// package inspect displays and validates annotations on a set of packages
// For a single package-lock, org.opencontainers.image.version should be same
// for all specified packages if they were built from the same revision
package inspect

import (
	"context"
	"fmt"

	"edge-infra.dev/pkg/f8n/warehouse/packagelock"
	"edge-infra.dev/pkg/lib/cli/rags"
	"edge-infra.dev/pkg/lib/cli/sink"
)

func New() *sink.Command {
	var (
		location   string
		project    string
		repository string
	)
	cmd := &sink.Command{
		Use:   "inspect [flags] <filepath>",
		Short: "inspect build metadata for packages declared in a packagelock file",
		Flags: []*rags.Rag{
			{
				Name:     "location",
				Usage:    "location of the repository (e.g. us-east1)",
				Value:    &rags.String{Var: &location},
				Short:    "l",
				Required: true,
			},
			{
				Name:     "project",
				Usage:    "name of the GCP project containing the registry",
				Value:    &rags.String{Var: &project},
				Short:    "p",
				Required: true,
			},
			{
				Name:     "repository",
				Usage:    "name of the GAR repository",
				Value:    &rags.String{Var: &repository},
				Short:    "r",
				Required: true,
			},
		},
		Exec: func(ctx context.Context, r sink.Run) error {
			switch len(r.Args()) {
			case 0:
				return fmt.Errorf("error: a lockfile path must be passed")
			case 1:
			default:
				return fmt.Errorf("error: only one lockfile may be passed")
			}

			plr, err := packagelock.NewRules()
			if err != nil {
				return err
			}
			plf, err := plr.ParsePackageLock(r.Args()[0])
			if err != nil {
				return fmt.Errorf("invalid lockfile: %w", err)
			}
			r.Log.Info(fmt.Sprintf("valid lockfile: %s", r.Args()[0]))

			err = packagelock.InspectPackageLock(ctx, r.Log, plf, location, project, repository)
			if err != nil {
				return err
			}

			r.Log.Info("all package tag versions match digest version")
			return nil
		},
	}
	return cmd
}