require "shellwords"

default_platform(:ios)

APP_IDENTIFIER = "net.buzzert.sybil2"
SCHEME = "Sybil"
TEAM_ID = "DQQH5H6GBD"
PROFILE_NAME = "Sybil AppStore CI"
SIGNING_IDENTITY = "Apple Distribution: James Magahern (DQQH5H6GBD)"
CI_KEYCHAIN_NAME = "sybil_ci_keychain"
IOS_ROOT = File.expand_path("..", __dir__)
PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj")
PROJECT_SPEC = File.join(IOS_ROOT, "project.yml")

def present?(value)
  !value.to_s.strip.empty?
end

def release_version
  tag = ENV["SYBIL_VERSION_TAG"].to_s
  tag = ENV["GITHUB_REF_NAME"].to_s if !present?(tag)
  tag = ENV["GITHUB_REF"].to_s.sub(%r{\Arefs/tags/}, "") if !present?(tag)
  tag = sh("git describe --tags --abbrev=0").strip if !present?(tag)
  version = tag.sub(%r{\Arelease/}, "").sub(/\Av/, "")

  unless version.match?(/\A\d+\.\d+\.\d+\z/)
    UI.user_error!("Release tag must look like v1.2.3; got #{tag.inspect}")
  end

  version
end

def ci?
  present?(ENV["CI"])
end

def ci_keychain_path
  File.expand_path("~/Library/Keychains/#{CI_KEYCHAIN_NAME}-db")
end

platform :ios do
  private_lane :app_store_api_key do
    app_store_connect_api_key(
      key_id: ENV.fetch("APP_STORE_CONNECT_KEY_ID"),
      issuer_id: ENV.fetch("APP_STORE_CONNECT_ISSUER_ID"),
      key_content: ENV.fetch("APP_STORE_CONNECT_KEY_CONTENT"),
      is_key_content_base64: true
    )
  end

  private_lane :setup_ci_signing do
    next unless ci?

    setup_ci(
      force: true,
      keychain_name: CI_KEYCHAIN_NAME,
      timeout: 3600
    )
  end

  private_lane :cleanup_ci_signing do
    next unless ci?
    next unless ENV["MATCH_KEYCHAIN_NAME"] == CI_KEYCHAIN_NAME

    delete_keychain(name: CI_KEYCHAIN_NAME)
  rescue => error
    UI.message("Unable to delete temporary CI keychain: #{error.message}")
  ensure
    ENV.delete("MATCH_KEYCHAIN_NAME")
    ENV.delete("MATCH_KEYCHAIN_PASSWORD")
  end

  private_lane :sync_signing do |options|
    match(
      type: "appstore",
      readonly: options.fetch(:readonly),
      app_identifier: APP_IDENTIFIER,
      team_id: TEAM_ID,
      profile_name: PROFILE_NAME,
      git_url: ENV.fetch("MATCH_GIT_URL"),
      git_branch: "master",
      git_full_name: "Sybil Release Bot",
      git_user_email: "james.magahern@me.com",
      api_key: options.fetch(:api_key)
    )
  end

  private_lane :verify_ci_signing do
    next unless ci?

    if File.file?(ci_keychain_path)
      password = ENV.fetch("MATCH_KEYCHAIN_PASSWORD", "")
      sh("security unlock-keychain -p #{password.shellescape} #{ci_keychain_path.shellescape}", log: false)
      sh("security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{password.shellescape} #{ci_keychain_path.shellescape}", log: false)
    end

    identities = sh("security find-identity -v -p codesigning", log: false)
    UI.message(identities)

    unless identities.include?(SIGNING_IDENTITY)
      UI.user_error!("The CI keychain search list does not contain #{SIGNING_IDENTITY}")
    end
  end

  desc "Create or update match signing assets"
  lane :setup_signing do
    sync_signing(api_key: app_store_api_key, readonly: false)
  end

  desc "Build and upload to TestFlight"
  lane :beta do
    setup_ci_signing

    api_key = app_store_api_key

    sh("xcodegen --spec #{PROJECT_SPEC.shellescape}")

    increment_version_number(
      version_number: release_version,
      xcodeproj: PROJECT_FILE
    )

    latest_build_number = latest_testflight_build_number(
      app_identifier: APP_IDENTIFIER,
      api_key: api_key,
      initial_build_number: 0
    )

    increment_build_number(
      build_number: latest_build_number + 1,
      xcodeproj: PROJECT_FILE
    )

    sync_signing(api_key: api_key, readonly: true)
    verify_ci_signing

    build_app(
      project: PROJECT_FILE,
      scheme: SCHEME,
      export_method: "app-store",
      codesigning_identity: SIGNING_IDENTITY,
      xcargs: [
        "DEVELOPMENT_TEAM=#{TEAM_ID.shellescape}",
        "CODE_SIGN_STYLE=Manual",
        "CODE_SIGN_IDENTITY=#{SIGNING_IDENTITY.shellescape}",
        "PROVISIONING_PROFILE_SPECIFIER=#{PROFILE_NAME.shellescape}"
      ].join(" "),
      export_options: {
        signingStyle: "manual",
        teamID: TEAM_ID,
        provisioningProfiles: {
          APP_IDENTIFIER => PROFILE_NAME
        }
      }
    )

    upload_to_testflight(
      api_key: api_key,
      skip_waiting_for_build_processing: true
    )
  ensure
    cleanup_ci_signing
  end
end
