name: Check for Flutter SDK, Android SDK, and Base Image Updates

on:
  schedule:
    - cron: '0 8 * * *'
  workflow_dispatch:

jobs:
  check-update:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Get latest Flutter stable version
        id: flutter
        run: |
          RESPONSE=$(curl -fsSL https://storage.googleapis.com/flutter_infra_release/releases/releases_linux.json)
          LATEST=$(echo "$RESPONSE" | jq -r '.current_release.stable as $hash | .releases[] | select(.hash == $hash and .channel == "stable") | .version')
          echo "version=${LATEST}" >> $GITHUB_OUTPUT
          echo "Latest Flutter stable: ${LATEST}"

      - name: Get latest Android SDK versions
        id: android
        run: |
          REPO_XML=$(curl -fsSL "https://dl.google.com/android/repository/repository2-1.xml")

          # Latest stable build-tools (exclude rc/alpha/beta)
          BUILD_TOOLS=$(echo "$REPO_XML" | grep -o 'path="build-tools;[0-9]*\.[0-9]*\.[0-9]*"' | \
            sed 's/path="build-tools;//;s/"//' | sort -V | tail -1)

          # Latest stable platform
          PLATFORM=$(echo "$REPO_XML" | grep -o 'path="platforms;android-[0-9]*"' | \
            sed 's/path="platforms;android-//;s/"//' | sort -n | tail -1)

          # Latest cmdline-tools download ID
          CMDLINE_DOWNLOAD=$(echo "$REPO_XML" | grep -o 'commandlinetools-linux-[0-9]*_latest' | \
            sed 's/commandlinetools-linux-//;s/_latest//' | sort -n | tail -1)

          echo "build_tools=${BUILD_TOOLS}" >> $GITHUB_OUTPUT
          echo "platform=${PLATFORM}" >> $GITHUB_OUTPUT
          echo "cmdline_tools=${CMDLINE_DOWNLOAD}" >> $GITHUB_OUTPUT

          echo "Latest Android build-tools: ${BUILD_TOOLS}"
          echo "Latest Android platform: ${PLATFORM}"
          echo "Latest cmdline-tools download: ${CMDLINE_DOWNLOAD}"

      - name: Check current Android SDK versions in Dockerfile
        id: current
        run: |
          CURRENT_CMDLINE=$(grep -o 'ANDROID_SDK_TOOLS_VERSION=[0-9]*' Dockerfile.android | cut -d= -f2)
          CURRENT_BUILD_TOOLS=$(grep -o 'ANDROID_BUILD_TOOLS=[0-9.]*' Dockerfile.android | cut -d= -f2)
          CURRENT_PLATFORM=$(grep -o 'ANDROID_COMPILE_SDK=[0-9]*' Dockerfile.android | cut -d= -f2)

          echo "cmdline_tools=${CURRENT_CMDLINE}" >> $GITHUB_OUTPUT
          echo "build_tools=${CURRENT_BUILD_TOOLS}" >> $GITHUB_OUTPUT
          echo "platform=${CURRENT_PLATFORM}" >> $GITHUB_OUTPUT

          echo "Current cmdline-tools: ${CURRENT_CMDLINE}"
          echo "Current build-tools: ${CURRENT_BUILD_TOOLS}"
          echo "Current platform: ${CURRENT_PLATFORM}"

      - name: Check if Flutter release already exists
        id: existing
        run: |
          VERSION="${{ steps.flutter.outputs.version }}"
          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
            "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/tags/${VERSION}")
          if [ "$STATUS" = "200" ]; then
            echo "exists=true" >> $GITHUB_OUTPUT
            echo "Release ${VERSION} already exists, skipping"
          else
            echo "exists=false" >> $GITHUB_OUTPUT
            echo "Release ${VERSION} not found, will create"
          fi

      - name: Determine if Android SDK update is needed
        id: android_update
        run: |
          NEEDS_UPDATE=false

          if [ "${{ steps.android.outputs.cmdline_tools }}" != "${{ steps.current.outputs.cmdline_tools }}" ]; then
            echo "cmdline-tools update available: ${{ steps.current.outputs.cmdline_tools }} -> ${{ steps.android.outputs.cmdline_tools }}"
            NEEDS_UPDATE=true
          fi

          if [ "${{ steps.android.outputs.build_tools }}" != "${{ steps.current.outputs.build_tools }}" ]; then
            echo "build-tools update available: ${{ steps.current.outputs.build_tools }} -> ${{ steps.android.outputs.build_tools }}"
            NEEDS_UPDATE=true
          fi

          if [ "${{ steps.android.outputs.platform }}" != "${{ steps.current.outputs.platform }}" ]; then
            echo "platform update available: ${{ steps.current.outputs.platform }} -> ${{ steps.android.outputs.platform }}"
            NEEDS_UPDATE=true
          fi

          echo "needs_update=${NEEDS_UPDATE}" >> $GITHUB_OUTPUT

      - name: Check Wolfi base image updates
        id: base_images
        run: |
          # Get current digests from Docker Hub
          WEB_DIGEST=$(curl -s "https://hub.docker.com/v2/repositories/svrnty/base-distro/tags/flutter-sdk-latest" | jq -r '.digest // empty')
          ANDROID_DIGEST=$(curl -s "https://hub.docker.com/v2/repositories/svrnty/base-distro/tags/flutter-sdk-android-latest" | jq -r '.digest // empty')
          LINUX_DIGEST=$(curl -s "https://hub.docker.com/v2/repositories/svrnty/base-distro/tags/flutter-sdk-linux-latest" | jq -r '.digest // empty')

          echo "Current base image digests:"
          echo "  web: ${WEB_DIGEST}"
          echo "  android: ${ANDROID_DIGEST}"
          echo "  linux: ${LINUX_DIGEST}"

          # Load stored digests
          STORED_WEB=$(grep '^web=' .base-digests 2>/dev/null | cut -d= -f2 || echo "")
          STORED_ANDROID=$(grep '^android=' .base-digests 2>/dev/null | cut -d= -f2 || echo "")
          STORED_LINUX=$(grep '^linux=' .base-digests 2>/dev/null | cut -d= -f2 || echo "")

          # Compare
          NEEDS_REBUILD=false
          if [ -n "$WEB_DIGEST" ] && [ "$WEB_DIGEST" != "$STORED_WEB" ]; then
            echo "Web base image updated"
            NEEDS_REBUILD=true
          fi
          if [ -n "$ANDROID_DIGEST" ] && [ "$ANDROID_DIGEST" != "$STORED_ANDROID" ]; then
            echo "Android base image updated"
            NEEDS_REBUILD=true
          fi
          if [ -n "$LINUX_DIGEST" ] && [ "$LINUX_DIGEST" != "$STORED_LINUX" ]; then
            echo "Linux base image updated"
            NEEDS_REBUILD=true
          fi

          echo "needs_rebuild=${NEEDS_REBUILD}" >> $GITHUB_OUTPUT
          echo "web_digest=${WEB_DIGEST}" >> $GITHUB_OUTPUT
          echo "android_digest=${ANDROID_DIGEST}" >> $GITHUB_OUTPUT
          echo "linux_digest=${LINUX_DIGEST}" >> $GITHUB_OUTPUT

      - name: Trigger rebuild for base image updates
        if: steps.base_images.outputs.needs_rebuild == 'true' && steps.existing.outputs.exists == 'true'
        run: |
          VERSION="${{ steps.flutter.outputs.version }}"
          echo "Base image updated, triggering rebuild for Flutter ${VERSION}"

          # Update stored digests
          cat > .base-digests << EOF
          web=${{ steps.base_images.outputs.web_digest }}
          android=${{ steps.base_images.outputs.android_digest }}
          linux=${{ steps.base_images.outputs.linux_digest }}
          EOF

          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add .base-digests
          git commit -m "Update base image digests (Wolfi security update)"
          git push

          # Trigger rebuild by creating a prerelease
          curl -fsSL -X POST \
            -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
            -H "Content-Type: application/json" \
            "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases" \
            -d "{
              \"tag_name\": \"${VERSION}-rebuild-$(date +%Y%m%d)\",
              \"name\": \"Security rebuild ${VERSION}\",
              \"body\": \"Automated rebuild for Wolfi base image security updates\",
              \"draft\": false,
              \"prerelease\": true
            }"

      - name: Create release for new Flutter version
        if: steps.existing.outputs.exists == 'false' && steps.flutter.outputs.version != ''
        run: |
          VERSION="${{ steps.flutter.outputs.version }}"
          echo "Creating release for Flutter ${VERSION}"
          curl -fsSL -X POST \
            -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
            -H "Content-Type: application/json" \
            "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases" \
            -d "{
              \"tag_name\": \"${VERSION}\",
              \"name\": \"Flutter SDK ${VERSION}\",
              \"body\": \"Automated release for Flutter stable ${VERSION}\",
              \"draft\": false,
              \"prerelease\": false
            }"

      - name: Create issue for Android SDK updates
        if: steps.android_update.outputs.needs_update == 'true'
        run: |
          BODY="Android SDK updates are available:\n\n"
          BODY+="| Component | Current | Latest |\n"
          BODY+="|-----------|---------|--------|\n"
          BODY+="| cmdline-tools | ${{ steps.current.outputs.cmdline_tools }} | ${{ steps.android.outputs.cmdline_tools }} |\n"
          BODY+="| build-tools | ${{ steps.current.outputs.build_tools }} | ${{ steps.android.outputs.build_tools }} |\n"
          BODY+="| platform | ${{ steps.current.outputs.platform }} | ${{ steps.android.outputs.platform }} |\n"
          BODY+="\nUpdate \`Dockerfile.android\` to use the latest versions."

          # Check if issue already exists
          EXISTING=$(curl -s -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
            "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues?state=open&labels=android-sdk-update" | jq length)

          if [ "$EXISTING" = "0" ]; then
            curl -fsSL -X POST \
              -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
              -H "Content-Type: application/json" \
              "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues" \
              -d "{
                \"title\": \"Android SDK updates available\",
                \"body\": \"$(echo -e "$BODY")\",
                \"labels\": [\"android-sdk-update\"]
              }"
            echo "Created issue for Android SDK updates"
          else
            echo "Issue for Android SDK updates already exists"
          fi