#!/bin/bash

readonly CHECKSUM_TYPE="sha256";
readonly CHECKSUM_APP="${CHECKSUM_TYPE}sum";
readonly GPG_FINGERPRINT="{{ nextcloud_gpg_fingerprint }}";
readonly NEXTCLOUD_USER="{{ system_user }}";
readonly NEXTCLOUD_DIR="{{ nextcloud_installation_directory }}";
readonly NEXTCLOUD_GIT_REPO="{{ nextcloud_source_repo }}";

readonly GIT_REPO="https://github.com/nextcloud/server";
readonly VERSION_REGEX='v\d+(\.\d+)*';

set -e;

gpg --quiet --keyserver eu.pool.sks-keyservers.net --recv "$GPG_FINGERPRINT";

function error() {
    echo "$@" >&2;
}

function as() {
    sudo -u "$NEXTCLOUD_USER" "$@";
}

cd "$NEXTCLOUD_DIR";

version="$(curl --silent "$GIT_REPO/releases.atom"
    | grep --only-matching --perl-regexp '(?<=\s)<link.*/>'
    | grep --only-matching --perl-regexp '(?<=href="'"$GIT_REPO"'/releases/tag/'"$VERSION_REGEX"'(?="/>)'
    | sort --reverse --numeric-sort
    | head --lines=1)";
if g verify-tag --raw "$TAG" 2>&1 | grep --fixed-strings "[GNUPG:] VALIDSIG $GPG_FINGERPRINT " > /dev/null; then
    as composer update;
else
    error "Invalid or missing signature for $TAG";
    exit 1;
fi