#!/bin/bash

set -e

usage() {
	echo "release.sh start [-l LIVE_ARCHS] [-f LIVE_VARIANTS] [-a ROOTFS_ARCHS]"
	echo "    [-p PLATFORMS] [-i SBC_IMGS] [-d DATE] [-r REPOSITORY] -- [gh args...]"
	echo "release.sh dl [run id] -- [gh args...]"
	echo "release.sh sign DATE SHASUMFILE"
	exit 1
}

check_programs() {
	for prog; do
		if ! type $prog &>/dev/null; then
			echo "missing program: $prog"
			exit 1
		fi
	done
}

start_build() {
	check_programs gh
	ARGS=()
	while getopts "a:d:f:i:l:p:r:" opt; do
		case $opt in
			a) ARGS+=(-f rootfs="$OPTARG") ;;
			d) ARGS+=(-f datecode="$OPTARG") ;;
			f) ARGS+=(-f live_flavors="$OPTARG") ;;
			i) ARGS+=(-f sbc_imgs="$OPTARG") ;;
			l) ARGS+=(-f live_archs="$OPTARG") ;;
			p) ARGS+=(-f platformfs="$OPTARG") ;;
			r) ARGS+=(-f mirror="$OPTARG") ;;
			?) usage;;
		esac
	done
	shift $((OPTIND - 1))
	gh workflow run gen-images.yml "${ARGS[@]}" "$@"
}

# this assumes that the latest successful build is the one to download
# wish it could be better but alas:
# https://github.com/cli/cli/issues/4001
download_build() {
	local run
	check_programs gh
	if [ -n "$1" ] && [ "$1" != "--" ]; then
		run="$1"
		shift
	else
		run="$(gh run list -s success -w gen-images.yml --json databaseId -q '.[].databaseId' "$@" | sort -r | head -1)"
	fi
	if [ -n "$1" ] && [ "$1" != "--" ]; then
		usage
	elif [ "$1" == "--" ]; then
		shift
	fi
	echo "Downloading artifacts from run ${run} [this may take a while] ..."
	gh run download "$run" -p 'pep-live*' "$@"
	echo "Done."
}

sign_build() {
	check_programs pwgen minisign
	DATECODE="$1"
	SUMFILE="$2"
	mkdir -p release

	echo "Creating key..."
	pwgen -cny 25 1 > "release/pep-release-$DATECODE.key"
	minisign -G -p "release/pep-release-$DATECODE.pub" \
		-s "release/pep-release-$DATECODE.sec" \
		-c "This key is only valid for images with date $DATECODE." \
		< <(cat "release/pep-release-$DATECODE.key" "release/pep-release-$DATECODE.key")

	echo "Signing $SUMFILE..."
	minisign -S -x "${SUMFILE//txt/sig}" -s "release/pep-release-$DATECODE.sec" \
		-c "This key is only valid for images with date $DATECODE." \
		-t "This key is only valid for images with date $DATECODE." \
		-m "$SUMFILE" < "release/pep-release-$DATECODE.key"
}

case "$1" in
	st*) shift; start_build "$@" ;;
	d*) shift; download_build "$@" ;;
	si*) shift; sign_build "$@" ;;
	*) usage ;;
esac