#!/bin/bash readonly REPO={{ repo | quote }}; readonly DEST={{ dest | quote }}; readonly DEST_USER={{ owner | quote }}; readonly DEST_GROUP={{ group | quote }}; readonly PREFIX={{ tag_prefix | quote }}; readonly GPG_FINGERPRINT={{ gpg_fingerprint | quote }}; set -e; cd "$DEST"; if [ ! -d .git ]; then git clone "$REPO" "$DEST"; fi [ -z "$GPG_FINGERPRINT" ] || gpg --quiet --keyserver eu.pool.sks-keyservers.net --recv "$GPG_FINGERPRINT"; git fetch --tags > /dev/null; TAG=$(git tag --list | grep "^$PREFIX" | sort -r | head -n 1); if [ -z "$GPG_FINGERPRINT" ] || git verify-tag --raw "$TAG" 2>&1 | grep " VALIDSIG $GPG_FINGERPRINT " > /dev/null; then git reset --hard; git checkout -q "$TAG"; chown -R "$DEST_USER:$DEST_GROUP" .; if ! sh -c {{ reload_command | default('') | quote }}; then echo "Failed during reload" >&2; exit 2; fi else echo "Invalid or missing signature for $TAG" >&2; exit 1; fi