#!/bin/sh

set -eu

base=$(readlink -f "$(dirname "$(readlink -f "$0")")/../..")
. "$base/lib/environment.sh"

# We need to be called as root, even though we eventually run as debci
if [ "$(whoami)" != root ]; then
  echo "E: This script must be run as root"
  exit 1
fi

# fail right away if podman is not installed
if ! which podman >/dev/null; then
  echo "E: podman is not installed"
  exit 1
fi


if [ -z "${debci_suite}" ]; then
  echo "ERROR: \$debci_suite not set." >&2
  exit 1
elif [ -z "${debci_mirror}" ]; then
  echo "ERROR: \$debci_mirror not set." >&2
  exit 1
fi

# determine whether it's Debian or Ubuntu
script="/usr/share/debootstrap/scripts/${debci_suite:?}"
if [ -r "$script" ]; then
  if grep -q ubuntu.com "$script"; then
    distro=ubuntu
  elif grep -q kali.org "$script"; then
    distro=kali
  else
    distro=debian
  fi
else
  echo "ERROR: $script does not exist; debootstrap is not installed, or $debci_suite is an unknown suite" >&2
  exit 1
fi

build_dir="$(mktemp -d --tmpdir "debci-podman-XXXXXXXX.image")"
sources_list="$build_dir/sources.list"
script="$build_dir/customize.sh"
trap 'rm -rf "$build_dir"' INT TERM EXIT

if [ "$distro" = debian ]; then

  debci-generate-apt-sources \
    --source \
    -- \
    "$debci_suite" > "$sources_list"
#  export AUTOPKGTEST_APT_SOURCES_FILE="$sources_list"
fi

# configure guest proxy
#if [ -n "${GUEST_PROXY:-}" ]; then
#  echo "echo \"Acquire::http::Proxy \\\"$GUEST_PROXY\\\" ;\" > /etc/apt/apt.conf.d/70proxy" >> "$script"
#else
#  cat >> "$script" <<EOF
#if apt-cache show auto-apt-proxy >/dev/null 2>&1; then
#  DEBIAN_FRONTEND=noninteractive \
#    apt-get install auto-apt-proxy -q -y --no-install-recommends
#fi
#EOF
#fi

renderGID="$(getent group render | cut -d: -f3)"
cat >> "$script" <<EOF
DEBIAN_FRONTEND=noninteractive \
  apt-get install dpkg-dev ca-certificates -q -y --no-install-recommends

DEBIAN_FRONTEND=noninteractive \
  apt-get clean
rm -rf /var/lib/apt/lists/*

groupadd --force --system --gid $renderGID render

useradd \
  --home-dir /home/debci \
  --create-home \
  --groups audio,video,render \
  debci

# This is needed because there will be a setgroups() call and in the
# container, root isn't actually root
usermod \
  --groups audio,video,render \
  --append \
  root
EOF


cd "$build_dir"
debootstrap --verbose --variant=minbase "$debci_suite" ./rootfs "$debci_mirror"
tar -C rootfs --gz -cpf rootfs.tar.gz .
rm -rf rootfs

cp /usr/share/autopkgtest/setup-commands/setup-testbed "$build_dir/"
cat > "$build_dir/Dockerfile" <<EOF
FROM scratch

ARG AUTOPKGTEST_APT_PROXY=
ARG AUTOPKGTEST_APT_SOURCES=
ARG AUTOPKGTEST_APT_SOURCES_FILE=/sources.list
ARG AUTOPKGTEST_KEEP_APT_SOURCES=
ARG AUTOPKGTEST_SETUP_APT_PROXY=
ARG AUTOPKGTEST_SETUP_INIT_SYSTEM=
ARG AUTOPKGTEST_SETUP_VM_POST_COMMAND=
ARG AUTOPKGTEST_SETUP_VM_UPGRADE=
ARG MIRROR=${debci_mirror}
ARG RELEASE=${debci_suite}

ADD rootfs.tar.gz .

COPY setup-testbed customize.sh sources.list /
RUN sh -eux /setup-testbed /
RUN sh -eux /customize.sh
RUN rm -f /setup-testbed /customize.sh sources.list

CMD ["bash"]
EOF

chmod a+r "$build_dir"/*
chmod a+rx "$build_dir"

storage_root="/var/lib/debci/podman+rocm/storage"
tag_name="debci/$distro:$debci_suite"

# We need a system login session for debci (cgroups, namespaces, etc.)
# The below is a hack that will run 'su' in a transient system level scope,
# which (through PAM) will start a login session for debci.
# https://unix.stackexchange.com/questions/703410/why-isnt-a-systemd-user-session-started-by-su
# systemd-run --system --scope su -c "<command>" /run/user -l debci

systemd-run --system --scope su -c "podman build -t $tag_name $build_dir" -l debci
systemd-run --system --scope su -c "podman image prune -f -a --filter='until=168h'" -l debci

echo "Build of $tag_name" completed successfully.
