/*
Copyright The Helm Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package cmd

import (
	"fmt"
	"io"
	"strings"

	"github.com/spf13/cobra"

	"helm.sh/helm/v4/pkg/action"
	"helm.sh/helm/v4/pkg/cli/output"
	"helm.sh/helm/v4/pkg/cmd/require"
	"helm.sh/helm/v4/pkg/pusher"
)

const pushDesc = `
Upload a chart to a registry.

If the chart has an associated provenance file,
it will also be uploaded.
`

type registryPushOptions struct {
	certFile              string
	keyFile               string
	caFile                string
	insecureSkipTLSVerify bool
	plainHTTP             bool
	password              string
	username              string
	outfmt                output.Format
}

// pushResult represents the result of a helm push operation
type pushResult struct {
	Ref    string `json:"ref"`
	Digest string `json:"digest"`
}

// pushWriter implements the output.Writer interface for push results
type pushWriter struct {
	result pushResult
}

// suppressSummaryWriter forwards all writes to the underlying writer, silently
// dropping lines that match the registry client's built-in "Pushed:"/"Digest:"
// summary output. Warnings, errors, and other output are forwarded intact.
type suppressSummaryWriter struct {
	w io.Writer
}

func (s *suppressSummaryWriter) Write(p []byte) (int, error) {
	line := string(p)
	if strings.HasPrefix(line, "Pushed: ") || strings.HasPrefix(line, "Digest: ") {
		return len(p), nil
	}
	return s.w.Write(p)
}

// WriteTable writes the push result in human-readable form, using the same
// "Pushed:"/"Digest:" labels as the registry client's built-in output so that
// the default (--output table) experience is consistent and familiar.
func (w *pushWriter) WriteTable(out io.Writer) error {
	fmt.Fprintf(out, "Pushed: %s\n", w.result.Ref)
	fmt.Fprintf(out, "Digest: %s\n", w.result.Digest)
	return nil
}

// WriteJSON writes the push result in JSON format
func (w *pushWriter) WriteJSON(out io.Writer) error {
	return output.EncodeJSON(out, w.result)
}

// WriteYAML writes the push result in YAML format
func (w *pushWriter) WriteYAML(out io.Writer) error {
	return output.EncodeYAML(out, w.result)
}

func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
	o := &registryPushOptions{}

	cmd := &cobra.Command{
		Use:   "push [chart] [remote]",
		Short: "push a chart to remote",
		Long:  pushDesc,
		Args:  require.MinimumNArgs(2),
		ValidArgsFunction: func(_ *cobra.Command, args []string, _ string) ([]string, cobra.ShellCompDirective) {
			if len(args) == 0 {
				// Do file completion for the chart file to push
				return nil, cobra.ShellCompDirectiveDefault
			}
			if len(args) == 1 {
				providers := []pusher.Provider(pusher.All(settings))
				var comps []string
				for _, p := range providers {
					for _, scheme := range p.Schemes {
						comps = append(comps, scheme+"://")
					}
				}
				return comps, cobra.ShellCompDirectiveNoFileComp | cobra.ShellCompDirectiveNoSpace
			}
			return noMoreArgsComp()
		},
		RunE: func(cmd *cobra.Command, args []string) error {
			// Suppress the registry client's built-in "Pushed:"/"Digest:" summary
			// lines while forwarding all other output (warnings, etc.) to stderr.
			// The --output writer (WriteTable/WriteJSON/WriteYAML) is the single
			// source of structured push output for this command.
			registryClient, err := newRegistryClient(
				o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSVerify, o.plainHTTP, o.username, o.password,
				&suppressSummaryWriter{w: cmd.ErrOrStderr()},
			)

			if err != nil {
				return fmt.Errorf("missing registry client: %w", err)
			}
			cfg.RegistryClient = registryClient
			chartRef := args[0]
			remote := args[1]
			client := action.NewPushWithOpts(action.WithPushConfig(cfg),
				action.WithTLSClientConfig(o.certFile, o.keyFile, o.caFile),
				action.WithInsecureSkipTLSVerify(o.insecureSkipTLSVerify),
				action.WithPlainHTTP(o.plainHTTP))
			client.Settings = settings
			result, err := client.Run(chartRef, remote)
			if err != nil {
				return err
			}
			writer := &pushWriter{
				result: pushResult{
					Ref:    result.Ref,
					Digest: result.Manifest.Digest,
				},
			}
			return o.outfmt.Write(out, writer)
		},
	}

	f := cmd.Flags()
	f.StringVar(&o.certFile, "cert-file", "", "identify registry client using this SSL certificate file")
	f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file")
	f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle")
	f.BoolVar(&o.insecureSkipTLSVerify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart upload")
	f.BoolVar(&o.plainHTTP, "plain-http", false, "use insecure HTTP connections for the chart upload")
	f.StringVar(&o.username, "username", "", "chart repository username where to locate the requested chart")
	f.StringVar(&o.password, "password", "", "chart repository password where to locate the requested chart")

	bindOutputFlag(cmd, &o.outfmt)

	return cmd
}