#!/bin/bash
# -*- fill-column: 78 -*-

# Copyright (C) 2025  Sean Whitton <spwhitton@spwhitton.name>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

set -eo pipefail
shopt -s inherit_errexit # #514862, wtf

if [ $# != 1 ]; then
    echo >&2 "$0 takes exactly one argument"
    exit 12
fi

release=$1
mirror=http://deb.debian.org/debian
variant=minbase
early_pkgs=(
    # This ensures /etc/ssh exists for copying in /etc/ssh/ssh_known_hosts.
    openssh-client

    python3-pygit2
)
customize_hooks=(
    "upload /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts"
    'chroot "$1" adduser --gecos builder --disabled-password builder'

    'mkdir "$1"/home/builder/.ssh'
    "copy-in $HOME/.ssh/id_ed25519 /home/builder/.ssh/"
    "copy-in $HOME/.ssh/id_ed25519.pub /home/builder/.ssh/"
    'chroot "$1" chown -R --reference=/home/builder /home/builder/.ssh'

    'mkdir "$1"/home/builder/.gnupg'
    "copy-in $HOME/.gnupg/pubring.kbx /home/builder/.gnupg/"
    'chroot "$1" chown -R --reference=/home/builder /home/builder/.gnupg'
)
late_pkgs=(
    # We can't just have mmdebstrap include dgit and git-debrebase because
    # autopkgtest-build-podman tries to do some ad hoc cleaning up which
    # uninstalls some of their dependencies, thus uninstalling them, too.
    #
    # It also deletes our /etc/apt/sources.list.d/*.list and rewrites
    # mmdebstrap's /etc/apt/sources.list
    dgit/testing
    git-debrebase/testing
)
savelog_options=(
    # Default is to save 7 logfiles files, which seems OK.
)

if [ "x$TAG2UPLOAD_BUILDER_REBUILD_REINVOKED" = x ]; then
    savelog "${savelog_options[@]}" -- image-rebuild.log

    # We can't exec | tee, so we must reinvoke ourselves.
    TAG2UPLOAD_BUILDER_REBUILD_REINVOKED=1 \
	exec "$0" "$@" 2>&1 \
	| tee image-rebuild.log
    exit 0
fi

mkdir -p ~/.local/share/containers
touch ~/.local/share/containers/.nobackup

set -x

# Containers are not the same as images.  A container is a bit like a
# process, but a container can be running, or not.
# autopkgtest-virt-podman creates and starts (makes running) a container
# and stops and destroys it afterwards.  But its cleanup is not reliable.
# So, delete any containers that aren't running and are at least 24h old.
podman container prune --force --filter until=24h

podman image prune --force
set +x

# Live testing is much easier if this script is self-contained,
# so we're not using mmdebstrap's support for hook directories.
for t in setup extract essential customize; do
    declare -n a=${t}_hooks
    for i in "${!a[@]}"; do
	printf -v a[i] -- "--$t-hook=%s" "${a[i]}"
    done
done
set -x
mmdebstrap \
    --variant=$variant --include=$(set +x; IFS=,; echo "${early_pkgs[*]}") \
    "${setup_hooks[@]}" "${extract_hooks[@]}" \
    "${essential_hooks[@]}" "${customize_hooks[@]}" \
    $release - $mirror | autopkgtest-build-podman \
    --release=$release --tarball=- \
    --post-command='printf "%s\n" >/etc/apt/preferences.d/20testing.pref \
			   "Package: *" \
			   "Pin: release a=testing" \
			   "Pin-Priority: -10" \
		 && printf "%s\n" >/etc/apt/sources.list.d/testing.list \
			   "deb '$mirror' testing main" \
		 && apt-get update \
		 && apt-get -y install '"${late_pkgs[*]}" \
    -- --network=host

ssh -i ~/.ssh/id_ed25519 \
    tag2upload-manager@tag2upload-manager-01.debian.org \
    /srv/manager.tag2upload.debian.org/live/bin/service-t2usm restart-workers