#!/usr/bin/env bash

echo "== CONFIGURATION =="
export AWS_ACCESS_KEY=${AWS_ACCESS_KEY:-}
export CARGO_NET_GIT_FETCH_WITH_CLI=${CARGO_NET_GIT_FETCH_WITH_CLI:-true}
export GCP_CLUSTER_NAME=${GCP_CLUSTER_NAME:-}
export GCP_CONTROL_PLANE_LOCATION=${GCP_CONTROL_PLANE_LOCATION:-}
export GCP_PRINCIPAL=${GCP_PRINCIPAL:-}
export GCP_PROJECT_NAME=${GCP_PROJECT_NAME:-}
export GITEA_INSTANCE=${GITEA_INSTANCE:-}
export GITEA_INSTANCE_SCHEME=${GITEA_INSTANCE_SCHEME:-https}
export GITEA_ORGANIZATION=${GITEA_ORGANIZATION:-}
export GIT_TERMINAL_PROMPT=${GIT_TERMINAL_PROMPT:-0}
export NIXOS_CACHE_LOCATION=${NIXOS_CACHE_LOCATION:-https://cache.nixos.org/}
export NIXOS_CACHE_SIGN_KEY=${NIXOS_CACHE_SIGN_KEY:-cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=}
export NIX_S3_CACHE_LOCATION=${NIX_S3_CACHE_LOCATION:-}
export NIX_SIGN_KEY=${NIX_SIGN_KEY:-}
export RUNNER_CAPACITY=${RUNNER_CAPACITY:-1}
export RUNNER_CONFIG_FILE=${RUNNER_CONFIG_FILE:-}
export RUNNER_CONTAINER_IS_PRIVILEGED=${RUNNER_CONTAINER_IS_PRIVILEGED:-false}
export RUNNER_CONTAINER_OPTIONS=${RUNNER_CONTAINER_OPTIONS:-}
export RUNNER_DOCKER_HOST=${RUNNER_DOCKER_HOST:-}
export RUNNER_JOB_TIMEOUT=${RUNNER_JOB_TIMEOUT:-3h}
export RUNNER_LABELS=${RUNNER_LABELS:-["action-runner-persistent:host","action-runner:docker://action-runner-job:latest","ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"]}
export RUNNER_LOG_LEVEL=${RUNNER_LOG_LEVEL:-info}
export RUNNER_RUNNER_FILE=${RUNNER_RUNNER_FILE:-.runner}
export RUNNER_USERNAME=${RUNNER_USERNAME:-}
export RUNNER_WORKDIR=${RUNNER_WORKDIR:-/tmp}
export TWINE_NON_INTERACTIVE=${TWINE_NON_INTERACTIVE:-true}
echo "AWS_ACCESS_KEY=\"${AWS_ACCESS_KEY}"\"
echo "CARGO_NET_GIT_FETCH_WITH_CLI=\"${CARGO_NET_GIT_FETCH_WITH_CLI}"\"
echo "GCP_CLUSTER_NAME=\"${GCP_CLUSTER_NAME}"\"
echo "GCP_CONTROL_PLANE_LOCATION=\"${GCP_CONTROL_PLANE_LOCATION}"\"
echo "GCP_PRINCIPAL=\"${GCP_PRINCIPAL}"\"
echo "GCP_PROJECT_NAME=\"${GCP_PROJECT_NAME}"\"
echo "GITEA_INSTANCE=\"${GITEA_INSTANCE}"\"
echo "GITEA_INSTANCE_SCHEME=\"${GITEA_INSTANCE_SCHEME}"\"
echo "GITEA_ORGANIZATION=\"${GITEA_ORGANIZATION}"\"
echo "GIT_TERMINAL_PROMPT=\"${GIT_TERMINAL_PROMPT}"\"
echo "NIXOS_CACHE_LOCATION=\"${NIXOS_CACHE_LOCATION}"\"
echo "NIXOS_CACHE_SIGN_KEY=\"${NIXOS_CACHE_SIGN_KEY}"\"
echo "NIX_S3_CACHE_LOCATION=\"${NIX_S3_CACHE_LOCATION}"\"
echo "NIX_SIGN_KEY=\"${NIX_SIGN_KEY}"\"
echo "RUNNER_CAPACITY=\"${RUNNER_CAPACITY}"\"
echo "RUNNER_CONFIG_FILE=\"${RUNNER_CONFIG_FILE}"\"
echo "RUNNER_CONTAINER_IS_PRIVILEGED=\"${RUNNER_CONTAINER_IS_PRIVILEGED}"\"
echo "RUNNER_CONTAINER_OPTIONS=\"${RUNNER_CONTAINER_OPTIONS}"\"
echo "RUNNER_DOCKER_HOST=\"${RUNNER_DOCKER_HOST}"\"
echo "RUNNER_JOB_TIMEOUT=\"${RUNNER_JOB_TIMEOUT}"\"
echo "RUNNER_LABELS=\"${RUNNER_LABELS}"\"
echo "RUNNER_LOG_LEVEL=\"${RUNNER_LOG_LEVEL}"\"
echo "RUNNER_RUNNER_FILE=\"${RUNNER_RUNNER_FILE}"\"
echo "RUNNER_USERNAME=\"${RUNNER_USERNAME}"\"
echo "RUNNER_WORKDIR=\"${RUNNER_WORKDIR}"\"
echo "TWINE_NON_INTERACTIVE=\"${TWINE_NON_INTERACTIVE}"\"
echo ""

LAST_CONFIG_HASH_FILE="$HOME/current_config"
if [[ -f "$LAST_CONFIG_HASH_FILE" ]]; then
  LAST_CONFIG_HASH=$(cat "$LAST_CONFIG_HASH_FILE")
else
  LAST_CONFIG_HASH="-"
fi

mkdir -p "$HOME/scratch"
CONFIG_HASH_FILE="$HOME/scratch/config-hash.txt"

cat <<EOF > "$CONFIG_HASH_FILE"
AWS_ACCESS_KEY="$AWS_ACCESS_KEY"
AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY"
CARGO_NET_GIT_FETCH_WITH_CLI="$CARGO_NET_GIT_FETCH_WITH_CLI"
GCP_CLUSTER_NAME="$GCP_CLUSTER_NAME"
GCP_CONTROL_PLANE_LOCATION="$GCP_CONTROL_PLANE_LOCATION"
GCP_PRINCIPAL="$GCP_PRINCIPAL"
GCP_PROJECT_NAME="$GCP_PROJECT_NAME"
GCP_SERVICE_KEY="$GCP_SERVICE_KEY"
GIT_TERMINAL_PROMPT="$GIT_TERMINAL_PROMPT"
GITEA_INSTANCE="$GITEA_INSTANCE"
GITEA_INSTANCE_SCHEME="$GITEA_INSTANCE_SCHEME"
GITEA_ORGANIZATION="$GITEA_ORGANIZATION"
GITEA_SSH_KEY="$GITEA_SSH_KEY"
NIXOS_CACHE_LOCATION="$NIXOS_CACHE_LOCATION"
NIXOS_CACHE_SIGN_KEY="$NIXOS_CACHE_SIGN_KEY"
NIX_S3_CACHE_LOCATION="$NIX_S3_CACHE_LOCATION"
NIX_SECRET_SIGN_KEY="$NIX_SECRET_SIGN_KEY"
NIX_SIGN_KEY="$NIX_SIGN_KEY"
RUNNER_PASSWORD="$RUNNER_PASSWORD"
RUNNER_USERNAME="$RUNNER_USERNAME"
TWINE_NON_INTERACTIVE="$TWINE_NON_INTERACTIVE"
EOF

CURRENT_CONFIG_HASH=$(envsubst < "$CONFIG_HASH_FILE" | sha256sum)
echo "current config hash: $CURRENT_CONFIG_HASH"
echo "last config hash: $LAST_CONFIG_HASH"

if [[ "$CURRENT_CONFIG_HASH" == "$LAST_CONFIG_HASH" ]]; then
  echo "-> config unchanged."
  CONFIG_CHANGED=0
else
  echo "-> config changed. updating."
  CONFIG_CHANGED=1
fi
echo ""

if [[ "$CONFIG_CHANGED" -eq 1 || ! -d "$HOME/.config/gcloud" ]]; then
  echo "== SETTING UP GOOGLE CLOUD CLI =="

  GCP_SERVICE_KEY_FILENAME="$HOME/gcp_servicekey.json"
  echo "$GCP_SERVICE_KEY" > "$GCP_SERVICE_KEY_FILENAME"

  gcloud auth activate-service-account \
    "$GCP_PRINCIPAL" --key-file="$GCP_SERVICE_KEY_FILENAME"

  gcloud config set project "$GCP_PROJECT_NAME"
  gcloud container clusters get-credentials \
    "$GCP_CLUSTER_NAME" --location "$GCP_CONTROL_PLANE_LOCATION"

  gcloud auth list
  gcloud info
else
  echo "== google cloud cli already configured =="
fi

if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.docker/config.json" ]]; then
  echo "== SETTING UP DOCKER USER CONFIG =="
  mkdir -p "$HOME/.docker"
  rm -fr "$HOME/.docker/config.json"
  mkdir -p "$HOME/scratch"
DOCKER_CONFIG_FILE="$HOME/scratch/config.json"

cat <<EOF > "$DOCKER_CONFIG_FILE"
{
  "credHelpers": {
    "gcr.io": "gcloud",
    "us.gcr.io": "gcloud",
    "eu.gcr.io": "gcloud",
    "asia.gcr.io": "gcloud",
    "staging-k8s.gcr.io": "gcloud",
    "marketplace.gcr.io": "gcloud",
    "europe-docker.pkg.dev": "gcloud"
  }
}

EOF

  cp "$DOCKER_CONFIG_FILE" "$HOME/.docker/config.json"
else
  echo "== docker already configured =="
fi

NIX_USER_CONF_FILES="$HOME/nix.conf"
NIX_SECRET_SIGN_KEY_FILE="$HOME/nix-sign.private"

if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$NIX_USER_CONF_FILES" ]]; then
  echo "== SETTING UP NIX CONFIG =="

  if [[ -v NIX_SECRET_SIGN_KEY ]]; then
    echo "$NIX_SECRET_SIGN_KEY" > "$NIX_SECRET_SIGN_KEY_FILE"
  fi

  mkdir -p "$HOME/scratch"
NIX_USER_CONFIG_TEMPLATE_FILE="$HOME/scratch/nix.conf"

cat <<EOF > "$NIX_USER_CONFIG_TEMPLATE_FILE"
substituters = $NIX_S3_CACHE_LOCATION $NIXOS_CACHE_LOCATION
trusted-public-keys = $NIXOS_CACHE_SIGN_KEY $NIX_SIGN_KEY
trusted-substituters = $NIXOS_CACHE_LOCATION $NIX_S3_CACHE_LOCATION
always-allow-substitutes = true

EOF

  cp "$NIX_USER_CONFIG_TEMPLATE_FILE" "$NIX_USER_CONF_FILES"
else
  echo "== nix already configured =="
fi

if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.aws/credentials" ]]; then
  echo "== SETTING UP AWS CREDENTIALS FOR NIX CACHE =="

  mkdir -p "$HOME/.aws"
  mkdir -p "$HOME/scratch"
AWS_CREDENTIALS_FILE="$HOME/scratch/aws-credentials-template"

cat <<EOF > "$AWS_CREDENTIALS_FILE"
[default]
aws_access_key_id=$AWS_ACCESS_KEY
aws_secret_access_key=$AWS_SECRET_ACCESS_KEY

EOF

  cp "$AWS_CREDENTIALS_FILE" "$HOME/.aws/credentials"
else
  echo "== aws credentials for nix cache already configured =="
fi

if [[ "$CONFIG_CHANGED" -eq 1 || ! -d "$HOME/.ssh" ]]; then
  echo "== SETTING UP SSH CLIENT =="
  mkdir -p "$HOME/.ssh"
  rm -fr "$HOME/.ssh/id_gitea"
  echo "$GITEA_SSH_KEY" > "$HOME/.ssh/id_gitea"
  chmod 0400 "$HOME/.ssh/id_gitea"
else
  echo "== ssh client already configured =="
fi

if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.netrc" ]]; then
  echo "== SETTING UP NETRC =="
  mkdir -p "$HOME/scratch"
NETRC_TEMPLATE_FILE="$HOME/scratch/netrc"

cat <<EOF > "$NETRC_TEMPLATE_FILE"
machine gitea.puzzleyou.net
login $RUNNER_USERNAME
password $RUNNER_PASSWORD

EOF

  cp "$NETRC_TEMPLATE_FILE" "$HOME/.netrc"
  chmod 600 "$HOME/.netrc"
else
  echo "== netrc already configured =="
fi

if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.pypirc" ]]; then
  echo "== SETTING UP PYPIRC =="
  mkdir -p "$HOME/scratch"
PYPIRC_TEMPLATE_FILE="$HOME/scratch/pypirc"

cat <<EOF > "$PYPIRC_TEMPLATE_FILE"
[distutils]
index-servers = gitea

[gitea]
repository = $GITEA_INSTANCE_SCHEME://$GITEA_INSTANCE/api/packages/$GITEA_ORGANIZATION/pypi
username = $RUNNER_USERNAME
password = $RUNNER_PASSWORD

EOF

  cp "$PYPIRC_TEMPLATE_FILE" "$HOME/.pypirc"
else
  echo "== pypirc already configured =="
fi

if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.config/git/config" ]]; then
  echo "== SETTING UP GIT =="
  git config --global user.email "action-runner@cluster.local"
  git config --global user.name "action-runner"
  git config --global credential.helper store

  mkdir -p "$HOME/scratch"
GIT_CREDENTIALS_FILE="$HOME/scratch/git-credentials"

cat <<EOF > "$GIT_CREDENTIALS_FILE"
$GITEA_INSTANCE_SCHEME://$RUNNER_USERNAME:$RUNNER_PASSWORD@$GITEA_INSTANCE

EOF

  cp "$GIT_CREDENTIALS_FILE" "$HOME/.git-credentials"
else
  echo "== git already configured =="
fi

echo "$CURRENT_CONFIG_HASH" > "$LAST_CONFIG_HASH_FILE"

if [[ -v GITHUB_ENV ]]; then
  echo "== POPULATING GITHUB_ENV =="
  cat <<EOF >> "$GITHUB_ENV"
CARGO_NET_GIT_FETCH_WITH_CLI="$CARGO_NET_GIT_FETCH_WITH_CLI"
TWINE_NON_INTERACTIVE="$TWINE_NON_INTERACTIVE"
NIX_S3_CACHE_LOCATION="$NIX_S3_CACHE_LOCATION"
EOF
else
  echo "== \$GITHUB_ENV is not set. not running as an action. =="
fi