#!/bin/bash
set -ex

# OPTIONAL: Enable MicroK8s features first
# sudo microk8s enable dns rbac hostpath-storage host-access
# sudo microk8s enable metrics-server

# OPTIONAL: Configure kubectl
# microk8s kubectl config view --raw > ~/.kube/config
# chmod 600 ~/.kube/config
# sudo usermod -aG microk8s $USER
# sudo chown -f -R $USER ~/.kube

helm uninstall arc -n arc-systems || true

echo "=== Install ARC Scale Set Controller ==="
helm install arc \
  --namespace arc-systems \
  --create-namespace \
  oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller

helm uninstall mealcraft-runners -n arc-systems || true

echo "=== Install MealCraft Runner Scale Set (NO Docker-in-Docker) ==="
helm install mealcraft-runners \
  --namespace arc-systems \
  --create-namespace \
  --set runnerScaleSetName="mealcraft-runners" \
  --set githubConfigUrl="https://github.com/MealCraft" \
  --set githubConfigSecret.name="github-secret" \
  --set githubConfigSecret.github_token="$GITHUB_PAT" \
  --set dockerInDockerEnabled=false \
  --set containerMode.type="runner" \
  --set runnerLabels[0]="mealcraft" \
  oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set


echo "=== Applying RBAC for runner ==="

microk8s kubectl apply -f - <<'EOF'
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: arc-runner-readonly
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: arc-runner-readonly-binding
subjects:
  - kind: ServiceAccount
    name: default
    namespace: arc-systems
roleRef:
  kind: ClusterRole
  name: arc-runner-readonly
  apiGroup: rbac.authorization.k8s.io
EOF


echo "=== RBAC Applied Successfully ==="