#!/usr/bin/env bash
# 生成对外发布用 SHA256SUMS（相对仓库根路径，便于客户执行 sha256sum -c）。
# 用法见 java/RELEASING.md
set -euo pipefail

ROOT="$(cd "$(dirname "$0")/.." && pwd)"
OUTPUT="${ROOT}/dist/sdk-release"
RUN_MVN="package"
SKIP_TESTS="-DskipTests"
NATIVE_PATH=""
SIGN="${SIGN:-0}"

usage() {
  sed -n '2,20p' "$0" | head -5
  echo "用法: $0 [--output DIR] [--verify] [--native-path DIR] [--no-mvn]"
  echo "  --output DIR       输出目录（默认 dist/sdk-release）"
  echo "  --verify           执行 mvn verify（默认为 package -DskipTests）"
  echo "  --native-path DIR  额外哈希该目录下 .so/.dylib/.dll"
  echo "  --no-mvn           不执行 Maven（假定已 package）"
  echo "环境变量 SIGN=1 且已配置 gpg 时，生成 SHA256SUMS.asc"
}

while [[ $# -gt 0 ]]; do
  case "$1" in
    --output)
      OUTPUT="$2"
      shift 2
      ;;
    --verify)
      RUN_MVN="verify"
      SKIP_TESTS=""
      shift
      ;;
    --native-path)
      NATIVE_PATH="$2"
      shift 2
      ;;
    --no-mvn)
      NO_MVN=1
      shift
      ;;
    -h|--help)
      usage
      exit 0
      ;;
    *)
      echo "未知参数: $1" >&2
      usage >&2
      exit 1
      ;;
  esac
done

mkdir -p "$OUTPUT"

if [[ -z "${NO_MVN:-}" ]]; then
  if [[ -n "$SKIP_TESTS" ]]; then
    (cd "$ROOT/java" && mvn -q $SKIP_TESTS "$RUN_MVN")
  else
    (cd "$ROOT/java" && mvn -q "$RUN_MVN")
  fi
fi

SUMFILE="${OUTPUT}/SHA256SUMS"
: >"$SUMFILE"

add_hash() {
  local file="$1"
  local rel="$2"
  local h
  if command -v sha256sum >/dev/null 2>&1; then
    h=$(sha256sum "$file" | awk '{print $1}')
  else
    h=$(shasum -a 256 "$file" | awk '{print $1}')
  fi
  echo "$h  $rel" >>"$SUMFILE"
}

for mod in craftlabs-auth-core craftlabs-auth-bitanswer craftlabs-auth-selfhosted; do
  dir="$ROOT/java/$mod/target"
  [[ -d "$dir" ]] || {
    echo "缺少目录: $dir（请先 mvn package）" >&2
    exit 1
  }
  shopt -s nullglob
  for f in "$dir"/*.jar; do
    bn=$(basename "$f")
    [[ "$bn" == *-sources.jar ]] && continue
    [[ "$bn" == *-javadoc.jar ]] && continue
    add_hash "$f" "java/$mod/target/$bn"
  done
  shopt -u nullglob
done

if [[ -f "$ROOT/schemas/craftlabs-auth-config.schema.json" ]]; then
  add_hash "$ROOT/schemas/craftlabs-auth-config.schema.json" "schemas/craftlabs-auth-config.schema.json"
fi

if [[ -n "$NATIVE_PATH" ]]; then
  [[ -d "$NATIVE_PATH" ]] || {
    echo "无效 --native-path: $NATIVE_PATH" >&2
    exit 1
  }
  find "$NATIVE_PATH" -type f \( -name '*.so' -o -name '*.dylib' -o -name '*.dll' \) | while IFS= read -r nf; do
    rel="${nf#$ROOT/}"
    add_hash "$nf" "$rel"
  done
fi

{
  echo "repo=$(basename "$ROOT")"
  git -C "$ROOT" rev-parse HEAD 2>/dev/null || echo "git=n/a"
  date -u +"%Y-%m-%dT%H:%M:%SZ"
} >"${OUTPUT}/RELEASE-MANIFEST.txt"

echo "已写入: $SUMFILE"
wc -l "$SUMFILE"

if [[ "$SIGN" == "1" ]] && command -v gpg >/dev/null 2>&1; then
  gpg --batch --yes --armor --detach-sign --output "${SUMFILE}.asc" "$SUMFILE"
  echo "已写入: ${SUMFILE}.asc"
fi

echo ""
echo "校验（在仓库根目录执行）:"
echo "  cd \"$ROOT\" && sha256sum -c \"${SUMFILE#$ROOT/}\""