#!/bin/sh

if test -t 1; then
  # This is not foolproof. Can easily be beat by doing |cat. This is just to
  # make it less likely that secrets are output to terminal.
  echo "Error: Not outputting secret to stdout; redirect output to a file or" \
    "pipe output to \`sops\`." >/dev/stderr
  exit 1
fi

FORGEJO_VERSION="1.19.3"
FORGEJO_TAG="sha256:e1e2a9930afe7e4e6c53b7d250072e5f890894da71df681510b6b513f38d0c36"
FORGEJO_SLUG="${FORGEJO_VERSION}@${FORGEJO_TAG}"

forgejo() {
  # TODO: make this extract image tag from kustomization?
  docker run "codeberg.org/forgejo/forgejo:$FORGEJO_SLUG" forgejo "$@"
}

GITEA__SERVER__LFS_JWT_SECRET="$(forgejo generate secret LFS_JWT_SECRET)"
GITEA__SECURITY__SECRET_KEY="$(forgejo generate secret SECRET_KEY)"
GITEA__SECURITY__INTERNAL_TOKEN="$(forgejo generate secret INTERNAL_TOKEN)"

cat <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: forgejo-config
stringData:
  GITEA__SERVER__LFS_JWT_SECRET: ${GITEA__SERVER__LFS_JWT_SECRET}
  GITEA__SECURITY__SECRET_KEY: ${GITEA__SECURITY__SECRET_KEY}
  GITEA__SECURITY__INTERNAL_TOKEN: ${GITEA__SECURITY__INTERNAL_TOKEN}
EOF