v1alpha1

type AIAnalysisConfig struct {
	// Enabled controls whether AI analysis is active for this repository
	// +kubebuilder:validation:Required
	Enabled bool `json:"enabled"`

	// Provider specifies which LLM provider to use for analysis
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=openai;gemini
	Provider string `json:"provider"`

	// APIURL is an optional base URL to override the default API endpoint of the LLM provider.
	// If not specified, provider-specific defaults are used:
	// - OpenAI: https://api.openai.com/v1
	// - Gemini: https://generativelanguage.googleapis.com/v1beta
	// Use this to configure self-hosted LLM instances, proxy services, or alternative endpoints.
	// +optional
	APIURL string `json:"api_url,omitempty"`

	// TokenSecretRef references the Kubernetes secret containing the LLM provider API token
	// +kubebuilder:validation:Required
	TokenSecretRef *Secret `json:"secret_ref"`

	// TimeoutSeconds sets the maximum time to wait for LLM analysis (default: 30)
	// +optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=300
	TimeoutSeconds int `json:"timeout_seconds,omitempty"`

	// MaxTokens limits the response length from the LLM (default: 1000)
	// +optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=4000
	MaxTokens int `json:"max_tokens,omitempty"`

	// Roles defines different analysis scenarios and their configurations
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	// +listType=map
	// +listMapKey=name
	Roles []AnalysisRole `json:"roles"`
}

type AnalysisRole struct {
	// Name is a unique identifier for this analysis role
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Prompt is the base prompt template sent to the LLM for analysis
	// +kubebuilder:validation:Required
	Prompt string `json:"prompt"`

	// Model specifies which LLM model to use for this role (optional).
	// You can specify any model supported by your provider.
	// If not specified, provider-specific defaults are used:
	// - OpenAI: gpt-5-mini
	// - Gemini: gemini-2.5-flash-lite
	// +optional
	Model string `json:"model,omitempty"`

	// OnCEL is a CEL expression that determines when this role should be triggered
	// +optional
	OnCEL string `json:"on_cel,omitempty"`

	// Output specifies where the analysis results should be sent (default: pr-comment)
	// +optional
	// +kubebuilder:default=pr-comment
	// +kubebuilder:validation:Enum=pr-comment
	Output string `json:"output,omitempty"`

	// ContextItems defines what context data to include in the analysis
	// +optional
	ContextItems *ContextConfig `json:"context_items,omitempty"`
}

type ContainerLogsConfig struct {
	// Enabled controls whether container logs are included
	Enabled bool `json:"enabled"`

	// MaxLines limits the number of log lines to include (default: 50)
	// +optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=1000
	MaxLines int `json:"max_lines,omitempty"`
}

type ContextConfig struct {
	// CommitContent includes commit message and diff information
	// +optional
	CommitContent bool `json:"commit_content,omitempty"`

	// PRContent includes pull request title, description, and metadata
	// +optional
	PRContent bool `json:"pr_content,omitempty"`

	// ErrorContent includes error messages and failure summaries
	// +optional
	ErrorContent bool `json:"error_content,omitempty"`

	// ContainerLogs configures inclusion of container/task logs
	// +optional
	ContainerLogs *ContainerLogsConfig `json:"container_logs,omitempty"`
}

type GitProvider struct {
	// URL of the git provider API endpoint. This is the base URL for API requests to the
	// Git provider (e.g., 'https://api.github.com' for GitHub or a custom GitLab instance URL).
	// +optional
	URL string `json:"url,omitempty"`

	// User of the git provider. Username to use for authentication when using basic auth
	// or token-based authentication methods. Not used for GitHub Apps authentication.
	// +optional
	User string `json:"user,omitempty"`

	// Secret reference for authentication with the Git provider. Contains the token,
	// password, or private key used to authenticate requests to the Git provider API.
	// +optional
	Secret *Secret `json:"secret,omitempty"`

	// WebhookSecret reference for webhook validation. Contains the shared secret used to
	// validate that incoming webhooks are legitimate and coming from the Git provider.
	// +optional
	WebhookSecret *Secret `json:"webhook_secret,omitempty"`

	// Type of git provider. Determines which Git provider API and authentication flow to use.
	// Supported values:
	// - 'github': GitHub.com or GitHub Enterprise
	// - 'gitlab': GitLab.com or self-hosted GitLab
	// - 'bitbucket-datacenter': Bitbucket Data Center (self-hosted)
	// - 'bitbucket-cloud': Bitbucket Cloud (bitbucket.org)
	// - 'gitea': Gitea instances
	// +optional
	// +kubebuilder:validation:Enum=github;gitlab;bitbucket-datacenter;bitbucket-cloud;gitea
	Type string `json:"type,omitempty"`
}

type GithubSettings struct {
	// CommentStrategy defines how GitLab comments are handled for pipeline results.
	// Options:
	// - 'disable_all': Disables all comments on merge requests
	// +optional
	// +kubebuilder:validation:Enum="";disable_all
	CommentStrategy string `json:"comment_strategy,omitempty"`
}

type GitlabSettings struct {
	// CommentStrategy defines how GitLab comments are handled for pipeline results.
	// Options:
	// - 'disable_all': Disables all comments on merge requests
	// +optional
	// +kubebuilder:validation:Enum="";disable_all
	CommentStrategy string `json:"comment_strategy,omitempty"`
}

type Incoming struct {
	// Type of the incoming webhook. Currently only 'webhook-url' is supported, which allows
	// external systems to trigger PipelineRuns via generic webhook requests.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=webhook-url
	Type string `json:"type"`

	// Secret for the incoming webhook authentication. This secret is used to validate
	// that webhook requests are coming from authorized sources.
	// +kubebuilder:validation:Required
	Secret Secret `json:"secret"`

	// Params defines parameter names to extract from the webhook payload. These parameters
	// will be made available to the PipelineRuns triggered by this webhook.
	// +optional
	Params []string `json:"params,omitempty"`

	// Targets defines target branches for this webhook. When specified, only webhook
	// events targeting these branches will trigger PipelineRuns.
	// +optional
	Targets []string `json:"targets,omitempty"`
}

type Params struct {
	// Name of the parameter. This is the key that will be used to reference this parameter
	// in PipelineRun definitions through via the {{ name }} syntax.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Value of the parameter. The literal value to be provided to the PipelineRun.
	// This field is mutually exclusive with SecretRef.
	// +optional
	Value string `json:"value,omitempty"`

	// SecretRef references a secret for the parameter value. Use this when the parameter
	// contains sensitive information that should not be stored directly in the Repository CR.
	// This field is mutually exclusive with Value.
	// +optional
	SecretRef *Secret `json:"secret_ref,omitempty"`

	// Filter defines when this parameter applies. It can be used to conditionally
	// apply parameters based on the event type, branch name, or other attributes.
	// +optional
	Filter string `json:"filter,omitempty"`
}

type Policy struct {
	// OkToTest defines a list of usernames that are allowed to trigger pipeline runs on pull requests
	// from external contributors by commenting "/ok-to-test" on the PR. These users are typically
	// repository maintainers or trusted contributors who can vouch for external contributions.
	// +optional
	OkToTest []string `json:"ok_to_test,omitempty"`

	// PullRequest defines a list of usernames that are explicitly allowed to execute
	// pipelines on their pull requests, even if they wouldn't normally have permission.
	// This is useful for allowing specific external contributors to trigger pipeline runs.
	// +optional
	PullRequest []string `json:"pull_request,omitempty"`
}

type Repository struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata"`

	Spec   RepositorySpec        `json:"spec"`
	Status []RepositoryRunStatus `json:"pipelinerun_status,omitempty"`
}

type RepositoryList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []Repository `json:"items"`
}

type RepositoryRunStatus struct {
	duckv1.Status `json:",inline"`

	// PipelineRunName is the name of the PipelineRun
	// +optional
	PipelineRunName string `json:"pipelineRunName,omitempty"`

	// StartTime is the time the PipelineRun is actually started.
	// +optional
	StartTime *metav1.Time `json:"startTime,omitempty"`

	// CompletionTime is the time the PipelineRun completed.
	// +optional
	CompletionTime *metav1.Time `json:"completionTime,omitempty"`

	// SHA is the name of the SHA that has been tested
	// +optional
	SHA *string `json:"sha,omitempty"`

	// SHA the URL of the SHA to view it
	// +optional
	SHAURL *string `json:"sha_url,omitempty"`

	// Title is the title of the commit SHA that has been tested
	// +optional
	Title *string `json:"title,omitempty"`

	// LogURL is the full URL to the log for this run.
	// +optional
	LogURL *string `json:"logurl,omitempty"`

	// TargetBranch is the target branch of that run
	// +optional
	TargetBranch *string `json:"target_branch,omitempty"`

	// EventType is the event type of that run
	// +optional
	EventType *string `json:"event_type,omitempty"`

	// CollectedTaskInfos is the information about tasks
	CollectedTaskInfos *map[string]TaskInfos `json:"failure_reason,omitempty"`
}

type RepositorySpec struct {
	// ConcurrencyLimit defines the maximum number of concurrent pipelineruns that can
	// run for this repository. This helps prevent resource exhaustion when many events trigger
	// pipelines simultaneously.
	// +optional
	// +kubebuilder:validation:Minimum=1
	ConcurrencyLimit *int `json:"concurrency_limit,omitempty"` // move it to settings in further version of the spec

	// URL of the repository we are building. Must be a valid HTTP/HTTPS Git repository URL
	// that PAC will use to clone and fetch pipeline definitions from.
	// +optional
	URL string `json:"url"`

	// GitProvider details specific to a git provider configuration. Contains authentication,
	// API endpoints, and provider type information needed to interact with the Git service.
	// +optional
	GitProvider *GitProvider `json:"git_provider,omitempty"`

	// Incomings defines incoming webhook configurations. Each configuration specifies how to
	// handle external webhook requests that don't come directly from the primary Git provider.
	// +optional
	Incomings *[]Incoming `json:"incoming,omitempty"`

	// Params defines repository level parameters that can be referenced in PipelineRuns.
	// These parameters can be used as default values or configured for specific events.
	// +optional
	Params *[]Params `json:"params,omitempty"`

	// Settings contains the configuration settings for the repository, including
	// authorization policies, provider-specific configuration, and provenance settings.
	// +optional
	Settings *Settings `json:"settings,omitempty"`
}

type Secret struct {
	// Name of the secret
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Key in the secret
	// +optional
	Key string `json:"key"`
}

type Settings struct {
	// GithubAppTokenScopeRepos lists repositories that can access the GitHub App token when using the
	// GitHub App authentication method. This allows specific repositories to use tokens generated for
	// the GitHub App installation, useful for cross-repository access.
	// +optional
	GithubAppTokenScopeRepos []string `json:"github_app_token_scope_repos,omitempty"`

	// PipelineRunProvenance configures how PipelineRun definitions are fetched.
	// Options:
	// - 'source': Fetch definitions from the event source branch/SHA (default)
	// - 'default_branch': Fetch definitions from the repository default branch
	// +optional
	// +kubebuilder:validation:Enum=source;default_branch
	PipelineRunProvenance string `json:"pipelinerun_provenance,omitempty"`

	// Policy defines authorization policies for the repository, controlling who can
	// trigger PipelineRuns under different conditions.
	// +optional
	Policy *Policy `json:"policy,omitempty"`

	// Gitlab contains GitLab-specific settings for repositories hosted on GitLab.
	// +optional
	Gitlab *GitlabSettings `json:"gitlab,omitempty"`

	Github *GithubSettings `json:"github,omitempty"`

	// AIAnalysis contains AI/LLM analysis configuration for automated CI/CD pipeline analysis.
	// +optional
	AIAnalysis *AIAnalysisConfig `json:"ai,omitempty"`
}

type TaskInfos struct {
	Name           string       `json:"name"`
	Message        string       `json:"message,omitempty"`
	LogSnippet     string       `json:"log_snippet,omitempty"`
	Reason         string       `json:"reason,omitempty"`
	DisplayName    string       `json:"display_name,omitempty"`
	CompletionTime *metav1.Time `json:"completion_time,omitempty"`
}