# Variables relevant only for local dev (and not for CI) should go here. Anything required also in CI should be in .envrc.vars instead.

use_flake_subdir() {
  # Newer versions of direnv have watch_dir but the ancient version in
  # Ubuntu does not so we just manually watch all (git-tracked) files.
  for file in $(git ls-files nix); do
    watch_file $file
  done
  mkdir -p "$(direnv_layout_dir)"
  if [ -z "$ARTIFACTORY_PASSWORD" ] || [ "${OSS_ONLY:-}" == 1 ]  || [ "${OSS_ONLY:-}" == "true" ]; then
    eval "$(nix print-dev-env --profile "$(direnv_layout_dir)/flake-profile" "path:nix#oss" "$@")"
  else
    eval "$(nix print-dev-env --profile "$(direnv_layout_dir)/flake-profile" "path:nix" "$@")"
  fi
}

# Private .envrc
[[ -f .envrc.private ]] && [[ -z "$IGNORE_PRIVATE_ENVRC" ]] && source_env .envrc.private || true

# TODO(DACH-NY/canton-network-node#3876) work around for $TMPDIR is removed. #3876 to investigate more
OLD_TMPDIR=${TMPDIR-unset}

use flake_subdir

# TODO(DACH-NY/canton-network-node#3876) work around for $TMPDIR is removed. #3876 to investigate more
[ $OLD_TMPDIR != "unset" ] && export TMPDIR=$OLD_TMPDIR

source_env .envrc.vars

source "${TOOLS_LIB}/libcli.source"

source_env .envrc.validate

export ENTERPRISE_ARTIFACTORY_DOCKER_REGISTRY=digitalasset-canton-enterprise-docker.jfrog.io

# Configure docker access for cluster and integration tests
## Read current credentials
function read_docker_creds() {
    local repo="$1"
    local cred_helper=$(cat ~/.docker/config.json | jq -r ".credHelpers.\"$repo\" // .credsStore" )
    if [[ -z "$cred_helper" || "$cred_helper" == "null" ]]; then
        # read the credentials directly from config.json
        echo $(cat ~/.docker/config.json | jq -r ".auths.\"$repo\".auth" | base64 -d)
    else
        # read the credentials using the credential helper
        echo $(echo $repo | docker-credential-$cred_helper get | jq -r '(.Username + ":" + .Secret)' 2>/dev/null)
    fi
}

function check_docker_creds() {
  local docker_creds="$1"
  [[ -z "$docker_creds" || "$docker_creds" == "null" || "$docker_creds" != "$ARTIFACTORY_USER:$ARTIFACTORY_PASSWORD" ]] && \
  ## And artifactory user and password are set
  [[ -n "$ARTIFACTORY_USER" && -n "$ARTIFACTORY_PASSWORD" ]]
}

function check_docker_creds_ghcr() {
  local docker_creds="$1"
  [[ -z "$docker_creds" || "$docker_creds" == "null" || "$docker_creds" != "$GH_USER:$GH_TOKEN" ]] && \
  [[ -n "$GH_USER" && -n "$GH_TOKEN" ]]
}

DOCKER_CREDS=$(read_docker_creds "$GHCR")
if check_docker_creds_ghcr "$DOCKER_CREDS"; then
  echo "Logging into $GHCR"
  echo $GH_TOKEN | docker login "$GHCR" -u "$GH_USER" --password-stdin
fi

DOCKER_CREDS=$(read_docker_creds "$ENTERPRISE_ARTIFACTORY_DOCKER_REGISTRY")
if check_docker_creds "$DOCKER_CREDS"; then
  echo "Logging into $ENTERPRISE_ARTIFACTORY_DOCKER_REGISTRY"
  echo $ARTIFACTORY_PASSWORD | docker login "$ENTERPRISE_ARTIFACTORY_DOCKER_REGISTRY" -u "$ARTIFACTORY_USER" --password-stdin
fi

# re-export CIRCLECI_TOKEN (which we use in many places) as CIRCLECI_CLI_TOKEN (which `circleci` cli tool picks up)
export CIRCLECI_CLI_TOKEN="${CIRCLECI_TOKEN}"

# Do not tag local docker images with a git commit to simplify referencing these images from helm charts
export SPLICECLUSTER_STATIC_DIRTY_VERSION=1

# ensure the logs directory exists
mkdir -p $LOGS_PATH

export K9S_CONFIG_DIR=$SPLICE_ROOT/.k9s