#!/usr/bin/env bash
set -euo pipefail

mkdir -p ci/prod/env

# export runtime vars (SSH_HOST etc.) and version info for downstream steps
set -a
. ./ci/prod/.env.runtime
. ./.env.version
set +a

REGISTRY_URL="${REGISTRY_URL:-}"
MONGO_VERSION="${MONGO_VERSION:-latest}"
APP_V="${APP_V:-}"

if [ -z "$REGISTRY_URL" ]; then
  echo "REGISTRY_URL is not set (define in .env.runtime or Woodpecker env)" >&2
  exit 1
fi
if [ -z "$APP_V" ]; then
  echo "APP_V is not set (version step must run first)" >&2
  exit 1
fi

for f in secrets/REGISTRY_USER secrets/REGISTRY_PASS; do
  if [ ! -s "$f" ]; then
    echo "missing registry credential: $f" >&2
    exit 1
  fi
done

CREDS="$(cat secrets/REGISTRY_USER):$(cat secrets/REGISTRY_PASS)"

skopeo copy --all \
  "docker://docker.io/library/mongo:${MONGO_VERSION}" \
  "docker://${REGISTRY_URL}/mirror/mongo:${APP_V}" \
  --dest-creds "$CREDS"

INSPECT="$(skopeo inspect "docker://${REGISTRY_URL}/mirror/mongo:${APP_V}" --creds "$CREDS")"
DIGEST="$(printf '%s' "$INSPECT" | tr -d '\n' | sed -n 's/.*"Digest"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"

if [ -z "$DIGEST" ]; then
  echo "failed to parse digest from skopeo inspect output" >&2
  exit 1
fi

printf 'MONGO_TAG=%s\nMONGO_DIGEST=%s\n' "$APP_V" "$DIGEST" | tee .env.lock ci/prod/env/.env.lock.db
cat .env.lock