provider "google" {
  project = var.project_id
  region  = var.region
  zone    = var.zone
}

# Enable required APIs
resource "google_project_service" "services" {
  for_each = toset([
    "cloudresourcemanager.googleapis.com",
    "containerregistry.googleapis.com",
    "run.googleapis.com",
    "firestore.googleapis.com",
    "storage.googleapis.com",
    "compute.googleapis.com"
  ])
  
  project = var.project_id
  service = each.key

  disable_on_destroy = false
}

# Cloud Storage bucket
resource "google_storage_bucket" "app_bucket" {
  name     = var.storage_bucket_name
  location = var.region
  uniform_bucket_level_access = true
  
  depends_on = [google_project_service.services]
}

# Firestore Database
resource "google_firestore_database" "database" {
  name        = var.firestore_db_name
  location_id = var.region
  type        = "FIRESTORE_NATIVE"
  
  depends_on = [google_project_service.services]
}

# Container Registry - no explicit resource needed, just enable the API
# You'll push images to gcr.io/${var.project_id}/sereact-api

# Cloud Run service
resource "google_cloud_run_service" "sereact" {
  name     = "sereact"
  location = var.region

  template {
    spec {
      containers {
        # Use our optimized image
        image = "gcr.io/${var.project_id}/sereact-api:latest"
        
        ports {
          container_port = 8000
        }
        
        resources {
          limits = {
            cpu    = "1"
            memory = "1Gi"
          }
        }
        
        env {
          name  = "FIRESTORE_PROJECT_ID"
          value = var.project_id
        }
        
        env {
          name  = "FIRESTORE_CREDENTIALS_FILE"
          value = "/var/secrets/google/key.json"
        }
        
        env {
          name  = "GOOGLE_APPLICATION_CREDENTIALS"
          value = "/var/secrets/google/key.json"
        }
        
        env {
          name  = "GCS_BUCKET_NAME"
          value = var.storage_bucket_name
        }
        
        env {
          name  = "VECTOR_DB_ENVIRONMENT"
          value = var.vector_db_environment
        }
        
        env {
          name  = "VECTOR_DB_INDEX_NAME"
          value = var.vector_db_index_name
        }
        
        env {
          name  = "LOG_LEVEL"
          value = "INFO"
        }
      }
    }
    
    metadata {
      annotations = {
        "autoscaling.knative.dev/maxScale" = "10"
        "run.googleapis.com/ingress" = "all"
      }
    }
  }
  
  traffic {
    percent         = 100
    latest_revision = true
  }
  
  depends_on = [google_project_service.services]
}

# Make the Cloud Run service publicly accessible
resource "google_cloud_run_service_iam_member" "public_access" {
  service  = google_cloud_run_service.sereact.name
  location = google_cloud_run_service.sereact.location
  role     = "roles/run.invoker"
  member   = "allUsers"
}