#!/usr/bin/env bash

readonly CHECKSUM_TYPE="sha256";
readonly CHECKSUM_APP="${CHECKSUM_TYPE}sum";
readonly GPG_FINGERPRINT="7C9E68152594688862D62AF62D9AE806EC1592E2";
readonly GITEA_USER={{ gitea_system_user | quote }};
readonly GITEA_DIR={{ gitea_installation_directory | quote }};
readonly GITEA_BIN={{ gitea_binary_path | quote }};
readonly SERVICE_NAME={{ gitea_service_name | quote }};

set -e;

gpg --quiet --keyserver eu.pool.sks-keyservers.net --recv "$GPG_FINGERPRINT";

function error() {
	echo "$@" >&2;
}

function as() {
	sudo -u "$GITEA_USER" "$@";
}

if [ -f "$GITEA_BIN" ]; then
    installed=$(cd "$GITEA_DIR" && as "$GITEA_BIN" --version | grep --only-matching --perl-regexp '(?<=version )\d+(\.\d+)*(?= )');
else
    installed=0;
fi
version=$(curl --silent https://blog.gitea.io/index.xml | grep --only-matching --perl-regexp '<title>.*</title>' | grep  --only-matching --perl-regexp '\d+(\.\d+)+' | sort --version-sort --reverse | head --lines=1);
address="https://dl.gitea.io/gitea/$version";
binary="gitea-$version-linux-amd64";
signature="$binary.asc";
checksum="$binary.$CHECKSUM_TYPE";

if [[ -z "$installed" ]]; then
	error "Missing version installed";
	exit 2;
fi
if [[ -z "$version" ]]; then
	error "Missing version available";
	exit 2;
fi
if [[ "$installed" = "$version" ]]; then
	exit 0;
fi

cd "$GITEA_DIR";

for a in "$binary" "$signature" "$checksum"; do
	if ! wget --quiet --output-document="$a" "$address/$a"; then
		error "Failed to download $a";
		exit 1;
	fi
done

if ! "$CHECKSUM_APP" --quiet --check "$checksum"; then
	error "Checksum not correct!";
	exit 1;
fi
if ! (gpg --status-fd 1 --verify "$signature" "$binary" 2>/dev/null | grep --perl-regexp 'VALIDSIG .* '"$GPG_FINGERPRINT" > /dev/null); then
	error "Signature not valid!";
	exit 1;
fi

rm "$checksum";
rm "$signature";

mv "$binary" "$GITEA_BIN";
chmod u=rwx,g=rx,o=r "$GITEA_BIN";
chown root:"$GITEA_USER" "$GITEA_BIN"

if [[ ! "$installed" = "0" ]]; then
    systemctl restart "$SERVICE_NAME";
fi