#!/usr/bin/env bash

# Copyright (c) 2020-now by the Zeek Project. See LICENSE for details.

set -e
set -o pipefail

usage() {
    cat << EOF
Downloads CI packaging artifacts and optionally uploads them to a release.

Usage: $0 --commit COMMIT --upload

This script downloads Cirrus CI packaging artifacts for the given COMMIT from
all completed tasks and stores them in a temporary directory. The packaging
artifacts will be renamed to include te name of the job which produced them.
The output directory will be reported.

With '--upload' artifacts are uploaded to the release page and we expect a valid
Github token with 'repo' scope passed on stdin. In this case COMMIT should
refer to a tag for which a release already exists.
EOF
}

if [ "$#" == 0 ]; then
    usage;
    exit 1
fi

while true; do
    case "$1" in
        --commit) COMMIT="$2"; shift; shift;;
        --upload) UPLOAD=1; shift;;
        *) break;;
    esac
done

REPO=zeek/spicy
COMMIT=${COMMIT?Expected commit passed with '--commit COMMIT'}

while read -t 0 -r GITHUB_TOKEN; do
    break
done < /dev/stdin

OUTPUT_DIR=binary_artifacts
mkdir ${OUTPUT_DIR} && cd "${OUTPUT_DIR}"

echo "Storing artifacts in ${OUTPUT_DIR}"

mkdir packages
curl -sSL https://api.github.com/repos/"${REPO}"/commits/"${COMMIT}"/check-runs'?per_page=100' \
    | jq -r '.check_runs[] | select(.app.name=="Cirrus CI") | select(.name | test("^(docker|macos|freebsd)")) | select(.conclusion=="success") | ["https://api.cirrus-ci.com/v1/artifact/task/" + .external_id + "/packages.zip", .name] | @tsv' \
    | while IFS=$'\t' read -r URI NAME; do
        echo "Fetching artifacts for CI job ${NAME}"
        curl -sSL "$URI" -o packages.zip
        unzip packages.zip 1> /dev/null

        # Testing with `-e` only works if there is a single glob match. We know
        # this is the case here.
        # shellcheck disable=SC2144
        if [ -e build/spicy*.tar.gz ]; then
            mv build/spicy*.tar.gz "packages/spicy_${NAME}.tar.gz"
        elif [ -e spicy*.deb ]; then
            mv spicy*.deb "packages/spicy_${NAME}.deb"
        elif [ -e spicy*.rpm ]; then
            mv spicy*.rpm "packages/spicy_${NAME}.rpm"
        fi

        rm -rf build spicy* packages.zip
    done

mv packages/* .
rmdir packages

if [ -n "${UPLOAD}" ]; then
    if [[ "${COMMIT}" != v* ]]; then
        echo "Skipping upload since ${COMMIT} does not look like a release tag"
        exit 1
    fi

    UPLOAD_URL=$(curl -sSL https://api.github.com/repos/"${REPO}"/releases | jq -r '.[] | select(.tag_name=="'"${COMMIT}"'") | .upload_url')

    if [[ -z "${UPLOAD_URL}" ]]; then
        echo "Not updating release artifacts since release ${COMMIT} does not exist"
        exit 0
    fi

    for ARTIFACT in *.tar.gz; do
        curl -sSL \
            -X POST --data-binary @./"${ARTIFACT}" \
            --header "Content-Type: application/octet-stream" \
            --header "Authorization:token ${GITHUB_TOKEN}" \
            "${UPLOAD_URL}?name=${ARTIFACT}"
        done
fi