name: 'STACKIT Auth Action'
description: 'Install STACKIT CLI and authenticate with a Service Account'
author: 'STACKIT'
branding:
  icon: 'lock'
  color: 'blue'

inputs:
  service-account-key:
    description: 'STACKIT Service Account Key (JSON content)'
    required: true
  project-id:
    description: 'STACKIT Project ID to scope the token (optional)'
    required: false
  cli-version:
    description: 'Version of STACKIT CLI to install (without "v" prefix)'
    required: false
    default: '0.61.0'

outputs:
  bearer-token:
    description: 'The generated STACKIT Bearer Token'
    value: ${{ steps.get-token.outputs.token }}

runs:
  using: 'composite'
  steps:
    - name: Install STACKIT CLI
      shell: bash
      run: |
        VERSION="${{ inputs.cli-version }}"
        
        # Detect OS
        OS=$(uname -s | tr '[:upper:]' '[:lower:]')
        case "$OS" in
          linux*) OS="linux" ;;
          darwin*) OS="darwin" ;;
          msys*|cygwin*|mingw*) OS="windows" ;;
          *) echo "Unsupported OS: $OS"; exit 1 ;;
        esac
        
        # Detect ARCH
        ARCH=$(uname -m)
        case "$ARCH" in
          x86_64) ARCH="amd64" ;;
          aarch64|arm64) ARCH="arm64" ;;
          *) echo "Unsupported Architecture: $ARCH"; exit 1 ;;
        esac
        
        EXT="tar.gz"
        if [ "$OS" = "windows" ]; then EXT="zip"; fi
        
        URL="https://github.com/stackitcloud/stackit-cli/releases/download/v${VERSION}/stackit-cli_${VERSION}_${OS}_${ARCH}.${EXT}"
        
        echo "Downloading STACKIT CLI v${VERSION} for ${OS}/${ARCH}..."
        if [ "$OS" = "windows" ]; then
          curl -sL "$URL" -o stackit.zip
          unzip -q stackit.zip
          rm stackit.zip
        else
          curl -sL "$URL" | tar -xz
        fi
        
        if [ ! -f stackit ] && [ ! -f stackit.exe ]; then
          echo "Error: stackit binary not found after extraction"
          ls -R
          exit 1
        fi
        
        if [ "$OS" = "linux" ] || [ "$OS" = "darwin" ]; then
          sudo mv stackit /usr/local/bin/stackit
          chmod +x /usr/local/bin/stackit
        else
          # Windows handling (minimal)
          mkdir -p bin
          mv stackit.exe bin/stackit.exe
          echo "$(pwd)/bin" >> $GITHUB_PATH
        fi
        
        echo "STACKIT CLI installed successfully."
        stackit version

    - name: Authenticate and Get Token
      id: get-token
      shell: bash
      env:
        SA_KEY: ${{ inputs.service-account-key }}
        PROJECT_ID: ${{ inputs.project-id }}
      run: |
        # Write the service account key to a temporary file
        SA_KEY_FILE=$(mktemp)
        echo "$SA_KEY" > "$SA_KEY_FILE"
        
        # Configure the CLI to use the service account key
        export STACKIT_SERVICE_ACCOUNT_KEY_PATH="$SA_KEY_FILE"
        
        echo "Authenticating and retrieving access token..."
        
        # Construct command
        CMD="stackit auth get-access-token --only-print-access-token"
        if [ -n "$PROJECT_ID" ]; then
          CMD="$CMD --project-id $PROJECT_ID"
        fi
        
        # Execute and capture token
        TOKEN=$($CMD)
        
        if [ -z "$TOKEN" ]; then
          echo "Error: Failed to retrieve access token"
          rm "$SA_KEY_FILE"
          exit 1
        fi
        
        # Mask the token in logs
        echo "::add-mask::$TOKEN"
        
        # Set output and environment variable
        echo "token=$TOKEN" >> "$GITHUB_OUTPUT"
        echo "STACKIT_BEARER_TOKEN=$TOKEN" >> "$GITHUB_ENV"
        
        # Clean up
        rm "$SA_KEY_FILE"
        echo "Successfully authenticated and exported STACKIT_BEARER_TOKEN."