#!/bin/sh
set -eu

usage() {
	cat <<-'EOF'
		Usage:
		  cicd [-n] NAME [SHA]
		  cicd -h
	EOF
}

help() {
	cat <<-'EOF'


		Options:
		  -n            build the system, but don't switch to it (dry-run)
		  -h, --help    show this message

		  NAME          the name of the project
		  SHA           the repository SHA to checkout (default: main)


		Run a "guix system reconfigure" as root via "sudo -i".  If a -U
		flag is given, perform a "guix pull" (in root profile) prior to
		the reconfigure.  The user must be able to become the "deployer"
		user, either via "sudo reconfigure" or by being member of the
		"become-deployer" group.


		Examples:

		  Reconfigure the system:

		    $ reconfigure


		  Build the system on a custom SHA, but don't switch to it:

		    $ reconfigure -n 916dafc092f797349a54515756f2c8e477326511


		  Update and upgrade:

		    $ reconfigure -U
	EOF
}


for flag in "$@"; do
	case "$flag" in
		--)
			break
			;;
		--help)
			usage
			help
			exit
			;;
		*)
			;;
	esac
done

DRY_RUN=false
while getopts 'nh' flag; do
	case "$flag" in
		n)
			DRY_RUN=true
			;;
		h)
			usage
			help
			exit
			;;
		*)
			usage >&2
			exit 2
			;;
	esac
done
shift $((OPTIND - 1))

NAME="${1:-}"
SHA="${2:-main}"
REPO="/srv/git/$NAME.git"

if [ -z "$NAME" ]; then
	printf 'Missing NAME.\n\n' >&2
	usage >&2
	exit 2
fi

if [ "$(id -un)" != 'root' ]; then
	printf 'This script must be run as root.\n\n' >&2
	usage >&2
	exit 2
fi


set +eu
# shellcheck source=/dev/null
. /etc/rc
set -eu


uuid() {
	od -xN20 /dev/urandom |
		head -n1 |
		awk '{OFS="-"; print $2$3,$4,$5,$6,$7$8$9}'
}

tmpname() {
	printf '%s/uuid-tmpname with spaces.%s' "${TMPDIR:-/tmp}" "$(uuid)"
}

mkdtemp() {
	name="$(tmpname)"
	mkdir -- "$name"
	printf '%s' "$name"
}


TMP="$(mkdtemp)"
trap 'rm -rf "$TMP"' EXIT


set -x
chown deployer:deployer "$TMP"
cd "$TMP"
sudo -u deployer git clone "$REPO" .
sudo -u deployer --preserve-env=GIT_CONFIG_GLOBAL git checkout "$SHA"
guix system describe

if [ -f manifest.scm ]; then
	guix shell -Cv3 -m manifest.scm -- make dev
else
	sudo -u deployer make dev
fi

if [ "$DRY_RUN" = false ]; then
	# COMMENT: pre-receive is always running the previous version!
	#          The same is true for the reconfigure script itself.
	sudo cp description               "$REPO"/description
	sudo cp aux/ci/git-pre-receive.sh "$REPO"/hooks/pre-receive

	sudo -u deployer rsync \
		--delete                  \
		--chmod=D775,F664         \
		--chown=deployer:deployer \
		--exclude 'ci/*'          \
		-a                        \
		public/ /srv/www/s/"$NAME"/
fi