# frozen_string_literal: true

namespace :diffcrypt do

desc 'Initialize credentials for all environments'
task :init, %i[environments] do |_t, args|
  args.with_defaults(
    environments: 'development,test,staging,production',
  )
  environments = args.environments.split(',')

  environments.each do |environment|
    key_path = Rails.root.join('config', 'credentials', "#{environment}.key")
    file_path = Rails.root.join('config', 'credentials', "#{environment}.yml.enc")
    gitignore_path = Rails.root.join('.gitignore')
    next if File.exist?(file_path) || File.exist?(key_path)

    # Generate a new key
    key = Diffcrypt::Encryptor.generate_key
    key_dir = File.dirname(key_path)
    Dir.mkdir(key_dir) unless Dir.exist?(key_dir)
    ::File.write(key_path, key)

    # Encrypt default contents
    file = Diffcrypt::File.new(file_path)
    data = {
      'secret_key_base' => SecureRandom.hex(32),
    }
    file.write(key, data)

    # Ensure .key files are always ignored
    ::File.open(gitignore_path, 'a') do |f|
      f.write("\nconfig/credentials/*.key")
    end
  end
end

end