kind: secret
name: mastodon_access_token
get:
  path: mastodon-creds
  name: access_token
---
kind: pipeline
name: hello-world
type: docker

platform:
  os: linux
  arch: arm64


steps:
  - name: block-posts-containing-tk
    image: busybox
    commands:
#      # This is necessary because, if `grep ...` doesn't find anything, it will _return_ (not print) a value of 1
#      # (non-zero return codes indicating errors in Unix - since there are many more ways for something to go wrong
#      # than there are for it to go right!), and so the `files=` assignment will also return 1, and the whole operation
#      # will be considered a failure.
#      #
#      # Since a non-zero value is truthy in Linux, we can use the OR operator (`||`) to only execute the second command
#      # if the first one errors out. So, this line can be translated to English as:
#      # "Set the variable `files` to a list of all the files that contain `TK` - unless there aren't any, in which case
#      # set it to `FILES NOT FOUND"
      - files=$(grep -rl 'TK' blog/content/posts || echo "FILES NOT FOUND")
#      # We have to filter out (`grep -v`) the "marker" value of `FILES NOT FOUND`, otherwise the no-matches case would
#      # be recorded as having 1 matching file, leading to an error-out below.
#      # (I guess _technically_ there's an edge case in that, if I ever make a blog post titled "FILES NOT FOUND" _which also_
#      # contains the string `TK`, it would slip through this check. But that feels pretty unlikely - not least because spaces
#      # are very rare in my filesystem names - so I'm ok taking that risk)
      - count=$(wc -l <(echo "$files" | grep -v "FILES NOT FOUND") | awk '{print $1}')
      - if [[ "$count" -gt "0" ]]; then
      -   echo "Found TK in $count files:"
      -   echo $files
      -   exit 1 # TODO - and alerting via Matrix!
      - fi
  - name: build-blog
    image: alpine
    # Very unlikely to need updates, and pulling images seems slow on this setup -
    # can manually reset this if necessary
    pull: if-not-exists
    commands:
      # I considered caching this install in a pre-built image in registry,
      # but the install seems pretty quick!

      # # Pinning to an old version of Hugo because ananke theme has not yet updated to remove deprecated logic
      - apk update
      - apk add hugo=0.123.0 git
      - git submodule init
      - git submodule update --recursive
      - hugo --source blog
  - name: docker-build-and-push
    image: thegeeklab/drone-docker-buildx # Absurd that this isn't offered as first-party!
    privileged: true
    settings:
      registry: gitea.scubbo.org
      username: scubbo
      password:
        from_secret: gitea_password
      repo: gitea.scubbo.org/scubbo/blog_helm
      tags:
        - ${DRONE_COMMIT_SHA:0:10}
      platforms:
        - linux/arm64
        - linux/amd64
  - name: auto-update-infra-repo
    image: gitea.scubbo.org/scubbo/auto-repo-update-drone-plugin:latest
    settings:
      branch: main
      git_repo: https://gitea.scubbo.org/scubbo/blog-infrastructure
      image_tag: ${DRONE_COMMIT_SHA:0:10}
      destination_file: helm/deployed-images/prod
      author_email: scubbojj@gmail.com
      author_name: Jack Jackson
      commit_message: "[Auto] Update Prod to ${DRONE_COMMIT_SHA:0:10}"
      access_token:
        from_secret: gitea_pat
  - name: update-argo
    image: curlimages/curl
    environment:
      ARGO_TOKEN:
        from_secret: argo_token
    commands:
      - "curl -sS -X POST \"argo-cd-argocd-server.argo.svc.cluster.local/api/v1/applications/blog-infrastructure/sync\" -H \"Authorization: Bearer ${ARGO_TOKEN}\" -H \"Content-Type: application/json\""
  - name: purge-cache
    image: curlimages/curl
    environment:
      CLOUDFLARE_TOKEN:
        from_secret: cloudflare_token
    commands:
      - "curl -sS -X POST \"https://api.cloudflare.com/client/v4/zones/c86d55d225ed973d5da45239beac2f99/purge_cache\" -H \"Authorization: Bearer ${CLOUDFLARE_TOKEN}\" -H \"Content-Type:application/json\" -d '{\"files\":[\"https://blog.scubbo.com\"]}'"
  - name: telegram_notification
    image: appleboy/drone-telegram
    when:
      status:
        - failure
        - success
    settings:
      token:
        from_secret: telegram_token
      to:
        from_secret: telegram_convo_id
  # TODO - parse the file itself to a) extract title, and b) not post if it's a draft post (or, conversely, post if it's
  # a draft that's been published - which would require changing the "is new file" logic)
  - name: mastodon_post
    image: alpine
    environment:
      MASTODON_TOKEN:
        from_secret: mastodon_access_token
    commands:
      - apk add curl git perl
      - "ADDED_FILES=$(git show --name-status --pretty=format: HEAD | grep '^A' | awk '{print $2}')"
      - if [[ "$( echo -n $ADDED_FILES | grep -c '^')" -ne 1 ]]; then
      -   echo "Non-single file added"
      - "  echo \"(DEBUG: $ADDED_FILES)\""
      -   return
      - fi
      - NEW_FILE=$(echo $ADDED_FILES | head -n1)
      - echo "New File is $NEW_FILE"
      - if ! [[ "$NEW_FILE" =~ ^blog/content/posts/.*  ]]; then
      -   echo "Sole added file was not a blog post";
      -   return;
      - fi
      # Debug - checking value
      - echo $MASTODON_TOKEN | perl -pe 's/(.)/$1:/g'
      # TODO - parameterize hostname
      - BLOG_URL=$(echo "$NEW_FILE" | perl -pe 's|blog/content|https://blog.scubbo.org|' | perl -pe 's/\.md$//')
      - echo $BLOG_URL
      - "curl -v https://fosstodon.org/api/v1/statuses -H \"Authorization: Bearer $MASTODON_TOKEN\" -F \"status=I just blogged! Check it out at $BLOG_URL\""
      - echo "Another command to give some extra output"