#!/usr/bin/env sh

. ./common.sh

direnv allow

CMD=${1:-""}

start_ci

trap ci_error INT TERM

ci_branch=$(date +"%Y%m%dT%H%M%S%z")
can_sign=0

for i in $(ssh-add -L | awk '{print $NF}'); do
	grep -q $i .allowed_signers && can_sign=1
done

if [ $can_sign != 1 ]; then
	echo "Can't find signing key."
	exit 1
fi

git pull || handle_pull_fail

if [ "${1}" = "update" ]; then
	git checkout -b "${ci_branch}" || handle_co_fail
	nix flake update --commit-lock-file || handle_update_fail
	nix flake check || handle_check_fail
	git checkout main || handle_co_fail
	git merge "${ci_branch}" || handle_merge_fail

	# Agent is configured to forget keys after X, if that happens we need to re-add before push
	agentHasKey "$(cat /run/secrets/ci_ed25519_pub | awk '{print $2}')" ||
		ssh-add /run/secrets/ci_ed25519_key
	git push || handle_push_fail
else
	nix flake check || handle_check_fail
fi

finish