---
name: "Arch Build"
description: "Build and push package to MinIO"
author: Yi-Ting Shih <ytshih@it.cs.nycu.edu.tw>

inputs:
  context:
    description: "The context of the build environment"
    required: false
    default: .
  gpg-password:
    description: "Password of the gpg secret key to sign the package"
    required: false
    default: 'none'
  gpg-keygrip:
    description: "KeyGrip of the gpg secret key to sign the package"
    required: false
    default: 'none'
  repo-name:
    description: "The repo name to be pushed to"
    required: false
    default: custom
  minio-endpoint:
    description: "MinIO endpoint"
    required: false
    default: http://minio.konchin.com
  minio-bucket:
    description: "MinIO bucket"
    required: false
    default: archrepo
  minio-accesskey:
    description: "MinIO access key"
    required: true
  minio-secretkey:
    description: "MinIO secret key"
    required: true

runs:
  using: composite
  steps:
    - name: Checkout repository
      uses: actions/checkout@v4.2.2

    - name: Update packages
      run: |
        sudo pacman -Syu --needed --noconfirm
        sudo paccache -r -k 0

    - name: Build package
      run: |
        cd "${{ inputs.context }}"
        if [[ "${{ inputs.gpg-password }}" != 'none' ]]; then
          eval $(gpg-agent --daemon) && \
          echo "${{ inputs.gpg-password }}" | \
            /usr/lib/gnupg/gpg-preset-passphrase --preset "${{ inputs.gpg-keygrip }}" && \
          makepkg -sc --needed --noconfirm --sign

          killall -u "$(id -un)" gpg-agent || true
        else
          makepkg -sc --needed --noconfirm
        fi

    - name: Setup MinIO
      run: |
        mcli alias set m "${{ inputs.minio-endpoint }}" \
          "${{ inputs.minio-accesskey }}" "${{ inputs.minio-secretkey }}"
        echo "Set endpoint to ${{ inputs.minio-endpoint }}"

    - name: Copy repo db from MinIO
      run: |
        mkdir repo

        mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db" \
          "repo/${{ inputs.repo-name }}.db.tar.zst"
        mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files" \
          "repo/${{ inputs.repo-name }}.files.tar.zst"

        echo "Copy ${{ inputs.repo-name }}.db and ${{ inputs.repo-name }}.files from MinIO"
        
    - name: Add pkgs to repo db
      run: |
        if [[ "${{ inputs.gpg-password }}" != 'none' ]]; then
          eval $(gpg-agent --daemon) && \
          echo "${{ inputs.gpg-password }}" | \
            /usr/lib/gnupg/gpg-preset-passphrase --preset "${{ inputs.gpg-keygrip }}" && \
          repo-add --verify --sign \
            "repo/${{ inputs.repo-name }}.db.tar.gz" *.pkg.tar.zst && \
          mv *.pkg.tar.zst *.pkg.tar.zst.sig repo

          killall -u "$(id -un)" gpg-agent || true
        else
          repo-add "repo/${{ inputs.repo-name }}.db.tar.zst" *.pkg.tar.zst
          mv *.pkg.tar.zst repo
        fi
        echo "Add $(ls *.pkg.tar.zst) to repo"

    - name: Update repo to MinIO
      run: |
        mcli mv "repo/${{ inputs.repo-name }}.db.tar.zst" \
          "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db"
        if [[ -e "repo/${{ inputs.repo-name }}.db.tar.zst.sig" ]]; then
          mcli mv "repo/${{ inputs.repo-name }}.db.tar.zst.sig" \
            "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db.sig"
        fi

        mcli mv "repo/${{ inputs.repo-name }}.files.tar.zst" \
          "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files"
        if [[ -e "repo/${{ inputs.repo-name }}.files.tar.zst.sig" ]]; then
          mcli mv "repo/${{ inputs.repo-name }}.files.tar.zst.sig" \
            "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files.sig"
        fi

        find repo -name '*.pkg.tar.zst' | xargs -I% \
          mcli mv % "m/${{ inputs.minio-bucket }}"
        find repo -name '*.pkg.tar.zst.sig' | xargs -I% \
          mcli mv % "m/${{ inputs.minio-bucket }}"

        echo "Update ${{ inputs.repo-name }}.db and ${{ inputs.repo-name }}.files to MinIO"