#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0-only
# ${VERSION_NAME}: new version name
# ${COMMIT_ID}: commit id (if not master)
# ${USERNAME}: username (if not default to https)
# ${GPG_KEY_ID}: gpg key id (if not don't sign)
VERSION_NAME=$1
COMMIT_ID=$2
USERNAME=$3
GPG_KEY_ID=$4

set -e

if [ -z "$GPG_TTY" ]; then
	GPG_TTY=$(tty)
	export GPG_TTY
fi

# set local + tz to be reproducible
LC_ALL=C
LANG=C
TZ=UTC0
export LC_ALL LANG TZ

if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ] || [ -z "${COMMIT_ID}" ]; then
	echo "usage: $0 <version> <commit id> [username] [gpg key id]"
	echo "Tags a new coreboot version and creates a tar archive"
	echo
	echo "version:    New version name to tag the tree with"
	echo "commit id:  check out this commit-id after cloning the coreboot tree"
	echo "username:   clone the tree using ssh://USERNAME - defaults to https://"
	echo "gpg key id: used to tag the version, and generate a gpg signature"
	exit 1
fi

# Verify that tar supports --sort
if ! tar --sort=name -cf /dev/null /dev/null 2>/dev/null ; then
	echo "Error: The installed version of tar does not support --sort"
	echo "       GNU tar version 1.28 or greater is required.  Exiting."
	exit 1
fi

# Clone new copy of repo if needed
if [ ! -d "coreboot-${VERSION_NAME}/.git" ]; then
	rm -rf "coreboot-${VERSION_NAME}"
	declare -a GIT_REF_OPTS
	if [ -d .git ]; then
		GIT_REF_OPTS=("--reference" "." "--dissociate")
	elif [ -d ../../.git ]; then
		GIT_REF_OPTS=("--reference" "../.." "--dissociate")
	fi
	if [ -n "${USERNAME}" ]; then
		git clone "${GIT_REF_OPTS[@]}" "ssh://${USERNAME}@review.coreboot.org:29418/coreboot.git" "coreboot-${VERSION_NAME}" --
	else
		git clone "${GIT_REF_OPTS[@]}" https://review.coreboot.org/coreboot.git "coreboot-${VERSION_NAME}" --
	fi
fi

# Handle everything that needs to be done from inside the new coreboot
# directory. Use requested version, update submodules, and get ready to
# run from outside a git repository, and create a signed tag to push.
(
	cd "coreboot-${VERSION_NAME}" || exit 1
	if [ -n "${COMMIT_ID}" ]; then
		git reset --hard "${COMMIT_ID}"
	fi

	util/crossgcc/buildgcc -W > .crossgcc-version

	git submodule update --init --checkout
	if [ -n "${GPG_KEY_ID}" ]; then
		git tag -a -s -u "$GPG_KEY_ID" --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" --
	else
		git tag -a --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" --
	fi

	printf "%s-%s\n" "$VERSION_NAME"  "$(git log --pretty=%h -1)" > .coreboot-version
)

tstamp=$(tr "-" " " < "coreboot-${VERSION_NAME}/.coreboot-version")

# Create the two tarballs, source and blobs.
exclude_paths="3rdparty/blobs 3rdparty/fsp 3rdparty/intel-microcode 3rdparty/amd_blobs 3rdparty/qc_blobs"

declare -a blobs_paths
declare -a exclude_opts
for i in ${exclude_paths}; do
	blobs_paths+=("coreboot-${VERSION_NAME}/${i}")
	exclude_opts+=("--exclude=coreboot-${VERSION_NAME}/${i}")
done

tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore "${exclude_opts[@]}" -cvf - "coreboot-${VERSION_NAME}" |xz -9 > "coreboot-${VERSION_NAME}.tar.xz"
tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore -cvf - "${blobs_paths[@]}" |xz -9 > "coreboot-blobs-${VERSION_NAME}.tar.xz"

# Sign the tarballs
if [ -n "${GPG_KEY_ID}" ]; then
	gpg --armor --local-user "$GPG_KEY_ID" --output "coreboot-${VERSION_NAME}.tar.xz.sig" --detach-sig "coreboot-${VERSION_NAME}.tar.xz"
	gpg --armor --local-user "$GPG_KEY_ID" --output "coreboot-blobs-${VERSION_NAME}.tar.xz.sig" --detach-sig "coreboot-blobs-${VERSION_NAME}.tar.xz"
fi