#!/bin/bash

set -o errexit -o nounset -o pipefail
shopt -s dotglob extglob globstar

if [[ ${GITHUB_ACTIONS:-false} != true ]]; then
    source venv/bin/activate
fi

if [[ $# -eq 1 ]]; then
    fd=$1
else
    touch lock
    exec {fd}< lock
fi

if ! flock -n $fd; then
    echo already processing/deploying static files >&2
    exit 1
fi

export PATH="$PWD/node_modules/.bin:$PATH"

# can use file:// to avoid network requests
[[ -f releases-base ]] && RELEASES_BASE=$(cat releases-base)
RELEASES_BASE=${RELEASES_BASE:-https://releases.grapheneos.org}

rm -rf nginx-tmp
cp -a nginx nginx-tmp

rm -rf static-tmp
cp -a static static-tmp

for file in static-tmp/**/*.@(json|webmanifest); do
    json_verify < "$file" >/dev/null
    json_reformat -m < "$file" | sponge "$file"
done

stylelint static-tmp/**/*.css
find static-tmp -name '*.css' -exec csso {} -o {} \;

eslint static-tmp/**/!(fastboot.min.m|z-worker-pako.|pako_inflate.min.|)js
find static-tmp -name '*.js' -exec terser --ecma 2021 --module -cmo {} {} \;

replace=
for file in static-tmp/**/*.css static-tmp/js/*.js static-tmp/**/!(bimi|favicon).svg; do
    hash=$(sha256sum "$file" | head -c 8)
    sri_hash=sha256-$(openssl dgst -sha256 -binary "$file" | openssl base64 -A)
    dest="$(dirname $file)/$hash.$(basename $file)"

    if [[ $file == *.css ]]; then
        replace+=";s@{{css|/${file#*/}}}@<link rel=\"stylesheet\" href=\"/${dest#*/}\" integrity=\"$sri_hash\"/>@g"
    elif [[ $file == *.js ]]; then
        replace+=";s@{{js|/${file#*/}}}@<script type=\"module\" src=\"/${dest#*/}\" integrity=\"$sri_hash\"></script>@g"
    fi

    mv "$file" "$dest"
    replace+=";s@{{integrity|/${file#*/}}}@${sri_hash}@g"
    replace+=";s@{{path|/${file#*/}}}@/${dest#*/}@g"
done
sed -i "$replace" static-tmp/**/*.html nginx-tmp/nginx.conf nginx-tmp/snippets/preload.conf

replace=
devices=(cheetah panther bluejay raven oriole barbet redfin bramble sunfish coral flame bonito sargo crosshatch blueline)
channels=(stable beta)
for device in ${devices[@]}; do
    for channel in ${channels[@]}; do
        metadata=$(curl -s $RELEASES_BASE/$device-$channel)
        build_id=$(echo -n $metadata | cut -d ' ' -f 3)
        build_number=$(echo -n $metadata | cut -d ' ' -f 1)
        replace+=";s@{{$device-$channel-BUILD_ID}}@$build_id@g"
        replace+=";s@{{$device-$channel-BUILD_NUMBER}}@$build_number@g"
    done
done
sed -i "$replace" static-tmp/releases.html

gixy nginx-tmp/nginx.conf

xmllint --noout static-tmp/**/*.html
# check CSS first to work around a validator bug
java -jar node_modules/vnu-jar/build/dist/vnu.jar --errors-only --also-check-css --also-check-svg static-tmp/**/*.css static-tmp/**/!(bimi).@(html|svg)
find static-tmp -name '*.html' -exec html-minifier --collapse-whitespace \
    --process-scripts "application/ld+json" --collapse-boolean-attributes \
    --remove-attribute-quotes --remove-comments --remove-empty-attributes \
    --remove-redundant-attributes --remove-script-type-attributes \
    --remove-style-link-type-attributes --sort-attributes --sort-class-name {} -o {} \;

./generate-feed.py

for file in static-tmp/**/*.@(atom|xml); do
    xmllint --noblanks "$file" --output "$file"
done

zopfli_preserve_time() {
    zopfli "$1"
    touch -r "$1" "$1.gz"
}
export -f zopfli_preserve_time

find static-tmp -regex '.+\.\(atom\|css\|html\|ico\|js\|json\|mjs\|pdf\|svg\|txt\|webmanifest\|xml\)' |
    parallel -q ::: brotli zopfli_preserve_time :::: -