven</id>
            <mirrorOf>central</mirrorOf>
            <name>Aliyun Maven Central mirror</name>
            <url>https://maven.aliyun.com/repository/central</url>
        </mirror>
        <mirror>
            <id>aliyun-public</id>
            <mirrorOf>*,!spring-milestones,!spring-snapshots</mirrorOf>
            <name>Aliyun public</name>
            <url>https://maven.aliyun.com/repository/public</url>
        </mirror>
    </mirrors>
    <profiles>
        <profile>
            <id>repo-mix</id>
            <repositories>
                <repository>
                    <id>central</id>
                    <url>https://repo.maven.apache.org/maven2</url>
                    <releases><enabled>true</enabled><updatePolicy>daily</updatePolicy></releases>
                    <snapshots><enabled>false</enabled></snapshots>
                </repository>
                <repository>
                    <id>spring-milestones</id>
                    <url>https://repo.spring.io/milestone</url>
                    <releases><enabled>true</enabled><updatePolicy>daily</updatePolicy></releases>
                    <snapshots><enabled>false</enabled></snapshots>
                </repository>
                <repository>
                    <id>spring-snapshots</id>
                    <url>https://repo.spring.io/snapshot</url>
                    <releases><enabled>false</enabled></releases>
                    <snapshots><enabled>true</enabled><updatePolicy>daily</updatePolicy></snapshots>
                </repository>
            </repositories>
            <pluginRepositories>
                <pluginRepository>
                    <id>central</id>
                    <url>https://repo.maven.apache.org/maven2</url>
                    <releases><enabled>true</enabled></releases>
                    <snapshots><enabled>false</enabled></snapshots>
                </pluginRepository>
            </pluginRepositories>
        </profile>
    </profiles>
    <activeProfiles>
        <activeProfile>repo-mix</activeProfile>
    </activeProfiles>
</settings>
"""
            }
        }

        stage('Maven Build') {
            steps {
                script {
                    def updateFlag = params.FORCE_UPDATE ? '-U' : ''
                    retry(2) {
                        sh """
                            set -e
                            mvn -version
                            unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY ALL_PROXY all_proxy no_proxy NO_PROXY || true
                            export MAVEN_OPTS="-Xms512m -Xmx2048m -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true"
                            mkdir -p ${MAVEN_LOCAL_REPO}
                            du -sh ${MAVEN_LOCAL_REPO} 2>/dev/null || true
                            echo ">>> Maven repo: ${MAVEN_LOCAL_REPO} (persists across builds; do NOT delete on disk cleanup)"
                            mvn clean package -DskipTests -s settings.xml ${updateFlag} \\
                              -T 1C \\
                              -Dmaven.repo.local=${MAVEN_LOCAL_REPO} \\
                              -Dmaven.artifact.threads=8
                        """
                    }
                }
            }
        }

        stage('Push images to Harbor') {
            when { expression { return params.PUSH_TO_HARBOR == true } }
            steps {
                script {
                    def reg = params.HARBOR_REGISTRY.trim()
                    def proj = params.HARBOR_PROJECT.trim()
                    def latestTag = env.UAT_HARBOR_LATEST_TAG
                    def buildTag = env.UAT_HARBOR_BUILD_TAG
                    def dockerfile = env.DOCKERFILE_JAVA
                    def workspace = env.WORKSPACE

                    def allHarborServices = [
                            [module: 'alien-gateway',        repo: 'gateway',        port: '8000',  withLib: false],
                            [module: 'alien-store',          repo: 'store',          port: '50014', withLib: true],
                            [module: 'alien-second',         repo: 'second',         port: '50015', withLib: false],
                            [module: 'alien-store-platform', repo: 'store-platform', port: '50016', withLib: false],
                            [module: 'alien-lawyer',         repo: 'lawyer',         port: '50017', withLib: true],
                            [module: 'alien-job',            repo: 'job',            port: '50108', withLib: false],
                            [module: 'alien-dining',         repo: 'dining',         port: '50019', withLib: false],
                    ]
                    def harborServices = filterHarborPushScope(allHarborServices, params.HARBOR_PUSH_SCOPE)
                    echo ">>> HARBOR_PUSH_SCOPE=${params.HARBOR_PUSH_SCOPE} repos=${harborServices*.repo.join(',')}"

                    withCredentials([usernamePassword(
                            credentialsId: env.HARBOR_CREDENTIALS,
                            usernameVariable: 'HARBOR_USER',
                            passwordVariable: 'HARBOR_PASS',
                    )]) {
                        sh """
                            set -e
                            echo "\${HARBOR_PASS}" | docker login ${reg} -u "\${HARBOR_USER}" --password-stdin
                            df -h / 2>/dev/null || true
                            docker system prune -f --filter until=48h 2>/dev/null || true
                        """
                        if (params.HARBOR_PUSH_PARALLEL && harborServices.size() > 1) {
                            def branches = [:]
                            harborServices.each { svc ->
                                branches[svc.repo] = {
                                    pushOneHarborImage(workspace, dockerfile, reg, proj, svc, latestTag, buildTag)
                                }
                            }
                            parallel branches
                        } else {
                            harborServices.each { svc ->
                                pushOneHarborImage(workspace, dockerfile, reg, proj, svc, latestTag, buildTag)
                            }
                        }
                        if (params.HARBOR_PRUNE_OLD_TAGS == true) {
                            def keepN = (params.HARBOR_KEEP_TAG_COUNT ?: '10').trim() as int
                            catchError(buildResult: 'SUCCESS', stageResult: 'UNSTABLE') {
                                pruneHarborUatTags(
                                    this, reg, proj, harborServices*.repo,
                                    keepN, 'uat-build-', buildTag, latestTag,
                                )
                            }
                        }
                    }
                    echo ">>> Prod promote: SOURCE_TAG=${env.UAT_HARBOR_LATEST_TAG}"
                }
            }
        }

        stage('Deploy Services') {
            steps {
                script {
                    def workspace = env.WORKSPACE
                    def services = [
                            [module: 'alien-gateway',        dir: 'gateway-uat'],
                            [module: 'alien-job',            dir: 'job-uat'],
                            [module: 'alien-lawyer',         dir: 'lawyer-uat'],
                            [module: 'alien-second',         dir: 'second-uat'],
                            [module: 'alien-store',          dir: 'store-uat'],
                            [module: 'alien-dining',         dir: 'dining-uat'],
                            [module: 'alien-store-platform', dir: 'store-platform-uat'],
                    ]
                    def branches = [:]
                    services.each { svc ->
                        branches[svc.dir] = {
                            deployOneService(workspace, svc.module, svc.dir)
                        }
                    }
                    parallel branches
                }
            }
        }
    }

    post {
        always {
            sh 'rm -f settings.xml || true'
        }
        success {
            script {
                if (params.PUSH_TO_HARBOR) {
                    echo ">>> Harbor latest: ${env.UAT_HARBOR_LATEST_TAG}"
                    echo ">>> Prod promote: SOURCE_TAG=${env.UAT_HARBOR_LATEST_TAG}"
                }
            }
        }
    }
}