#!/bin/bash
# 补丁:给 sandbox 用户预建 venv,env 由 orchestrator 的 incus.ts 每次 exec 时传入。
set -euo pipefail

PROJECT="lobe-sandbox"
BUILDER="sb-patch"
IMAGE="lobe-sandbox-base"
log() { echo "==> [$(date +%H:%M:%S)] $*"; }

incus info "$BUILDER" --project "$PROJECT" >/dev/null 2>&1 && \
  incus delete "$BUILDER" --project "$PROJECT" --force

log "Launch"
incus init "$IMAGE" "$BUILDER" --project "$PROJECT" -p sandbox-default
incus start "$BUILDER" --project "$PROJECT"
sleep 3

log "Create /home/sandbox/.venv"
incus exec "$BUILDER" --project "$PROJECT" --user 1000 -- \
  uv venv /home/sandbox/.venv --seed --quiet

log "Sanity: install requests via env-injected VIRTUAL_ENV"
incus exec "$BUILDER" --project "$PROJECT" \
  --user 1000 \
  --env VIRTUAL_ENV=/home/sandbox/.venv \
  --env 'PATH=/home/sandbox/.venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
  --env HOME=/home/sandbox \
  -- bash -c '
  uv pip install --quiet requests
  python3 -c "import requests; print(\"requests\", requests.__version__, \"OK\")"
'

log "Cleanup cache"
incus exec "$BUILDER" --project "$PROJECT" --user 1000 -- \
  bash -c "rm -rf /home/sandbox/.cache/uv"
incus exec "$BUILDER" --project "$PROJECT" -- bash -c "rm -rf /root/.cache /tmp/* /var/tmp/*"

log "Stop + publish"
incus stop "$BUILDER" --project "$PROJECT"
incus image delete "$IMAGE" --project "$PROJECT" || true
incus publish "$BUILDER" --project "$PROJECT" --alias "$IMAGE"

log "Cleanup"
incus delete "$BUILDER" --project "$PROJECT"
incus image list --project "$PROJECT"
log "DONE"