"""Tests for scripts/setup_cell.py setup helpers."""
import os
import sys
import shutil
import subprocess
import tempfile
import unittest
from pathlib import Path

sys.path.insert(0, str(Path(__file__).parent.parent / 'scripts'))
import setup_cell  # noqa: E402


class TestEnsureCosignPubkey(unittest.TestCase):
    """ensure_cosign_pubkey restores the tracked key after a `rm -rf config/`.

    Regression: `make reinstall`/`uninstall` wipe config/, deleting the tracked
    config/cosign/cosign.pub; without restore, enforce-mode store installs break.
    """

    KEY_REL = os.path.join('config', 'cosign', 'cosign.pub')
    KEY_BODY = '-----BEGIN PUBLIC KEY-----\nTESTKEYDATA\n-----END PUBLIC KEY-----\n'

    def setUp(self):
        self.tmp = tempfile.mkdtemp()
        env = {**os.environ, 'GIT_CONFIG_GLOBAL': '/dev/null', 'GIT_CONFIG_SYSTEM': '/dev/null'}
        subprocess.run(['git', 'init', '-q', self.tmp], check=True, env=env)
        subprocess.run(['git', '-C', self.tmp, 'config', 'user.email', 't@t'], check=True)
        subprocess.run(['git', '-C', self.tmp, 'config', 'user.name', 't'], check=True)
        self.key = os.path.join(self.tmp, self.KEY_REL)
        os.makedirs(os.path.dirname(self.key))
        with open(self.key, 'w') as f:
            f.write(self.KEY_BODY)
        subprocess.run(['git', '-C', self.tmp, 'add', '-A'], check=True)
        subprocess.run(['git', '-C', self.tmp, 'commit', '-qm', 'init'], check=True, env=env)
        self._root = setup_cell.ROOT
        setup_cell.ROOT = self.tmp

    def tearDown(self):
        setup_cell.ROOT = self._root
        shutil.rmtree(self.tmp, ignore_errors=True)

    def test_restores_key_when_wiped(self):
        os.remove(self.key)
        shutil.rmtree(os.path.dirname(self.key))  # mimic `rm -rf config/`
        self.assertFalse(os.path.exists(self.key))
        setup_cell.ensure_cosign_pubkey()
        self.assertTrue(os.path.exists(self.key))
        self.assertEqual(open(self.key).read(), self.KEY_BODY)

    def test_noop_when_key_present(self):
        setup_cell.ensure_cosign_pubkey()
        self.assertEqual(open(self.key).read(), self.KEY_BODY)

    def test_warns_not_raises_outside_git(self):
        # Not a git checkout and key missing → must warn, never raise.
        non_git = tempfile.mkdtemp()
        setup_cell.ROOT = non_git
        try:
            setup_cell.ensure_cosign_pubkey()  # should not raise
            self.assertFalse(os.path.exists(os.path.join(non_git, self.KEY_REL)))
        finally:
            shutil.rmtree(non_git, ignore_errors=True)


if __name__ == '__main__':
    unittest.main()