#!/usr/bin/env bash

set -euo pipefail

if ! which rsign >/dev/null; then
    echo "Requires rsign2 tool: $ cargo install rsign2"
    exit 2
fi

missing=""
for f in {B3,SHA512}SUMS{,.auto.minisig}; do
    [[ ! -f "$f" ]] && missing="$missing $f"
done

if [[ ! -z "$missing" ]]; then
    echo "Usage: bin/sign [rsign options...]"
    echo "You must first download the relevant sums and minisig files."
    echo "Missing: $missing"
    exit 1
fi

sigs=""
for algo in B3 SHA512; do
    echo "Verifying ${algo}SUMS.auto.minisig:"
    rsign verify \
        -p "$(dirname $BASH_SOURCE)/../.github/workflows/release.pub" \
        -x "${algo}SUMS.auto.minisig" \
        "${algo}SUMS"

    version=$(grep -m1 -oP 'cargo-watch-v[\d.]+' "${algo}SUMS" | cut -d- -f3)
    ownsig="${algo}SUMS.$(whoami).minisig"
    sigs="$sigs $ownsig"

    echo "Signing ${algo}SUMS with your key to $ownsig:"
    rsign sign \
        -t "cargo-watch $version signed by maintainer: $(whoami)" \
        -c 'see README.md for signing information' \
        -x "$ownsig" \
        $@ \
        "${algo}SUMS"
done

echo "Done; please upload $sigs to Github release $version!"
