#!/bin/sh

set -e # Exit immediately if anything below exits with non-zero status.

export CI_PIPELINE_RUN=true

if
  [ "$UFFIZZI_USER" ] &&
	[ "$UFFIZZI_SERVER" ] &&
	[ "$UFFIZZI_PASSWORD" ];
then
	uffizzi login --username "${UFFIZZI_USER}" --server "${UFFIZZI_SERVER}" --email
	if [ "$UFFIZZI_PROJECT" ];
	then
		uffizzi project set-default "${UFFIZZI_PROJECT}"
	fi
else
  if [ "$OIDC_TOKEN" ];
  then
		uffizzi login_by_identity_token --oidc-token "${OIDC_TOKEN}" --access-token "${ACCESS_TOKEN}" --server "${UFFIZZI_SERVER}"
	elif
    [ "$REQUEST_TOKEN" ] &&
    [ "$REQUEST_TOKEN_URL" ];
	then
    OIDC_TOKEN=$(curl -sLS "${REQUEST_TOKEN_URL}&audience=uffizzi" -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $REQUEST_TOKEN")
		uffizzi login_by_identity_token --oidc-token "${OIDC_TOKEN}" --access-token "${ACCESS_TOKEN}" --server "${UFFIZZI_SERVER}"
	elif
    [ "$ACTIONS_ID_TOKEN_REQUEST_TOKEN" ] &&
    [ "$ACTIONS_ID_TOKEN_REQUEST_URL" ];
	then
    OIDC_TOKEN=$(curl -sLS "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=uffizzi" -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN")
		uffizzi login_by_identity_token --oidc-token "${OIDC_TOKEN}" --access-token "${ACCESS_TOKEN}" --server "${UFFIZZI_SERVER}"
	else
		echo "Specify environment variables to login before executing Uffizzi CLI."
		echo "UFFIZZI_USER, UFFIZZI_SERVER, UFFIZZI_PASSWORD, and optionally UFFIZZI_PROJECT"
    echo "or"
    echo "REQUEST_TOKEN, REQUEST_TOKEN_URL and UFFFIZZI SERVER"
	fi
fi

if
	[ "$DOCKERHUB_USERNAME" ] &&
	[ "$DOCKERHUB_PASSWORD" ];
then
	uffizzi connect docker-hub --update-credential-if-exists
fi

if
	[ "$DOCKER_REGISTRY_USERNAME" ] &&
	[ "$DOCKER_REGISTRY_PASSWORD" ] &&
	[ "$DOCKER_REGISTRY_URL" ];
then
	uffizzi connect docker-registry --update-credential-if-exists
fi

if
	[ "$ACR_USERNAME" ] &&
	[ "$ACR_PASSWORD" ] &&
	[ "$ACR_REGISTRY_URL" ];
then
	uffizzi connect acr --update-credential-if-exists
fi

if
	[ "$AWS_ACCESS_KEY_ID" ] &&
	[ "$AWS_SECRET_ACCESS_KEY" ] &&
	[ "$AWS_REGISTRY_URL" ];
then
	uffizzi connect ecr --update-credential-if-exists
fi

if
	[ "$GCLOUD_SERVICE_KEY" ];
then
	uffizzi connect gcr --update-credential-if-exists
fi

if
	[ "$GITHUB_USERNAME" ] &&
	[ "$GITHUB_ACCESS_TOKEN" ];
then
	uffizzi connect ghcr --update-credential-if-exists
fi

exec uffizzi "$@"