.PHONY: build run lint lint_ci test test_ci test_coverage test_coverage_ci setup twirp mocks ci e2e e2e_ci e2e_coverage e2e_coverage_ci gen errx dev setup_retool_docker prompt_yes update_dev_creds update_prod_creds static_analysis

define ada
	@which ada || (echo "install ada using option 2 from https://wiki.twitch.com/display/AD/Using+Isengard+from+the+command+line+or+programatically" && exit 1)
	@ada credentials update --once --profile $(1) --account $(2) --role admin 2> /dev/null || ((which mwinit && mwinit --aea) || (echo "===> ada failed: run mwinit <==" && exit 1))
endef

update_dev_creds:
	$(call ada, twitch-rbac-dev, 059023621032)

update_prod_creds:
	$(call ada, twitch-rbac-prod, 712827439730)

setup:
	# Replace with script to verify user ran brew install golangci/tap/golangci-lint
	# go get -u github.com/golangci/golangci-lint/cmd/golangci-lint

	go get -u github.com/golang/protobuf/protoc-gen-go
	go get -u github.com/twitchtv/twirp/protoc-gen-twirp@v5.3.0
	go get -u github.com/maxbrunsfeld/counterfeiter@c1f2005ff133f81907ce72f3d20e1169799317fe
	go get -u code.justin.tv/devrel/errxer/cmd/errxer

	GO111MODULE=auto go get code.justin.tv/sse/malachai/pkg/s2s/callee

build:
	docker-compose run --rm --entrypoint "go build -o rbac main.go" compile

run:
	# Use ENVIRONMENT env var to find the config/env-<ENVIRONMENT>.toml file.
	go run main.go

run_local: update_dev_creds
	# Start with local database and staging clients
	AWS_PROFILE=twitch-rbac-dev ENVIRONMENT=local go run main.go

run_staging: update_dev_creds
	# Start with staging configuration, pulling secrets from twitch-rbac-dev AWS profile in the US-West-2 region.
	AWS_PROFILE=twitch-rbac-dev ENVIRONMENT=local-staging go run main.go

build_staging_docker:
	@echo "* Build: Staging"
	@docker build -t rbac-staging .

push_staging_docker: update_dev_creds build_staging_docker
	@echo "* Logging into ECR"
	@aws ecr get-login-password --region us-west-2 --profile=twitch-rbac-dev | docker login --username AWS --password-stdin 059023621032.dkr.ecr.us-west-2.amazonaws.com/rbac-dev
	@echo "* Tagging container"
	@docker tag rbac-staging:latest 059023621032.dkr.ecr.us-west-2.amazonaws.com/rbac-dev:latest
	@echo "* Pushing container"
	@docker push 059023621032.dkr.ecr.us-west-2.amazonaws.com/rbac-dev:latest

run_staging_docker: update_dev_creds
	@echo "* Start: Staging"
	@docker run -it --rm -p 9000:9000 \
			-e ENVIRONMENT="local-staging" \
			-e AWS_ACCESS_KEY_ID=$(shell aws configure get twitch-rbac-dev.aws_access_key_id) \
			-e AWS_SECRET_ACCESS_KEY=$(shell aws configure get twitch-rbac-dev.aws_secret_access_key) \
			-e AWS_SESSION_TOKEN=$(shell aws configure get twitch-rbac-dev.aws_session_token) \
			rbac-staging:latest

staging_docker: build_staging_docker run_staging_docker

build_production_docker:
	@echo "* Build: Production"
	@docker build -t rbac-production .

push_production_docker: update_prod_creds build_production_docker
	@echo "* Logging into ECR"
	@aws ecr get-login-password --region us-west-2 --profile=twitch-rbac-prod | docker login --username AWS --password-stdin 712827439730.dkr.ecr.us-west-2.amazonaws.com/rbac-prod
	@echo "* Tagging container"
	@docker tag rbac-production:latest 712827439730.dkr.ecr.us-west-2.amazonaws.com/rbac-prod:latest
	@echo "* Pushing container"
	@docker push 712827439730.dkr.ecr.us-west-2.amazonaws.com/rbac-prod:latest

run_production_docker: update_prod_creds
	@echo "* Start: Production"
	@docker run -it --rm -p 9000:9000 \
			-e ENVIRONMENT="local-production" \
			-e AWS_ACCESS_KEY_ID=$(shell aws configure get twitch-rbac-dev.aws_access_key_id) \
			-e AWS_SECRET_ACCESS_KEY=$(shell aws configure get twitch-rbac-dev.aws_secret_access_key) \
			-e AWS_SESSION_TOKEN=$(shell aws configure get twitch-rbac-dev.aws_session_token) \
			rbac-production:latest

production_docker: build_production_docker run_production_docker

run_production: update_prod_creds
	# Start with production configuration, pulling secrets from twitch-rbac-prod AWS profile in the US-West-2 region.
	AWS_PROFILE=twitch-rbac-prod ENVIRONMENT=local-production go run main.go

lint:
	./scripts/lint.sh
	golangci-lint run --modules-download-mode=vendor
	go vet

lint_ci:
	docker-compose run --rm lint

test:
	./e2e/run.sh unittest

test_ci:
	# runs unit tests
	docker-compose run --rm --entrypoint "./e2e/run.sh unittest" compile

test_coverage:
	COVERAGE=on ./e2e/run.sh unittest

test_coverage_ci:
	# runs unit tests with coverage
	docker-compose run --rm -e COVERAGE=on --entrypoint "./e2e/run.sh unittest" compile

gen: twirp gogen

twirp:
	./scripts/check_protoc.sh
	protoc --proto_path=$(GOPATH)/src:. --twirp_out=. --go_out=. ./rpc/rbacrpc/rbacrpc.proto

gogen:
	# go:generate tags, for errxer, counterfeiter, etc.
	go generate ./...

ci: lint_ci test_coverage_ci build e2e_coverage_ci

e2e:
	LOCAL=true ./e2e/ci.sh

e2e_ci:
	# End-to-End tests for CI: spin up all containers and run e2e tests.
	./e2e/ci.sh

e2e_coverage:
	# End-to-End tests for CI: spin up all containers and run e2e tests.
	LOCAL=true COVERAGE=on ./e2e/ci.sh

e2e_coverage_ci:
	# End-to-End tests for CI: spin up all containers and run e2e tests.
	COVERAGE=on ./e2e/ci.sh

psql_local:
	# Connecting to local DB. If not available, create it first with pg_dump_setup and pg_dump_staging
	psql -U rbac_admin rbac

psql_staging: update_dev_creds
	# Connecting to staging DB.
	PGPASSWORD=$$(aws secretsmanager get-secret-value --secret-id devsite/rbac/staging/rds_admin_password --profile=twitch-rbac-dev --region=us-west-2 --query 'SecretString' --output text) \
	psql -h 'rbac-staging-master.cfbymaguatde.us-west-2.rds.amazonaws.com' -p 5433 -U rbac_admin -d rbac

psql_production: update_prod_creds
	# Connecting to production DB.
	PGPASSWORD=$$(aws secretsmanager get-secret-value --secret-id devsite/rbac/production/rds_admin_password --profile=twitch-rbac-prod --region=us-west-2 --query 'SecretString' --output text) \
	psql -h 'rbac-production.cluster-cbt09tmxkqne.us-west-2.rds.amazonaws.com' -p 5433 -U rbac_admin -d rbac

pg_dump_setup:
	# Make sure postgres is installed (brew install postgres) and the DB is started.
	which psql
	# Create DB and users
	createdb rbac
	createuser rbac_admin --superuser
	createuser rbac
	psql -c "ALTER USER rbac WITH ENCRYPTED PASSWORD 'rbac'" rbac

requires_pg_dump_setup:
	# If you haven't run pg_dump_setup, this won't work as expected

pg_dump_teardown:
	# Cleanup local DB
	dropdb rbac --if-exists
	dropuser rbac_admin
	dropuser rbac

pg_dump_staging_to_local: requires_pg_dump_setup update_dev_creds
	# Reset local DB
	dropdb rbac --if-exists
	createdb rbac
	# Dump staging DB into local DB
	PGPASSWORD=$$(aws secretsmanager get-secret-value --secret-id devsite/rbac/staging/rds_admin_password --profile=twitch-rbac-dev --region=us-west-2 --query 'SecretString' --output text) \
	pg_dump -h 'rbac-staging-master.cfbymaguatde.us-west-2.rds.amazonaws.com' -p 5433 -U rbac_admin rbac | psql -d rbac

pg_dump_production_to_local: requires_pg_dump_setup update_prod_creds
	# Reset local DB
	dropdb rbac --if-exists
	createdb rbac
	# Dump production DB into local DB
	PGPASSWORD=$$(aws secretsmanager get-secret-value --secret-id devsite/rbac/production/rds_admin_password --profile=twitch-rbac-prod --region=us-west-2 --query 'SecretString' --output text) \
	pg_dump -h 'rbac-production.cluster-cbt09tmxkqne.us-west-2.rds.amazonaws.com' -p 5432 -U rbac_admin rbac | psql -d rbac

restore_production_db_to_staging:
	./scripts/staging-db-update.sh

swap_staging_db_instance:
	./scripts/swap_staging_db.sh

pg_dump_local_to_e2e_schema: requires_pg_dump_setup
	# Generate schema for e2e tests from local db (make sure local DB schema is up to date)
	pg_dump --schema-only --no-owner -U rbac_admin rbac > docker/initdb/01-schema.sql

migrate_local:
	# Apply new migrations in local DB.
	migrate -path migrations -database 'postgres://rbac_admin@localhost:5432/rbac?sslmode=disable' up

prompt_yes:
	@echo -n "Are you sure? [y/N] " && read ans && [ $${ans:-N} = y ]

migrate_staging: prompt_yes update_dev_creds
	# Apply new migrations in staging DB.
	# Remember this reads from your local filesystem, make sure you are in the right branch.
	PGPASSWORD=$$(aws secretsmanager get-secret-value --secret-id devsite/rbac/staging/rds_admin_password --profile=twitch-rbac-dev --region=us-west-2 --query 'SecretString' --output text) \
	migrate -path migrations -database 'postgres://rbac_admin@rbac-staging-master.cfbymaguatde.us-west-2.rds.amazonaws.com:5433/rbac?sslmode=require' up

migrate_production: prompt_yes update_prod_creds
	# Apply new migrations in production DB.
	# WARNING! Please notify in Slack that you are about to run data migrations in production.
	PGPASSWORD=$$(aws secretsmanager get-secret-value --secret-id devsite/rbac/production/rds_admin_password --profile=twitch-rbac-prod --region=us-west-2 --query 'SecretString' --output text) \
	migrate -path migrations -database 'postgres://rbac_admin@rbac-production.cluster-cbt09tmxkqne.us-west-2.rds.amazonaws.com:5432/rbac?sslmode=require' up

static_analysis:
	golangci-lint run --out-format checkstyle > golangci-report.xml
	@which sonar-scanner || (echo "install sonar-scanner using "Static Code Analysis" step from Read Me https://git-aws.internal.justin.tv/devrel/devsite-rbac" && exit 1)
	sonar-scanner
