from pathlib import Path
import sqlite3

import anyio
import pytest
import yaml

from app.db import reset_db_caches
from app.config import get_settings
from app.main import create_app
from scripts.app_db_adopt import APP_BASELINE_REVISION
from scripts.run_migrations import run_all_migrations

PROJECT_ROOT = Path(__file__).resolve().parents[1]


def _read_yaml(path: str) -> dict:
    return yaml.safe_load((PROJECT_ROOT / path).read_text())


async def _run_lifespan(app) -> None:
    async with app.router.lifespan_context(app):
        return None


def _configure_database_env(tmp_path: Path, monkeypatch: pytest.MonkeyPatch) -> dict[str, Path | str]:
    app_path = tmp_path / "app.db"

    monkeypatch.setenv("APP_DATABASE_URL", f"sqlite:///{app_path}")
    monkeypatch.setenv("AUTH_BOOTSTRAP_USERNAME", "admin")
    monkeypatch.setenv("AUTH_BOOTSTRAP_PASSWORD", "test-password")
    monkeypatch.setenv("AUTH_COOKIE_SECURE_OVERRIDE", "false")
    get_settings.cache_clear()
    reset_db_caches()

    return {
        "app_path": app_path,
        "app_url": f"sqlite:///{app_path}",
    }


def test_compose_uses_migration_job_before_app() -> None:
    compose = _read_yaml("docker-compose.yml")
    override = _read_yaml("docker-compose.override.yml")

    migration_service = compose["services"]["migration"]
    app_service = compose["services"]["app"]

    assert migration_service["command"] == ["python", "-m", "scripts.run_migrations"]
    assert migration_service["restart"] == "no"
    assert app_service["depends_on"]["migration"]["condition"] == "service_completed_successfully"
    assert override["services"]["migration"]["build"] == "."
    assert override["services"]["app"]["build"] == "."


def test_image_defaults_to_uvicorn_only() -> None:
    dockerfile = (PROJECT_ROOT / "Dockerfile").read_text()
    entrypoint = (PROJECT_ROOT / "docker/entrypoint.sh").read_text()

    assert 'CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]' in dockerfile
    assert 'exec "$@"' in entrypoint
    assert "app_db_adopt" not in entrypoint
    assert "location_db_adopt" not in entrypoint
    assert "poo_db_adopt" not in entrypoint


def test_dockerfile_copy_sources_exist() -> None:
    """Every path the Dockerfile COPYs *from the build context* must exist in
    the repo, so the image build cannot break on a stale COPY of a removed path
    (e.g. the retired alembic_location / alembic_poo chains).

    COPY instructions that use --from=<stage> copy from a build stage, not from
    the host build context, so their source paths are intentionally skipped here
    (they would not correspond to repo paths)."""
    dockerfile = (PROJECT_ROOT / "Dockerfile").read_text()
    for raw_line in dockerfile.splitlines():
        line = raw_line.strip()
        if not line.startswith("COPY "):
            continue
        tokens = line.split()[1:]
        # Skip inter-stage copies: --from=<stage> means the source is inside
        # a build stage, not the host build context.
        if any(t.startswith("--from=") for t in tokens):
            continue
        # Drop remaining flags (e.g. --chown=, --chmod=).
        tokens = [t for t in tokens if not t.startswith("--")]
        # COPY <src...> <dest>: the last token is the destination.
        for src in tokens[:-1]:
            assert (PROJECT_ROOT / src).exists(), (
                f"Dockerfile COPY source does not exist in the build context: {src}"
            )


def test_dockerfile_multistage_frontend_build() -> None:
    """The Dockerfile must have a node frontend-build stage that builds the SPA,
    and the runtime (python) stage must copy the dist from that stage.
    The runtime stage must not include a node base image."""
    dockerfile = (PROJECT_ROOT / "Dockerfile").read_text()

    # 1. A named frontend-build stage using a node base image must exist.
    assert "AS frontend-build" in dockerfile, (
        "Dockerfile must have a 'AS frontend-build' node build stage"
    )
    node_stage_lines = [
        ln.strip() for ln in dockerfile.splitlines()
        if ln.strip().startswith("FROM") and "frontend-build" in ln
    ]
    assert node_stage_lines, "No FROM line found that declares the frontend-build stage"
    assert any("node" in ln.lower() for ln in node_stage_lines), (
        "The frontend-build stage must use a node base image"
    )

    # 2. The frontend-build stage must run `npm run build`.
    assert "npm run build" in dockerfile, (
        "Dockerfile must run 'npm run build' in the frontend-build stage"
    )

    # 3. The runtime stage must COPY the dist from frontend-build into frontend/dist.
    copy_from_lines = [
        ln.strip() for ln in dockerfile.splitlines()
        if ln.strip().startswith("COPY") and "--from=frontend-build" in ln
    ]
    assert copy_from_lines, (
        "Dockerfile must have a 'COPY --from=frontend-build' instruction in the runtime stage"
    )
    # The destination must land at (or under) frontend/dist so it matches SPA_DIST_DIR default.
    assert any("frontend/dist" in ln for ln in copy_from_lines), (
        "The COPY --from=frontend-build must target ./frontend/dist"
    )

    # 4. The runtime stage base image must be python, not node.
    from_lines = [ln.strip() for ln in dockerfile.splitlines() if ln.strip().startswith("FROM")]
    # All FROM lines except the frontend-build stage must use python.
    runtime_from_lines = [ln for ln in from_lines if "frontend-build" not in ln]
    assert runtime_from_lines, "No runtime FROM line found"
    for ln in runtime_from_lines:
        assert "python" in ln.lower(), (
            f"Runtime stage base image must be python, got: {ln}"
        )
        assert "node" not in ln.lower(), (
            f"Runtime stage must not use a node base image, got: {ln}"
        )


def test_migration_runner_initializes_and_is_idempotent(
    tmp_path: Path, monkeypatch: pytest.MonkeyPatch
) -> None:
    database_urls = _configure_database_env(tmp_path, monkeypatch)

    first_run = run_all_migrations()
    second_run = run_all_migrations()

    assert first_run == {"app": "initialized"}
    assert second_run == {"app": "already_managed"}

    conn = sqlite3.connect(database_urls["app_path"])
    try:
        assert conn.execute("SELECT version_num FROM alembic_version").fetchone()[0] == APP_BASELINE_REVISION
        tables = {
            row[0]
            for row in conn.execute(
                "SELECT name FROM sqlite_master WHERE type = 'table' AND name NOT LIKE 'sqlite_%'"
            ).fetchall()
        }
    finally:
        conn.close()

    assert {
        "auth_users", "auth_sessions", "app_config", "alembic_version", "location", "poo_records"
    } <= tables

    get_settings.cache_clear()
    reset_db_caches()


def test_app_startup_still_fails_closed_without_running_adoption(
    tmp_path: Path, monkeypatch: pytest.MonkeyPatch
) -> None:
    database_urls = _configure_database_env(tmp_path, monkeypatch)
    missing_app_path = database_urls["app_path"]

    app = create_app()
    with pytest.raises(RuntimeError, match="Run 'python scripts/app_db_adopt.py' first"):
        anyio.run(_run_lifespan, app)

    assert not Path(missing_app_path).exists()

    get_settings.cache_clear()
    reset_db_caches()