#!/bin/bash

readonly REPO="{{ repo }}";
readonly DEST="{{ dest }}";
readonly DEST_USER="{{ owner }}";
readonly DEST_GROUP="{{ group }}";
readonly PREFIX="{{ tag_prefix }}";
readonly GPG_FINGERPRINT="{{ gpg_fingerprint }}";

set -e;

cd "$DEST";

if [ ! -d .git ]; then
  git clone "$REPO" "$DEST";
fi

gpg --quiet --keyserver eu.pool.sks-keyservers.net --recv "$GPG_FINGERPRINT";

git fetch --tags > /dev/null;
TAG=$(git tag --list | grep "^$PREFIX" | sort -r | head -n 1);
if git verify-tag --raw "$TAG" 2>&1 | grep " VALIDSIG $GPG_FINGERPRINT " > /dev/null; then
  git reset --hard;
  git checkout -q "$TAG";
  chown -R "$DEST_USER:$DEST_GROUP" .;
  if sh -c {{ reload_command | default('') | quote }}; then
    echo "Failed during reload" >&2;
    exit 2;
  fi
else
  echo "Invalid or missing signature for $TAG" >&2;
  exit 1;
fi