#!/usr/bin/env bash
IFS=$'\n\t'
set -euo pipefail

# This script is primarily for saas sites to ensure that they are complying
# with GovCMS conditions.

# @todo switch this to use govCMS/govcms-scaffold when the scaffold is retired.
SCAFFOLD_REPO="https://github.com/govCMS/govcms8-scaffold-paas.git"

WORKSPACE="/tmp/govcms-vet"
SCAFFOLD="${WORKSPACE}/scaffold"
CLIENTCODE="${WORKSPACE}/clientcode"
SOURCE="$PWD"

# Flavour (saas/paas) and version can be passed in to test a codebase.
FLAVOUR=$(yq read .version.yml type)
FLAVOUR=${1:-"$FLAVOUR"}
VERSION=$(yq read .version.yml scaffold)
VERSION=${2:-"$VERSION"}

if [[ "$FLAVOUR" = "paas" ]] ; then
    # By default PaaS users will see green in their CI, but can inspect the job to see all warnings.
    ON_ERROR=0
elif [[ "$FLAVOUR" = "saas" ]] || [[ "$FLAVOUR" = "saasplus" ]] ; then
    ON_ERROR=1
else
    echo "Not a relevant SaaS/PaaS project? Vetting skipped."
    # Since this script should not be used on non-Drupal sites, raise an exit code in case
    # it's a saas site with a broken yml.
    exit 1
fi

# Prepare files for comparison.
rm -Rf "$WORKSPACE"
mkdir -p "$CLIENTCODE"
git clone --depth=1 --quiet --branch="$VERSION" "$SCAFFOLD_REPO" "$SCAFFOLD"
git --work-tree="$CLIENTCODE" checkout HEAD -- .

exit_code=0
echo -e "\033[0;32mGovCMS Platform vetting script\033[0m"
echo "Build flavour: $FLAVOUR"
echo "Source: $SOURCE"
echo "Clean git source: $CLIENTCODE"
echo "Ideal code: $SCAFFOLD"
echo "Default exit code: $ON_ERROR"

# A function to compare two strings.
function compare() {
    if [[ "$1" != "$2" ]] ; then
        echo -e "\033[0;91mProblem\033[0m:" "$4"
        echo -e "  Ideal value:\n    --$2--"
        echo -e "  Found value:\n    --$1--"
        exit_code="$ON_ERROR"
    else
        echo -e "\033[0;32mOK:\033[0m" "$3"
    fi
}

# We could just compare the whole composer file (and others) with the scaffold but
# checking the things that matter is more informative, and means we are not overly
# restrictive.

compare \
    "$(jq -c '.repositories' < ${CLIENTCODE}/composer.json)" \
    "$(jq -c '.repositories' < ${SCAFFOLD}/composer.json)" \
    "Composer repositories are default." \
    "The repositories section of composer.json does not match the scaffold. [vet-001]"

compare \
    "$(jq -c '.extra["enable-patching"]' < ${CLIENTCODE}/composer.json)" \
    "$(jq -c '.extra["enable-patching"]' < ${SCAFFOLD}/composer.json)" \
    "Composer patching is enabled." \
    "The composer.json does not enable patching. [vet-002]"

compare \
    "$(jq -c '.scripts' < ${CLIENTCODE}/composer.json)" \
    "$(jq -c '.scripts' < ${SCAFFOLD}/composer.json)" \
    "Composer scripts section is default." \
    "The scripts section of composer.json does not match the scaffold. [vet-003]"

compare \
    "$(composer config extra.patches-file -d ${CLIENTCODE})" \
    "$(composer config extra.patches-file -d ${SCAFFOLD})" \
    "Composer patches file location is default." \
    "The patches file section of composer.json does not match the scaffold. [vet-004]"

# SaaS prevented modifying the patch.json, but this may change.
compare \
    "$(jq -c '.patches' < ${CLIENTCODE}/custom/composer/patches.json)" \
    "$(jq -c '.patches' < ${SCAFFOLD}/custom/composer/patches.json)" \
    "Composer patches file matches the scaffold" \
    "There are custom composer patches. [vet-005]"

compare \
    "$(jq -c 'keys' < ${CLIENTCODE}/custom/composer/composer.json)" \
    "$(jq -c 'keys' < ${SCAFFOLD}/custom/composer/composer.json)" \
    "The custom/composer/composer.json keys are as expected." \
    "There are additional keys set in the custom/composer/composer.json [vet-006]"

# There is no known way to enable a Drupal module outside a "modules" directory.
compare \
    " $(find $CLIENTCODE/web -type f -name "*.info.yml" | grep modules)" \
    " " \
    "No custom Drupal modules were found." \
    "There are custom Drupal modules in the repository. [vet-007]"

exit "$exit_code"
