#!/bin/sh
set -eu

# Wait for postgres to be ready before running migrations
echo "Waiting for postgres..."
until pg_isready -h "${POSTGRES_HOST:-postgres}" -p "${POSTGRES_PORT:-5432}" -q; do
  sleep 1
done
echo "Postgres is ready."

# The bind mount (.:/app) provides workspace-level node_modules symlinks from
# the *host*, but those symlinks target the root node_modules/.pnpm store.
# Inside the container, /app/node_modules is a named volume whose pnpm
# content-addressable hashes may differ from the host's.  Re-running install
# regenerates the workspace symlinks so they resolve against the container's
# pnpm store.  --frozen-lockfile ensures no lock changes; --prefer-offline
# avoids network round-trips when packages are already cached in the volume.
# CI=true suppresses interactive prompts (e.g. "reinstall from scratch?")
CI=true pnpm install --frozen-lockfile

# Regenerate Prisma client (needed after bind-mount overlays the image layer)
pnpm --filter @capakraken/db db:generate

# Sync full schema to the DB first. The files under prisma/migrations/ are
# idempotent SUPPLEMENTS (see "IF NOT EXISTS" guards in each migration.sql);
# they assume the base tables already exist from a prior `db push`. On a
# fresh DB, migrate deploy alone would fail because the first incremental
# migration references "users" before it exists.
pnpm --filter @capakraken/db exec prisma db push --schema ./prisma/schema.prisma --accept-data-loss --skip-generate

# Run pending migrations so a fresh checkout picks up incremental additions
pnpm --filter @capakraken/db db:migrate:deploy

pnpm check:exports
pnpm check:imports

repo_home="/tmp/capakraken-dev-home"

# Cross-platform stat: GNU stat uses -c, BSD/macOS stat uses -f
if stat -c '%u' /app >/dev/null 2>&1; then
  repo_uid="$(stat -c '%u' /app)"
  repo_gid="$(stat -c '%g' /app)"
else
  repo_uid="$(stat -f '%u' /app)"
  repo_gid="$(stat -f '%g' /app)"
fi

mkdir -p /app/apps/web/.next
mkdir -p "$repo_home/.config/pnpm"
chown -R "$repo_uid:$repo_gid" /app/apps/web/.next
chown -R "$repo_uid:$repo_gid" "$repo_home"

# Cross-platform privilege drop: setpriv (Linux) or su (macOS/BSD)
if command -v setpriv >/dev/null 2>&1; then
  exec setpriv --reuid="$repo_uid" --regid="$repo_gid" --clear-groups \
    env HOME="$repo_home" XDG_CONFIG_HOME="$repo_home/.config" \
    pnpm --filter @capakraken/web exec next dev -H 0.0.0.0 -p 3100
else
  exec su -s /bin/sh "#${repo_uid}" -c \
    "HOME='$repo_home' XDG_CONFIG_HOME='$repo_home/.config' pnpm --filter @capakraken/web exec next dev -H 0.0.0.0 -p 3100"
fi