name: Update Community Skins CI

on:
  workflow_dispatch:

env:
  GITEA_API: https://${{ vars.CONTAINER_REGISTRY }}/api/v1
  TEMPLATE_PATH: .gitea/workflows/ci.yml
  IMAGE_NAME: osc/skins-image

jobs:
  fetch-template:
    name: Fetch CI Template
    runs-on: ubuntu-latest
    container:
      image: ${{ vars.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
    outputs:
      template_b64: ${{ steps.load-template.outputs.template_b64 }}

    steps:
      - name: Mask Sensitive Token
        run: echo "::add-mask::${{ secrets.TOKEN }}"

      - id: load-template
        name: Load Template from osc/skins-template
        run: |
          set -eo pipefail
          echo "📥 Fetching template from osc/skins-template@$TEMPLATE_PATH"
          resp=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" \
            "$GITEA_API/repos/osc/skins-template/contents/$TEMPLATE_PATH?ref=main")

          template_b64=$(echo "$resp" | jq -r .content)
          echo "✅ Template fetched and encoded"
          echo "template_b64=$template_b64" >> $GITHUB_OUTPUT

  discover-repositories:
    name: Discover Valid Skin Repositories
    runs-on: ubuntu-latest
    container:
      image: ${{ vars.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
    outputs:
      repo_list: ${{ steps.save-repos.outputs.repo_list }}

    steps:
      - id: find-repos
        name: Scan All Users for Valid Skin Repositories
        run: |
          set -eo pipefail
          echo "🔍 Scanning users for repositories with 'Skins' directory"
          repo_file="valid_repos.txt"
          page=1
          total_valid=0
          user_index=1
          users_total=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/admin/users" | jq 'length')

          while :; do
            users_json=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/admin/users?limit=50&page=$page")
            users_count=$(echo "$users_json" | jq 'length')
            [ "$users_count" -eq 0 ] && break

            for i in $(seq 0 $((users_count - 1))); do
              user=$(echo "$users_json" | jq -r ".[$i].login")
              echo "[$user_index/$users_total] 👤 Checking user: $user"

              repos_json=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/users/$user/repos")
              repo_count=$(echo "$repos_json" | jq 'length')

              for j in $(seq 0 $((repo_count - 1))); do
                owner=$(echo "$repos_json" | jq -r ".[$j].owner.login")
                repo=$(echo "$repos_json" | jq -r ".[$j].name")
                contents=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/repos/$owner/$repo/contents?ref=main")

                if echo "$contents" | jq -e '.[] | select(.type=="dir" and .name=="Skins")' > /dev/null; then
                  echo "$owner/$repo" >> "$repo_file"
                  echo "  ✅ Valid repo found: $owner/$repo"
                  total_valid=$((total_valid + 1))
                fi
              done
              user_index=$((user_index + 1))
            done
            page=$((page + 1))
          done

          echo "✅ Discovery complete — $total_valid valid repositories"
          echo "repo_list=$repo_file" >> $GITHUB_OUTPUT

      - id: save-repos
        name: Save Valid Repository List
        run: |
          echo "Valid repos saved to file"
          echo "repo_list=valid_repos.txt" >> $GITHUB_OUTPUT

  sync-template:
    name: Sync CI Template
    needs: [fetch-template, discover-repositories]
    runs-on: ubuntu-latest
    container:
      image: ${{ vars.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest

    steps:
      - name: Load Template Content
        run: echo "Loaded template content for update"

      - name: Read Repository List
        run: |
          cp "${{ needs.discover-repositories.outputs.repo_list }}" repos.txt
          echo "🗂️ Repositories to process:"
          cat repos.txt

      - name: Sync Template to Repositories
        run: |
          mapfile -t repos < repos.txt
          for repo_full in "${repos[@]}"; do
            owner="${repo_full%%/*}"
            repo="${repo_full##*/}"
            api="$GITEA_API/repos/$owner/$repo"

            echo "🔧 Syncing CI to: $owner/$repo"

            default_branch=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$api" | jq -r '.default_branch')
            latest_tag=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$api/tags" | jq -r '.[0].name // empty')
            url="$api/contents/$TEMPLATE_PATH"

            sha=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$url" | jq -r '.sha // empty' || true)

            if [[ -z "$sha" ]]; then
              action="Add"
              msg="Add CI from skins-template"
              payload=$(jq -nc --arg message "$msg" --arg content "${{ needs.fetch-template.outputs.template_b64 }}" --arg branch "$default_branch" \
                '{message: $message, content: $content, branch: $branch}')
            else
              action="Update"
              msg="Update CI from skins-template"
              payload=$(jq -nc --arg message "$msg" --arg content "${{ needs.fetch-template.outputs.template_b64 }}" --arg sha "$sha" --arg branch "$default_branch" \
                '{message: $message, content: $content, sha: $sha, branch: $branch}')
            fi

            if curl -sSL --fail -X PUT -H "Authorization: token ${{ secrets.TOKEN }}" -H "Content-Type: application/json" \
              -d "$payload" "$url" >/dev/null; then
              echo "✅ $action successful for $owner/$repo on branch $default_branch"
            else
              echo "❌ $action failed for $owner/$repo" >&2
            fi
          done

      - name: Cleanup
        run: rm -f repos.txt