#!/bin/bash
# clickhouse entrypoint (cc-ci Q4.7b hardening — recipe-PR for recipe-maintainers/plausible).
#
# clickhouse-backup is the BACKUP tool (backupbot pre/post-hooks: `clickhouse-backup create/restore`).
# It is NOT required for clickhouse-SERVER (`/entrypoint.sh`) to run. The published recipe fetched it
# with `set -ex` + a single silenced no-retry wget to ephemeral /tmp, so ANY transient failure of the
# 22 MB GitHub download (rate-limit / network) exited the container BEFORE the server started → swarm
# restarted it → re-downloaded → amplified the throttle → crash-loop → deploy timeout (cc-ci Q4.7).
#
# Hardening (no behaviour change when the download succeeds first try):
#   - cache the binary on the PERSISTENT clickhouse data volume (/var/lib/clickhouse) so it is fetched
#     at most once and reused on every container restart (no re-download amplification);
#   - retry with backoff;
#   - NEVER let a download failure block the server start (best-effort: the server comes up, backup/
#     restore degrade until the next successful fetch);
#   - un-silenced so a failure is diagnosable in `docker service logs`.

set -e

CLICKHOUSE_BACKUP_VERSION=2.4.2

ARCH=$(uname -m)
if [[ $ARCH =~ "aarch64" ]]; then
  ARCH="arm64"
elif [[ $ARCH =~ "armv5l" ]]; then
  ARCH="armv5"
elif [[ $ARCH =~ "armv6l" ]]; then
  ARCH="armv6"
elif [[ $ARCH =~ "armv7l" ]]; then
  ARCH="armv7"
elif [[ $ARCH =~ "x86_64" ]]; then
  ARCH="amd64"
fi

CACHE_DIR=/var/lib/clickhouse/.ccci-bin
CACHED="${CACHE_DIR}/clickhouse-backup"
BIN=/usr/local/bin/clickhouse-backup
URL="https://github.com/AlexAkulov/clickhouse-backup/releases/download/v${CLICKHOUSE_BACKUP_VERSION}/clickhouse-backup-linux-${ARCH}.tar.gz"

install_clickhouse_backup() {
  mkdir -p "$CACHE_DIR"
  if [ -x "$CACHED" ]; then
    cp -f "$CACHED" "$BIN"
    echo "clickhouse-backup: restored from persistent cache ($CACHED)"
    return 0
  fi
  for attempt in 1 2 3 4 5; do
    if wget --continue --output-document=/tmp/clickhouse-backup.tar.gz "$URL" \
       && tar -xf /tmp/clickhouse-backup.tar.gz --directory=/usr/local/bin --strip-components=3; then
      cp -f "$BIN" "$CACHED" 2>/dev/null || true
      echo "clickhouse-backup: downloaded + cached (attempt ${attempt})"
      return 0
    fi
    echo "clickhouse-backup: fetch attempt ${attempt} failed; backing off $((attempt * 10))s" >&2
    sleep $((attempt * 10))
  done
  echo "clickhouse-backup: fetch FAILED after retries — starting clickhouse-server WITHOUT the backup tool (backup/restore unavailable until a later restart fetches it)" >&2
  return 1
}

# Best-effort: the server MUST start even if the backup-tool fetch fails (it is not a server dependency).
install_clickhouse_backup || true

exec /entrypoint.sh