#!/usr/bin/env bash
# Build & push the derived Hermes image (kubectl + helm).
#
# Two modes:
#   ./build-and-push.sh push    # build + push to the Gitea registry
#   ./build-and-push.sh local   # build + import directly into the NUC's k3s containerd
#                               # (no registry needed; pod is pinned to this node)
#
# Default (no arg): push.
set -euo pipefail

# Docker registry pushes can't go through the Cloudflare proxy (100 MB cap),
# so push to the DNS-only registry hostname instead of git.rogi.casa.
# Override with: REGISTRY=git.rogi.casa ./build-and-push.sh push   (if grey-clouded)
REGISTRY="${REGISTRY:-registry.rogi.casa}"
REPO="roger/hermes-agent"
TAG="${TAG:-v1.35-1}"
IMAGE="${REGISTRY}/${REPO}:${TAG}"
MODE="${1:-push}"

cd "$(dirname "$0")"

echo "==> Building ${IMAGE}"
docker build --platform linux/amd64 -t "${IMAGE}" -f dockerfile .

case "$MODE" in
  push)
    echo "==> Pushing ${IMAGE}"
    docker push "${IMAGE}"
    echo "==> Done. If the pod can't pull, create the gitea-registry secret in the namespace."
    ;;
  local)
    # Requires k3s + being run on the node the pod schedules to (roger-nucbox-evo-x2).
    echo "==> Importing into k3s containerd (requires sudo)"
    docker save "${IMAGE}" | sudo k3s ctr images import -
    echo "==> Done. Verify: sudo k3s ctr images ls | grep hermes-agent"
    echo "    deployment.yaml is set to imagePullPolicy: IfNotPresent"
    ;;
  *)
    echo "Usage: $0 {push|local}" >&2
    exit 1
    ;;
esac