#!/bin/bash

readonly CHECKSUM_TYPE="sha256";
readonly CHECKSUM_APP="${CHECKSUM_TYPE}sum";
readonly GPG_FINGERPRINT="7C9E68152594688862D62AF62D9AE806EC1592E2";
readonly GITEA_USER='{{ gitea_system_user }}';
readonly GITEA_DIR='{{ gitea_installation_directory }}';
readonly GITEA_BIN='{{ gitea_binary_path }}';
readonly SERVICE_NAME='{{ gitea_service_name }}';

set -e;

gpg --quiet --keyserver pool.sks-keyservers.net --recv "$GPG_FINGERPRINT";

function error() {
	echo $@ >&2;
}

function as() {
	sudo -u "$GITEA_USER" $@;
}

if [ -f "$GITEA_BIN" ]; then
    installed=$(cd "$GITEA_DIR" && as "$GITEA_BIN" --version | grep -Po "(?<=version )\d+(\.\d+)*(?= )");
else
    installed=0;
fi
version=$(curl -s https://blog.gitea.io/index.xml | grep -Po '<title>.*</title>' | grep -Po '\d+(\.\d+)+' | sort -rn | head -n 1);
address="https://dl.gitea.io/gitea/$version";
binary="gitea-$version-linux-amd64";
signature="$binary.asc";
checksum="$binary.$CHECKSUM_TYPE";

if [[ -z "$installed" ]]; then
	error "Missing version installed";
	exit 2;
fi
if [[ -z "$version" ]]; then
	error "Missing version available";
	exit 2;
fi
if [[ "$installed" = "$version" ]]; then
	exit 0;
fi

cd "$GITEA_DIR";

for a in "$binary" "$signature" "$checksum"; do
	if ! wget --quiet -O "$a" "$address/$a"; then
		error "Failed to download $a";
		exit 1;
	fi
done

if ! "$CHECKSUM_APP" --quiet --check "$checksum"; then
	error "Checksum not correct!";
	exit 1;
fi
if ! (gpg --status-fd 1 --verify "$signature" "$binary" 2>/dev/null | grep -P 'VALIDSIG .* '"$GPG_FINGERPRINT" > /dev/null); then
	error "Signature not valid!";
	exit 1;
fi

rm "$checksum";
rm "$signature";

as "$GITEA_BIN" dump;

mv "$binary" "$GITEA_BIN";
chmod 0755 "$GITEA_BIN";

if [[ ! "$installed" = "0" ]]; then
    systemctl restart "$SERVICE_NAME";
fi