#!/bin/sh
# build-in-container.sh — build the bee ISO inside a Debian container.

set -e

REPO_ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
BUILDER_DIR="${REPO_ROOT}/iso/builder"
CONTAINER_TOOL="${CONTAINER_TOOL:-docker}"
IMAGE_TAG="${BEE_BUILDER_IMAGE:-bee-iso-builder}"
AUTH_KEYS=""

. "${BUILDER_DIR}/VERSIONS"

while [ $# -gt 0 ]; do
    case "$1" in
        --authorized-keys)
            AUTH_KEYS="$2"
            shift 2
            ;;
        *)
            echo "unknown arg: $1" >&2
            exit 1
            ;;
    esac
done

if ! command -v "$CONTAINER_TOOL" >/dev/null 2>&1; then
    echo "container tool not found: $CONTAINER_TOOL" >&2
    exit 1
fi

if [ -n "$AUTH_KEYS" ]; then
    [ -f "$AUTH_KEYS" ] || { echo "authorized_keys not found: $AUTH_KEYS" >&2; exit 1; }
    AUTH_KEYS_ABS="$(cd "$(dirname "$AUTH_KEYS")" && pwd)/$(basename "$AUTH_KEYS")"
    AUTH_KEYS_DIR="$(dirname "$AUTH_KEYS_ABS")"
    AUTH_KEYS_BASE="$(basename "$AUTH_KEYS_ABS")"
fi

"$CONTAINER_TOOL" build \
    --build-arg GO_VERSION="${GO_VERSION}" \
    --build-arg DEBIAN_KERNEL_ABI="${DEBIAN_KERNEL_ABI}" \
    -t "${IMAGE_TAG}:debian${DEBIAN_VERSION}" \
    "${BUILDER_DIR}"

set -- \
    run --rm --privileged \
    -v "${REPO_ROOT}:/work" \
    -w /work \
    "${IMAGE_TAG}:debian${DEBIAN_VERSION}" \
    sh /work/iso/builder/build.sh

if [ -n "$AUTH_KEYS" ]; then
    set -- run --rm --privileged \
        -v "${REPO_ROOT}:/work" \
        -v "${AUTH_KEYS_DIR}:/tmp/bee-authkeys:ro" \
        -w /work \
        "${IMAGE_TAG}:debian${DEBIAN_VERSION}" \
        sh /work/iso/builder/build.sh --authorized-keys "/tmp/bee-authkeys/${AUTH_KEYS_BASE}"
fi

"$CONTAINER_TOOL" "$@"