#!/bin/sh
# build-in-container.sh — build the bee ISO inside a Debian container.

set -e

REPO_ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
BUILDER_DIR="${REPO_ROOT}/iso/builder"
CONTAINER_TOOL="${CONTAINER_TOOL:-docker}"
IMAGE_TAG="${BEE_BUILDER_IMAGE:-bee-iso-builder}"
CACHE_DIR="${BEE_BUILDER_CACHE_DIR:-${REPO_ROOT}/dist/container-cache}"
AUTH_KEYS=""
REBUILD_IMAGE=0

. "${BUILDER_DIR}/VERSIONS"

while [ $# -gt 0 ]; do
    case "$1" in
        --cache-dir)
            CACHE_DIR="$2"
            shift 2
            ;;
        --rebuild-image)
            REBUILD_IMAGE=1
            shift
            ;;
        --authorized-keys)
            AUTH_KEYS="$2"
            shift 2
            ;;
        *)
            echo "unknown arg: $1" >&2
            echo "usage: $0 [--cache-dir /path] [--rebuild-image] [--authorized-keys /path/to/authorized_keys]" >&2
            exit 1
            ;;
    esac
done

if ! command -v "$CONTAINER_TOOL" >/dev/null 2>&1; then
    echo "container tool not found: $CONTAINER_TOOL" >&2
    exit 1
fi

if [ -n "$AUTH_KEYS" ]; then
    [ -f "$AUTH_KEYS" ] || { echo "authorized_keys not found: $AUTH_KEYS" >&2; exit 1; }
    AUTH_KEYS_ABS="$(cd "$(dirname "$AUTH_KEYS")" && pwd)/$(basename "$AUTH_KEYS")"
    AUTH_KEYS_DIR="$(dirname "$AUTH_KEYS_ABS")"
    AUTH_KEYS_BASE="$(basename "$AUTH_KEYS_ABS")"
fi

mkdir -p \
    "${CACHE_DIR}" \
    "${CACHE_DIR}/go-build" \
    "${CACHE_DIR}/go-mod" \
    "${CACHE_DIR}/tmp" \
    "${CACHE_DIR}/bee"

IMAGE_REF="${IMAGE_TAG}:debian${DEBIAN_VERSION}"

if [ "$REBUILD_IMAGE" = "1" ] || ! "$CONTAINER_TOOL" image inspect "${IMAGE_REF}" >/dev/null 2>&1; then
    "$CONTAINER_TOOL" build \
        --build-arg GO_VERSION="${GO_VERSION}" \
        --build-arg DEBIAN_KERNEL_ABI="${DEBIAN_KERNEL_ABI}" \
        -t "${IMAGE_REF}" \
        "${BUILDER_DIR}"
else
    echo "=== using existing builder image ${IMAGE_REF} ==="
fi

set -- \
    run --rm --privileged \
    -v "${REPO_ROOT}:/work" \
    -v "${CACHE_DIR}:/cache" \
    -e GOCACHE=/cache/go-build \
    -e GOMODCACHE=/cache/go-mod \
    -e TMPDIR=/cache/tmp \
    -e BEE_CACHE_DIR=/cache/bee \
    -w /work \
    "${IMAGE_REF}" \
    sh /work/iso/builder/build.sh

if [ -n "$AUTH_KEYS" ]; then
    set -- run --rm --privileged \
        -v "${REPO_ROOT}:/work" \
        -v "${CACHE_DIR}:/cache" \
        -v "${AUTH_KEYS_DIR}:/tmp/bee-authkeys:ro" \
        -e GOCACHE=/cache/go-build \
        -e GOMODCACHE=/cache/go-mod \
        -e TMPDIR=/cache/tmp \
        -e BEE_CACHE_DIR=/cache/bee \
        -w /work \
        "${IMAGE_REF}" \
        sh /work/iso/builder/build.sh --authorized-keys "/tmp/bee-authkeys/${AUTH_KEYS_BASE}"
fi

"$CONTAINER_TOOL" "$@"