#!/bin/busybox ash
set -eo pipefail

alpine_branch="$(cat /etc/alpine-release | sed -E 's,^([0-9]+)\.([0-9]+)\..*,v\1.\2,')"
arch="${CARCH:-aarch64}"

# Usage: $0 <packager> <path> <branch> [<git>]
# This file will build a package _if_ it is not yet uploaded, and upload it
packager="$1"
path="$2"
branch="$3"
git="$4"

# Let's use some common names, we're in our own docker container anyways
sudo mkdir -p /alpine
sudo chown -R ${USER:-1000} /alpine
dir="/alpine/src"
repo="/alpine/repo"
mkdir -p "$repo"

# forgejo will re-sign the package anyways, so we just create a throwaway key here
echo | abuild-keygen -a -i -b 4096
echo "REPODEST=\"$repo\"" >>~/.abuild/abuild.conf
echo "PACKAGER=\"$packager\"" >>~/.abuild/abuild.conf

# initialise abuild repos
abuild-apk update
if [ -n "$CBUILDROOT" ]; then
	abuild-apk update --root "$CBUILDROOT" --arch "$CTARGET"
fi

# this script needs jq
abuild-apk add jq

set -x

# so we need to download the relevant files for `abuild up2date`
api="https://msrd0.dev/api/v1/packages/alpine"
repo_api="https://msrd0.dev/api/packages/alpine"
repo_dest="$repo/$(dirname "$path")/$arch"
mkdir -p "$repo_dest"
# definitely the best way to get the filename for the key (:
tmpfile=$(mktemp -u)
keyfile=$(wget -SO "$tmpfile" "$repo_api/key" 2>&1 \
	| grep 'Content-Disposition: attachment' \
	| awk '{print $3}' \
	| sed -e 's,filename=",,' -e 's,";,,' \
	|| true)
# if we couldn't download the keyfile, the repository might not yet exist
if [ -n "$keyfile" ]
then
	sudo mv "$tmpfile" "/etc/apk/keys/$keyfile"
fi
dl_pkg() {
	local pkg ver dest dl_url
	pkg="$1"
	shift
	ver="$1"
	shift
	while [ "$#" -gt 0 ]
	do
		if [ "$(apk version -t "$ver" "$1")" == "<" ]
		then
			ver="$1"
		fi
		shift
	done
	for file in $(wget -qO- "$api/alpine/$pkg/$ver/files")
	do
		# so ... apparently noarch packages get "reassigned" to the target architecture
		# this means we can rely on $CARCH to download the package
		dl_url="$repo_api/alpine/$alpine_branch/alpine/$file"
		echo "Trying to download existing package $dl_url ..."
		wget -O "$dest/$file" "$dl_url" \
			|| echo "Failed to download $dl_url" >&2
	done
}
wget -qO- "$api" \
	|| (echo "[]"; echo "Failed to download $api" >&2) \
	| jq -rc 'group_by(.name) | .[] | [.[0].name] + [.[] | .version]' \
	| sed -e 's,\[,,' -e 's/,/ /g' -e 's,\],,' \
	| while read line
	  do
		dl_pkg $line
	  done
apk index --no-warnings --quiet \
	--output "$repo_dest/APKINDEX.tar.gz" \
	--rewrite-arch "$arch" \
	"$repo_dest"/*.apk \
	&& abuild-sign -q "$repo_dest/APKINDEX.tar.gz" \
	|| echo "Failed to create APKINDEX.tar.gz" >&2

# let's not waste more CPU cycles than necessary
abuild-apk add lld
echo "export LDFLAGS=\"\$LDFLAGS -fuse-ld=lld\"" >>~/.abuild/abuild.conf
echo "export RUSTFLAGS=\"-C link-arg=-fuse-ld=lld\"" >>~/.abuild/abuild.conf
echo "export CARGO_NET_GIT_FETCH_WITH_CLI=true" >>~/.abuild/abuild.conf

# grab the path from the repository
git clone --depth 1 --sparse --branch "$branch" -- "$git" "$dir"
cd "$dir"
git sparse-checkout add "$path"
export APKBUILD="$path/APKBUILD"

# make sure that all checksums match, regardless if we build the package or not
abuild verify

# if not up to date, build and upload
if ! abuild up2date
then
	abuild -r
	# TODO upload
fi