#!/bin/bash
set -eux

ORGANIZATION="openSUSE-Python"
cd /home/pymirrors/repos/

ORIG_REPO="$1"

# Argument can be both full URL as well as just owner/reponame string
if [[ "$ORIG_REPO" =~ "http" ]]; then
    OR="${ORIG_REPO##*.com/}"
    ORIG_REPO="${OR%%.git}"
fi

GH_TMP_DATA=$(mktemp /tmp/gh_data.XXXXXX.json) || exit 1
trap 'rm -f "${GH_TMP_DATA}"' EXIT

DIRNAME="$(basename "${ORIG_REPO}")"
NEW_REPO="${ORGANIZATION}/${DIRNAME}"

# Repository has been already checked out
[ -d "$DIRNAME" ] && exit 0

git clone "https://github.com/${ORIG_REPO}.git"

cd "${DIRNAME}"

# Get credentials
# This is still not sufficiently general: git-credential(1) cannot provide
# anything else than login/password duo, and we need GH personal access
# token.
# PASSWORD=$(echo 'url=https://github.com/${ORIG_REPO}.git'|git credential fill| \
#    awk -F= '/password/ { print $2 ; exit }')
# So, I use this directly, but it is not general enough
PASSWORD=$(pass show dev/github.com|awk '/^token:/ {print $2}')

# Fork repository
curl -s -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
     --json "{ \"organization\": \"${ORGANIZATION}\" , \
               \"default_branch_only\": \"true\" }" \
    "https://api.github.com/repos/${ORIG_REPO}/forks" >"${GH_TMP_DATA}"

# Set defaults of the repository (we have to first switch alerts on, to switch off fixes)
curl -s -X PUT -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
    "https://api.github.com/repos/${NEW_REPO}/vulnerability-alerts"
curl -s -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
    "https://api.github.com/repos/${NEW_REPO}/automated-security-fixes"
curl -s -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
    "https://api.github.com/repos/${NEW_REPO}/vulnerability-alerts"

# Set the main branch protected
# DEF_BRANCH=$(awk -F '"' '/default_branch/ {print $4; exit}' "${GH_TMP_DATA}")
# Somehow doesn't work FIXME
# curl -s -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
#     "https://api.github.com/repos/${NEW_REPO}/branches/${DEF_BRANCH}/protection/enforce_admins"

# Set remotes correctly
git remote add github \
    "$(awk -F '"' '/clone_url/ {print $4 ; exit}' "${GH_TMP_DATA}")"
git remote set-url --push github \
    "$(awk -F '"' '/ssh_url/ {print $4 ; exit}' "${GH_TMP_DATA}")"
git remote update
git remote -v