#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0-only
# ${VERSION_NAME}: new version name
# ${COMMIT_ID}: commit id for new version
# ${USERNAME}: username (if not default to https)
# ${GPG_KEY_ID}: gpg key id (if not don't sign)
VERSION_NAME=$1
COMMIT_ID=$2
USERNAME=$3
GPG_KEY_ID=$4

set -e

TIME_FILE="$(mktemp -d)/.coreboot-time"
COREBOOT_RELEASE_NAME=coreboot-${VERSION_NAME}
COREBOOT_TARBALL="${COREBOOT_RELEASE_NAME}.tar.xz"
COREBOOT_BLOBS_TARBALL="coreboot-blobs-${VERSION_NAME}.tar.xz"

if [ -z "$GPG_TTY" ]; then
	GPG_TTY=$(tty)
	export GPG_TTY
fi

# set local + tz to be reproducible
LC_ALL=C
LANG=C
TZ=UTC0
export LC_ALL LANG TZ

if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ] || [ -z "${COMMIT_ID}" ]; then
	echo "usage: $0 <version> <commit id> [username] [gpg key id]"
	echo "Tags a new coreboot version and creates a tar archive"
	echo
	echo "version:    New version name to tag the tree with"
	echo "commit id:  check out this commit-id after cloning the coreboot tree"
	echo "username:   clone the tree using ssh://USERNAME - defaults to https://"
	echo "gpg key id: used to tag the version, and generate a gpg signature"
	exit 1
fi

pause() {
  local text=$1

  echo
  if [ -n "$text" ]; then
    echo "$text"
  fi
  read -r -p "Press [Enter] key to continue..."
}

# Verify that tar supports --sort
if ! tar --sort=name -cf /dev/null /dev/null 2>/dev/null ; then
	echo "Error: The installed version of tar does not support --sort"
	echo "       GNU tar version 1.28 or greater is required.  Exiting."
	exit 1
fi

# Clone new copy of repo if needed
if [ ! -d "${COREBOOT_RELEASE_NAME}/.git" ]; then
	rm -rf "${COREBOOT_RELEASE_NAME}"
	declare -a GIT_REF_OPTS
	if [ -d .git ]; then
		GIT_REF_OPTS=("--reference" "." "--dissociate")
	elif [ -d ../../.git ]; then
		GIT_REF_OPTS=("--reference" "../.." "--dissociate")
	fi
	if [ -n "${USERNAME}" ]; then
		git clone "${GIT_REF_OPTS[@]}" "ssh://${USERNAME}@review.coreboot.org:29418/coreboot.git" "${COREBOOT_RELEASE_NAME}" --
	else
		git clone "${GIT_REF_OPTS[@]}" https://review.coreboot.org/coreboot.git "${COREBOOT_RELEASE_NAME}" --
	fi
fi

# Handle everything that needs to be done from inside the new coreboot
# directory. Use requested version, update submodules, and get ready to
# run from outside a git repository, and create a signed tag to push.
(
	cd "${COREBOOT_RELEASE_NAME}" || exit 1
	git reset --hard "${COMMIT_ID}"

	util/crossgcc/buildgcc -W > .crossgcc-version

	if [ -n "${GPG_KEY_ID}" ]; then
		pause "The next step will need your PGP key's passphrase, so be ready."
		git tag -a -s -u "$GPG_KEY_ID" --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" --
	else
		git tag -a --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" --
	fi

	git submodule update --init --checkout

	printf "%s-%s\n" "$VERSION_NAME"  "$(git log --pretty=%h -1)" > .coreboot-version
	printf "%s\n" "$(git log --pretty=format:%ci -1)" > "${TIME_FILE}"
)
tstamp=$(cat "${TIME_FILE}" | sed 's/ +0000//')

# Create the two tarballs, source and blobs.
exclude_paths="3rdparty/blobs 3rdparty/fsp 3rdparty/intel-microcode 3rdparty/amd_blobs 3rdparty/qc_blobs"

declare -a blobs_paths
declare -a exclude_opts
for i in ${exclude_paths}; do
	blobs_paths+=("${COREBOOT_RELEASE_NAME}/${i}")
	exclude_opts+=("--exclude=${COREBOOT_RELEASE_NAME}/${i}")
done

tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules "${exclude_opts[@]}" -cvf - "${COREBOOT_RELEASE_NAME}" |xz -9 > "${COREBOOT_TARBALL}"
tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules -cvf - "${blobs_paths[@]}" |xz -9 > "${COREBOOT_BLOBS_TARBALL}"

# Sign the tarballs
if [ -n "${GPG_KEY_ID}" ]; then
	gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_TARBALL}.sig" --detach-sig "${COREBOOT_TARBALL}"
	gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_BLOBS_TARBALL}.sig" --detach-sig "${COREBOOT_BLOBS_TARBALL}"
fi

# Clean up
rm -f "${TIME_FILE}"