# Get Traefik network
data "docker_network" "traefik_network" {
  name = "traefik_network"
}

# Create volumes for Renovate
resource "docker_volume" "renovate_config" {
  name = "renovate-config"
}

resource "docker_volume" "renovate_cache" {
  name = "renovate-cache"
}

# Pull Renovate image
resource "docker_image" "renovate" {
  name         = var.renovate_image
  keep_locally = true
}

# Create Renovate container
resource "docker_container" "renovate" {
  image    = docker_image.renovate.image_id
  name     = var.container_name
  hostname = var.container_name
  restart  = var.restart_policy

  # Resource limits
  memory      = var.memory_limit
  memory_swap = var.memory_swap_limit

  # Environment variables for Renovate
  env = concat(
    [
      "RENOVATE_PLATFORM=${data.vault_generic_secret.renovate.data["renovate_platform"]}",
      "RENOVATE_ENDPOINT=${data.vault_generic_secret.renovate.data["renovate_endpoint"]}",
      "RENOVATE_TOKEN=${data.vault_generic_secret.renovate.data["renovate_token"]}",
      "RENOVATE_GIT_AUTHOR=${data.vault_generic_secret.renovate.data["renovate_git_author"]}",
      "RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}",
      "LOG_LEVEL=${var.log_level}"
    ],
    var.github_com_token != "" ? ["GITHUB_COM_TOKEN=${var.github_com_token}"] : [],
    var.extra_env_vars
  )

  # Network configuration
  networks_advanced {
    name = data.docker_network.traefik_network.name
  }

  # Volumes
  volumes {
    volume_name    = docker_volume.renovate_config.name
    container_path = "/usr/src/app/config"
  }

  volumes {
    volume_name    = docker_volume.renovate_cache.name
    container_path = "/tmp/renovate"
  }

  # Upload config.js if enabled
  dynamic "upload" {
    for_each = var.upload_config_file ? [1] : []
    content {
      content = templatefile("${path.module}/files/config.js.tpl", {
        platform          = data.vault_generic_secret.renovate.data["renovate_platform"]
        endpoint          = data.vault_generic_secret.renovate.data["renovate_endpoint"]
        git_author        = data.vault_generic_secret.renovate.data["renovate_git_author"]
        username          = data.vault_generic_secret.renovate.data["renovate_username"]
        autodiscover      = var.renovate_autodiscover
        onboarding_config = var.renovate_onboarding_config
      })
      file = "/usr/src/app/config.js"
    }
  }

  lifecycle {
    ignore_changes = [
      command,
      entrypoint
    ]
  }
}

# DNS CNAME record for Renovate (optional, if web interface is needed)
resource "dns_cname_record" "renovate_cname" {
  count = var.create_cname_record ? 1 : 0

  zone  = "${var.domain}."
  ttl   = 300
  name  = coalesce(var.dns_name, var.container_name)
  cname = "hosting.${var.domain}."
}