#!/bin/bash
# usage: laminarc run checkout_ci remote="ssh://src.liz.coffee:2222/cgit" rev="<sha>" \
#                                 refname="refs/..."

RUN=`date +%s`
RETURN="$PWD"
WORKING_DIR="$PWD/$RUN"

export LOG_PREFIX="[checkout_ci.$RUN]"

log "hewwo~ starting checkout job for $remote @ $refname - $rev"
mkdir -p "$WORKING_DIR" && cd "$WORKING_DIR"

CODE="$WORKING_DIR/src"
checkout="$rev" path="$CODE" fetch_code

CI_WORKFLOW="$CODE/.ci/ci.json"
if [[ ! -e "$CI_WORKFLOW" ]]; then
    log "couldn't find any ci configuration (｡•́︿•̀｡) that's okay~"
    exit 0
fi

PIPELINE_GENERATOR_PATH=$(jq -r '.pipeline' "$CI_WORKFLOW")
if [[ "$PIPELINE_GENERATOR_PATH" == *".."* ]]; then
    log "found sneaky '..' in path (⋟﹏⋞) that's not allowed!"
    exit 1
fi

log "building the pipeline~ (◕ᴗ◕✿) let's make something amazing!"
PIPELINE="$WORKING_DIR/pipeline.json"
docker run --rm --network none --cap-drop ALL --security-opt no-new-privileges \
  -e refname="$refname" -e rev="$rev" -e remote="$remote" \
  -v "$CODE/$PIPELINE_GENERATOR_PATH:/pipeline_generator" \
  oci.liz.coffee/img/liz-ci:release /pipeline_generator \
  > "$PIPELINE"

pipeline="$PIPELINE" run_pipeline

log "cleaning up after myself like a good kitty (˘ω˘)"
cd "$RETURN" && rm -rf "$WORKING_DIR"

log "all done with checkout! hope it worked~ (⑅˘꒳˘)"