#!/bin/sh
#
# kas - setup tool for bitbake based projects
#
# Copyright (c) Siemens AG, 2018-2021
#
# Authors:
#  Jan Kiszka <jan.kiszka@siemens.com>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

set -e

usage()
{
	printf "%b" "Usage: $0 [OPTIONS] { build | shell } [KASOPTIONS] KASFILE\n"
	printf "%b" "       $0 [OPTIONS] clean\n"
	printf "%b" "\nPositional arguments:\n"
	printf "%b" "build\t\t\tCheck out repositories and build target.\n"
	printf "%b" "shell\t\t\tRun a shell in the build environment.\n"
	printf "%b" "clean\t\t\tClean build artifacts, keep downloads.\n"
	printf "%b" "\nOptional arguments:\n"
	printf "%b" "--isar\t\t\tUse kas-isar container to build Isar image.\n"
	printf "%b" "--with-loop-dev		Pass a loop device to the " \
		    "container. Only required if\n"
	printf "%b" "\t\t\tloop-mounting is used by recipes.\n"
	printf "%b" "--runtime-args\t\tAdditional arguments to pass to the " \
			"container runtime\n"
	printf "%b" "\t\t\tfor running the build.\n"
	printf "%b" "--docker-args\t\tSame as --runtime-args (deprecated).\n"
	printf "%b" "-d\t\t\tPrint debug output.\n"
	printf "%b" "-v\t\t\tSame as -d (deprecated).\n"
	printf "%b" "--version\t\tprint program version.\n"
	printf "%b" "--ssh-dir\t\tDirectory containing SSH configurations.\n"
	printf "%b" "\t\t\tAvoid \$HOME/.ssh unless you fully trust the " \
		    "container.\n"
	printf "%b" "--aws-dir\t\tDirectory containing AWScli configuration.\n"
	printf "%b" "--git-credential-store\tFile path to the git credential " \
		    "store\n"
	printf "%b" "--no-proxy-from-env\tDo not inherit proxy settings from " \
		    "environment.\n"
	printf "%b" "--repo-ro\t\tMount current repository read-only\n" \
		    "\t\t\t(default for build command)\n"
	printf "%b" "--repo-rw\t\tMount current repository writeable\n" \
		    "\t\t\t(default for shell command)\n"
	printf "%b" "\n"
	printf "%b" "You can force the use of podman over docker using " \
		    "KAS_CONTAINER_ENGINE=podman.\n"
	exit 1
}

trace()
{
	[ -n "${KAS_VERBOSE}" ] && echo "+ $*"
	"$@"
}

enable_isar_mode() {
	KAS_CONTAINER_IMAGE_NAME_DEFAULT="kas-isar"
	KAS_ISAR_ARGS="--privileged"

	if [ "${KAS_CONTAINER_ENGINE}" = "podman" ]; then
		# sudo is needed for a privileged podman container
		KAS_CONTAINER_COMMAND="sudo ${KAS_CONTAINER_COMMAND}"
		KAS_ISAR_ARGS="${KAS_ISAR_ARGS} --pid=host"
	fi
}

KAS_IMAGE_VERSION_DEFAULT="2.4"
KAS_CONTAINER_IMAGE_PATH_DEFAULT="ghcr.io/siemens/kas"
KAS_CONTAINER_IMAGE_NAME_DEFAULT="kas"

set_container_image_var() {
	KAS_IMAGE_VERSION="${KAS_IMAGE_VERSION:-${KAS_IMAGE_VERSION_DEFAULT}}"
	KAS_CONTAINER_IMAGE_NAME="${KAS_CONTAINER_IMAGE_NAME:-${KAS_CONTAINER_IMAGE_NAME_DEFAULT}}"
	KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}"
	KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}"
	KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
}

KAS_WORK_DIR=$(readlink -f "${KAS_WORK_DIR:-$(pwd)}")
KAS_BUILD_DIR=$(readlink -f "${KAS_BUILD_DIR:-${KAS_WORK_DIR}/build}")

KAS_CONTAINER_ENGINE="${KAS_CONTAINER_ENGINE:-${KAS_DOCKER_ENGINE}}"
if [ -z "${KAS_CONTAINER_ENGINE}" ]; then
	# Try to auto-detect a container engine
	if command -v docker >/dev/null; then
		KAS_CONTAINER_ENGINE=docker
	elif command -v podman >/dev/null; then
		KAS_CONTAINER_ENGINE=podman
	else
		echo "$0: no container engine found, need docker or podman" >&2
		exit 1
	fi
fi

case "${KAS_CONTAINER_ENGINE}" in
docker)
	KAS_CONTAINER_COMMAND="docker"
	;;
podman)
	KAS_CONTAINER_COMMAND="podman"
	KAS_RUNTIME_ARGS="--userns=keep-id --security-opt label=disable"
	;;
*)
	echo "$0: unknown container engine '${KAS_CONTAINER_ENGINE}'" >&2
	exit 1
	;;
esac

# parse kas-container options
while [ $# -gt 0 ]; do
	case "$1" in
	--isar)
		enable_isar_mode
		shift 1
		;;
	--with-loop-dev)
		if ! KAS_LOOP_DEV=$(/sbin/losetup -f 2>/dev/null); then
			if [ "$(id -u)" -eq 0 ]; then
				echo "Error: loop device not available!"
				exit 1
			fi
			sudo_command="/sbin/losetup -f"
			sudo_message="[sudo] enter password to setup loop"
			sudo_message="$sudo_message devices by calling"
			sudo_message="$sudo_message '$sudo_command': "
			# SC2086: Double quote to prevent globbing and word splitting.
			# shellcheck disable=2086
			if ! KAS_LOOP_DEV=$(sudo -p "$sudo_message" $sudo_command \
				2>/dev/null); then
				echo "Error: loop device setup unsuccessful!"
				echo "try calling '$sudo_command' with root" \
					"permissions manually."
				exit 1
			fi
		fi
		KAS_WITH_LOOP_DEV="--device ${KAS_LOOP_DEV}"
		shift 1
		;;
	--runtime-args|--docker-args)
		[ $# -gt 0 ] || usage
		KAS_RUNTIME_ARGS="${KAS_RUNTIME_ARGS} $2"
		shift 2
		;;
	--ssh-dir)
		[ $# -gt 2 ] || usage
		KAS_SSH_DIR="$2"
		shift 2
		;;
	--aws-dir)
		[ $# -gt 2 ] || usage
		KAS_AWS_DIR="$2"
		shift 2
		;;
	--git-credential-store)
		[ $# -gt 2 ] || usage
		KAS_GIT_CREDENTIAL_STORE="$2"
		shift 2
		;;
	--no-proxy-from-env)
		KAS_NO_PROXY_FROM_ENV=1
		shift 1
		;;
    --repo-ro)
        KAS_REPO_MOUNT_OPT="ro"
		shift 1
		;;
    --repo-rw)
        KAS_REPO_MOUNT_OPT="rw"
		shift 1
		;;
	-v | -d)
		KAS_VERBOSE=1
		KAS_OPTIONS_DIRECT="${KAS_OPTIONS_DIRECT} -d"
		shift 1
		;;
	--version)
		echo "$(basename "$0") $KAS_IMAGE_VERSION_DEFAULT"
		exit 0
		;;
	--*)
		usage
		;;
	clean)
		[ $# -eq 1 ] || usage
		if [ -n "${KAS_ISAR_ARGS}" ]; then
			set_container_image_var
			# SC2086: Double quote to prevent globbing and word splitting.
			# shellcheck disable=2086
			trace ${KAS_CONTAINER_COMMAND} run -v "${KAS_BUILD_DIR}":/build:rw \
					 --workdir=/build --rm ${KAS_ISAR_ARGS} \
					 ${KAS_CONTAINER_IMAGE} \
					 sudo rm -rf tmp
		else
			trace rm -rf "${KAS_BUILD_DIR}/tmp"
		fi
		exit 0
		;;
	shell)
		KAS_REPO_MOUNT_OPT_DEFAULT="rw"
		KAS_CMD=$1
		shift 1
		break
		;;
	build)
		KAS_REPO_MOUNT_OPT_DEFAULT="ro"
		KAS_CMD=$1
		shift 1
		break
		;;
	*)
		usage
		;;
	esac
done

[ -n "${KAS_CMD}" ] || usage

KAS_EXTRA_BITBAKE_ARGS=0

# parse kas sub-command (build or shell) options
while [ $# -gt 0 ] && [ $KAS_EXTRA_BITBAKE_ARGS -eq 0 ]; do
	case "$1" in
	-h|--help)
		set_container_image_var
		# SC2086: Double quote to prevent globbing and word splitting.
		# shellcheck disable=2086
		trace ${KAS_CONTAINER_COMMAND} run ${KAS_CONTAINER_IMAGE} ${KAS_CMD} --help
		exit 0
		;;
	--skip|--target|--task)
		KAS_OPTIONS="${KAS_OPTIONS} $1 $2"
		shift 2
		;;
	-c|--cmd|--command)
		KAS_BITBAKE_C_OPTION_ARGS="$2"
		shift 2
		;;
	--)
		KAS_EXTRA_BITBAKE_ARGS=$#
		;;
	-*)
		KAS_OPTIONS="${KAS_OPTIONS} $1"
		shift 1
		;;
	*)
		KAS_FILES=
		# SC2086: Double quote to prevent globbing and word splitting.
		# shellcheck disable=2086
		for FILE in $(IFS=':'; echo $1); do
			if ! KAS_REAL_FILE="$(realpath -qe "$FILE")"; then
				echo "Error: configuration file '${FILE}' not found"
				exit 1
			fi
			if [ -z "${KAS_FILES}" ]; then
				KAS_FIRST_FILE="${KAS_REAL_FILE}"
				KAS_FILES="${KAS_REAL_FILE}"
			else
				KAS_FILES="${KAS_FILES}:${KAS_REAL_FILE}"
			fi
		done
		shift 1
		;;
	esac
done

[ -n "${KAS_FIRST_FILE}" ] || usage

BUILD_SYSTEM=$(grep -e "^build_system: " "${KAS_FIRST_FILE}" 2>/dev/null | sed 's/build_system:[ ]\+//')
if [ "${BUILD_SYSTEM}" = "isar" ]; then
	enable_isar_mode
fi

set_container_image_var

KAS_FILE_DIR="$(dirname "${KAS_FIRST_FILE}")"

KAS_REPO_DIR=$(git -C "${KAS_FILE_DIR}" rev-parse --show-toplevel 2>/dev/null) \
	|| KAS_REPO_DIR=$(hg --cwd "${KAS_FILE_DIR}" root 2>/dev/null) \
	|| KAS_REPO_DIR=${KAS_FILE_DIR}

KAS_REPO_MOUNT_OPT="${KAS_REPO_MOUNT_OPT:-${KAS_REPO_MOUNT_OPT_DEFAULT}}"

KAS_FILES=/repo/"$(echo "${KAS_FILES}" | sed 's|'"${KAS_REPO_DIR}"'/||g;s|:|:/repo/|g')"

trace mkdir -p "${KAS_WORK_DIR}"
trace mkdir -p "${KAS_BUILD_DIR}"

if [ "$(id -u)" -eq 0 ] && [ "${KAS_ALLOW_ROOT}" != "yes" ] ; then
	echo "Error: Running as root - may break certain recipes."
	echo "Better give a regular user docker access. Set" \
	     "KAS_ALLOW_ROOT=yes to override."
	exit 1
fi

set -- "$@" -v "${KAS_REPO_DIR}":/repo:${KAS_REPO_MOUNT_OPT} \
	-v "${KAS_WORK_DIR}":/work:rw --workdir=/work \
	-v "${KAS_BUILD_DIR}":/build:rw \
	-e KAS_BUILD_DIR=/build \
	-e USER_ID="$(id -u)" -e GROUP_ID="$(id -g)" --rm

if [ -n "${KAS_SSH_DIR}" ] ; then
	if [ ! -d "${KAS_SSH_DIR}" ]; then
		echo "Passed KAS_SSH_DIR '${KAS_SSH_DIR}' is not a directory"
		exit 1
	fi
	set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/etc/skel/.ssh:ro
fi

if [ -n "${KAS_AWS_DIR}" ] ; then
	if [ ! -d "${KAS_AWS_DIR}" ]; then
		echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
		exit 1
	fi
	set -- "$@" -v "$(readlink -f "${KAS_AWS_DIR}")":/etc/skel/.aws:ro \
		-e AWS_CONFIG_FILE="${AWS_CONFIG_FILE:-/etc/skel/.aws/config}" \
		-e AWS_SHARED_CREDENTIALS_FILE="${AWS_SHARED_CREDENTIALS_FILE:-/etc/skel/.aws/credentials}"
fi

KAS_GIT_CREDENTIAL_HELPER_DEFAULT=""

if [ -n "${KAS_GIT_CREDENTIAL_STORE}" ] ; then
	if [ ! -f "${KAS_GIT_CREDENTIAL_STORE}" ]; then
		echo "Passed KAS_GIT_CREDENTIAL_STORE '${KAS_AWS_DIR}' is not a file"
		exit 1
	fi
	KAS_GIT_CREDENTIAL_HELPER_DEFAULT="store --file=/etc/skel/.git-credentials"
	set -- "$@" -v "$(readlink -f "${KAS_GIT_CREDENTIAL_STORE}")":/etc/skel/.git-credentials:ro
fi

GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER:-${KAS_GIT_CREDENTIAL_HELPER_DEFAULT}}"

if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then
	set -- "$@" -e GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER}"
fi

if [ -t 1 ]; then
	set -- "$@" -t -i
fi

if [ -n "${DL_DIR}" ]; then
	trace mkdir -p "${DL_DIR}"
	set -- "$@" \
		-v "$(readlink -f "${DL_DIR}")":/downloads:rw \
		-e DL_DIR=/downloads
fi

if [ -n "${SSTATE_DIR}" ]; then
	trace mkdir -p "${SSTATE_DIR}"
	set -- "$@" \
		-v "$(readlink -f "${SSTATE_DIR}")":/sstate:rw \
		-e SSTATE_DIR=/sstate
fi

if [ -n "${KAS_REPO_REF_DIR}" ]; then
	set -- "$@" \
		-v "$(readlink -f "${KAS_REPO_REF_DIR}")":/repo-ref:ro \
		-e KAS_REPO_REF_DIR=/repo-ref
fi

for var in TERM KAS_DISTRO KAS_MACHINE KAS_TARGET KAS_TASK \
           KAS_PREMIRRORS; do
	if [ -n "$(eval echo \$${var})" ]; then
		set -- "$@" -e "${var}=$(eval echo \"\$${var}\")"
	fi
done

# propagate only supported SHELL settings
case "$SHELL" in
/bin/sh|/bin/bash|/bin/dash)
	set -- "$@" -e "SHELL=$SHELL"
	;;
*)
	set -- "$@" -e "SHELL=/bin/bash"
	;;
esac

if [ -z "${KAS_NO_PROXY_FROM_ENV+x}" ]; then
	for var in http_proxy https_proxy ftp_proxy no_proxy NO_PROXY; do
		if [ -n "$(eval echo \$${var})" ]; then
			set -- "$@" -e "${var}=$(eval echo \$${var})"
		fi
	done
fi

# SC2086: Double quote to prevent globbing and word splitting.
# shellcheck disable=2086
set -- "$@" ${KAS_ISAR_ARGS} ${KAS_WITH_LOOP_DEV} ${KAS_RUNTIME_ARGS} \
    ${KAS_CONTAINER_IMAGE} ${KAS_OPTIONS_DIRECT} ${KAS_CMD} ${KAS_OPTIONS}
if [ -n "${KAS_BITBAKE_C_OPTION_ARGS}" ]; then
	set -- "$@" -c "${KAS_BITBAKE_C_OPTION_ARGS}"
fi
# SC2086: Double quote to prevent globbing and word splitting.
# shellcheck disable=2086
set -- "$@" ${KAS_FILES}

# rotate any extra bitbake args from the front to the end of the argument list
while [ $KAS_EXTRA_BITBAKE_ARGS -gt 0 ]; do
	arg="$1"
	shift 1
	set -- "$@" "$arg"
	KAS_EXTRA_BITBAKE_ARGS=$((KAS_EXTRA_BITBAKE_ARGS - 1))
done

trace ${KAS_CONTAINER_COMMAND} run "$@"