#!/usr/bin/env bash
set -euo pipefail

# 安全推送到 Gitee：凭证从 /app/working.secret 读取，不写入仓库。
# 用法：bash scripts/gitee_push.sh

REPO_DIR=$(cd "$(dirname "$0")/.." && pwd)
cd "$REPO_DIR"

USER_FILE="/app/working.secret/gitee_user"
TOKEN_FILE="/app/working.secret/gitee_token"

if [[ ! -f "$USER_FILE" || ! -f "$TOKEN_FILE" ]]; then
  echo "缺少凭证文件："
  echo "- $USER_FILE（内容：你的 Gitee 用户名）"
  echo "- $TOKEN_FILE（内容：你的 Gitee 私人令牌）"
  echo "请你在服务器上手动创建这两个文件（不要提交到 git）。"
  exit 10
fi

ASKPASS=$(mktemp)
chmod 700 "$ASKPASS"
cat > "$ASKPASS" <<'EOF'
#!/usr/bin/env sh
prompt="$1"
if echo "$prompt" | grep -qi "username"; then
  cat /app/working.secret/gitee_user
  exit 0
fi
if echo "$prompt" | grep -qi "password"; then
  cat /app/working.secret/gitee_token
  exit 0
fi
exit 0
EOF
chmod 700 "$ASKPASS"

# 禁止交互式提示，强制走 askpass
export GIT_TERMINAL_PROMPT=0
export GIT_ASKPASS="$ASKPASS"

echo "Pushing to origin ..."
# 只推送当前分支
branch=$(git rev-parse --abbrev-ref HEAD)

git push -u origin "$branch"

rm -f "$ASKPASS"

echo "Push done."