#!/usr/bin/env bash
set -euo pipefail

RPM_DIR="${1%/}"
: "${RPM_DIR:?usage: $0 <rpm-directory>}"
: "${FEDORA_VERSION:?}"
REMOTE_DIR="/var/www/rpm/fedora/${FEDORA_VERSION}/x86_64"

# sign each rpm with the imported gpg key
echo "rpmmacros:"
cat ~/.rpmmacros
echo "gpg keys:"
gpg --list-secret-keys --keyid-format long
ls -la "${RPM_DIR}"/*.rpm

echo "testing gpg signing directly..."
echo test | gpg --batch --pinentry-mode loopback --passphrase '' --sign --armor -u "$(rpm --eval '%{_gpg_name}')" 2>&1 || echo "direct gpg sign failed"

echo "rpm macro expansion:"
rpm --eval '%{__gpg}' 2>&1
rpm --eval '%{_gpg_name}' 2>&1

for rpm in "${RPM_DIR}"/*.rpm; do
    echo "signing ${rpm}..."
    rpmsign --addsign "${rpm}" --verbose 2>&1 || {
        echo "failed to sign ${rpm}" >&2
        exit 1
    }
done

install --directory --mode 700 ~/.ssh
echo "${RSYNC_SSH_KEY}" | install --mode 600 /dev/stdin ~/.ssh/id_ed25519
ssh-keyscan -H oolon.kosherinata.internal > ~/.ssh/known_hosts 2>/dev/null

rsync \
    --archive \
    --verbose \
    --chmod D755,F644 \
    "${RPM_DIR}/"*.rpm \
    "${RSYNC_TARGET}:${REMOTE_DIR}/"
ssh "${RSYNC_TARGET}" "cd ${REMOTE_DIR} && createrepo_c --update ."

echo "Published $(ls ${RPM_DIR}/*.rpm | wc -l) RPMs"