#!/bin/bash
set -e

# Configuration
GPG_KEY_NAME="example"
KEY_PUBLIC="/workspace/apt-repo/pgp-key.public"
KEY_PRIVATE="/workspace/secret/pgp-key.private"
EMAIL="test@exemple.com"

echo "📦 Création du dépôt APT"
mkdir -p ./apt-repo/pool/main/binary-amd64
mkdir -p ./apt-repo/dists/stable/main/binary-amd64

# Génération des clés seulement si elles n'existent pas
make_keys() {
  echo "🔐 Génération des clés GPG"
  cat > example-pgp-key.batch <<EOF
Key-Type: RSA
Key-Length: 4096
Name-Real: $GPG_KEY_NAME
Name-Email: $EMAIL
Expire-Date: 0
%no-ask-passphrase
%no-protection
%commit
EOF

  gpg --batch --gen-key example-pgp-key.batch
  gpg --armor --export "$GPG_KEY_NAME" > "$KEY_PUBLIC"
  gpg --armor --export-secret-keys "$GPG_KEY_NAME" > "$KEY_PRIVATE"
  chmod 600 $KEY_PRIVATE
  cp "$KEY_PUBLIC" ./apt-repo/pgp-key.public
}

sign_packages() {
  cd ./apt-repo
  dpkg-scanpackages --arch amd64 pool/ > dists/stable/main/binary-amd64/Packages
  gzip -9 < dists/stable/main/binary-amd64/Packages > dists/stable/main/binary-amd64/Packages.gz

  cd dists/stable
  gpg --import /workspace/secret/pgp-key.private

  echo "⚙️ Génération de Release"
  /workspace/generate-release.sh > Release

  echo "🔏 Signature du Release"
  gpg --default-key "$GPG_KEY_NAME" -abs < Release > Release.gpg
  gpg --default-key "$GPG_KEY_NAME" --clearsign < Release > InRelease
}

if [ ! -f "$KEY_PUBLIC" ]; then
  make_keys
else
  echo "✅ Clés GPG déjà présentes, génération ignorée"
fi

echo "🚚 Copie des paquets"
cp ./depot/* ./apt-repo/pool/main/binary-amd64/ || true

sign_packages

# Lancement serveur 
echo "🚀 Lancement du serveur Gunicorn"
cd /workspace
cp index.html logo.png apt-repo/
gunicorn -b 0.0.0.0:8000 server:app
echo "📡 Dépôt APT disponible sur https://votre-domaine.tld"
echo "🔑 Clé publique disponible sur https://votre-domaine.tld/pgp-key.public"