#
# This is a shim installed automatically by the build-harness
# https://github.com/cloudposse/build-harness
#

# templates/Makefile.build-harness includes this Makefile
# and this Makefile includes templates/Makefile.build-harness
# to support different modes of invocation. Use a guard variable
# to prevent infinite recursive includes
ifeq ($(BUILD_HARNESS_TEMPLATES_MAKEFILE_GUARD),)
BUILD_HARNESS_TEMPLATES_MAKEFILE_GUARD := included

export SHELL = /bin/bash
export PWD = $(shell pwd)
export BUILD_HARNESS_ORG ?= cloudposse
export BUILD_HARNESS_PROJECT ?= build-harness
export BUILD_HARNESS_DOCKER_IMAGE ?= $(BUILD_HARNESS_ORG)/$(BUILD_HARNESS_PROJECT)
export BUILD_HARNESS_BRANCH ?= master
export BUILD_HARNESS_CLONE_URL ?= https://github.com/$(BUILD_HARNESS_ORG)/$(BUILD_HARNESS_PROJECT).git

# Resolves BUILD_HARNESS_PATH to BUILD_HARNESS_PATH_LOCAL when BUILD_HARNESS_PATH does not exist
BUILD_HARNESS_PATH ?= $(shell until [ -d "$(BUILD_HARNESS_PROJECT)" ] || [ "`pwd`" == '/' ]; do cd ..; done; pwd)/$(BUILD_HARNESS_PROJECT)
BUILD_HARNESS_PATH_LOCAL := $(PWD)/$(BUILD_HARNESS_PROJECT)
export BUILD_HARNESS_PATH := $(or $(wildcard $(BUILD_HARNESS_PATH)),$(BUILD_HARNESS_PATH_LOCAL))
# It is kind of expensive to figure out the Docker SHA tag, so we just define the command here, and only call it when needed
# With the ":=" syntax, it stores the current value of BUILD_HARNESS_PATH, so this has to come after that has been set with ":="
export BUILD_HARNESS_DOCKER_SHA_TAG_CMD := git -C "$(BUILD_HARNESS_PATH)" log -n 1 --format=sha-%h 2>/dev/null || echo latest

# Toggles the auto-init feature
BUILD_HARNESS_AUTO_INIT ?= false

# Macro to clone/install BUILD_HARNESS_PROJECT
define harness_install
curl --retry 5 --fail --silent --retry-delay 1 \
	https://raw.githubusercontent.com/$(BUILD_HARNESS_ORG)/$(BUILD_HARNESS_PROJECT)/$(BUILD_HARNESS_BRANCH)/bin/install.sh | \
	bash -s "$(BUILD_HARNESS_ORG)" "$(BUILD_HARNESS_PROJECT)" "$(BUILD_HARNESS_BRANCH)"
endef

# Macro to auto-init the BUILD_HARNESS_PROJECT with the `include` directive
# Tests if BUILD_HARNESS_PROJECT does not yet exist, or if it does exist but the
# checkout does not match BUILD_HARNESS_BRANCH
define harness_auto_init
if [[ \
	-f "/build-harness/Makefile" || -f "/$(BUILD_HARNESS_PROJECT)/Makefile" \
]]; then \
	echo "[.build-harness]: In $(BUILD_HARNESS_PROJECT) docker container, skipping auto-init" ;\
elif grep -q docker /proc/1/cgroup 2>/dev/null; then \
	echo "[.build-harness]: In unknown docker container, skipping auto-init" ;\
elif [[ \
	"$(BUILD_HARNESS_PATH)" != "$(BUILD_HARNESS_PATH_LOCAL)" && \
	-f "$(BUILD_HARNESS_PATH)/Makefile" \
]]; then \
	echo "[.build-harness]: Using external $(BUILD_HARNESS_PATH), skipping auto-init" ;\
elif [[ \
	"$(BUILD_HARNESS_PATH)" == "$(BUILD_HARNESS_PATH_LOCAL)" && \
	-f "$(BUILD_HARNESS_PATH)/Makefile" && \
	"$$(git -C '$(BUILD_HARNESS_PATH_LOCAL)' ls-remote '$(BUILD_HARNESS_CLONE_URL)' '$(BUILD_HARNESS_BRANCH)' | cut -f1)" == "$$(git -C '$(BUILD_HARNESS_PATH_LOCAL)' rev-parse HEAD)" \
]]; then \
	echo "[.build-harness]: Clone of $(BUILD_HARNESS_PROJECT) is up-to-date, skipping auto-init" ;\
else \
	$(harness_install) ;\
fi
endef

-include $(if $(findstring true,$(BUILD_HARNESS_AUTO_INIT)),$(shell $(harness_auto_init) >&2)) $(BUILD_HARNESS_PATH)/Makefile

.PHONY : init
## Init build-harness
init::
	@ $(harness_install)

.PHONY : clean
## Clean build-harness
clean::
	@if [ -d "$(BUILD_HARNESS_PATH)" ]; then \
		if [ -d build-harness ] && [ "$(BUILD_HARNESS_PATH)" -ef build-harness ]; then \
			echo rm -rf build-harness; \
			rm -rf build-harness; \
		else \
			echo Not removing build harness from "$(BUILD_HARNESS_PATH)" because it appears to be shared.; \
			echo If you are sure you want to delete it, run: ; \
			echo '   rm -rf "$(BUILD_HARNESS_PATH)"'; \
		fi; \
	fi

.PHONY: git-safe-directory

# Workaround for https://github.com/actions/checkout/issues/766
# Note that if we always add a safe directory, we are recreating the security problem git is trying to solve.
# So we only add the safe directory if we are running in a GitHub Actions environment.
git-safe-directory:
	@if remove_protection_cmd=$$(git log -1 2>&1 | grep -F 'git config --global --add safe.directory'); then \
		if [[ -n "$$GITHUB_WORKSPACE" ]]; then \
			printf "Marking directory %s as safe for git to trust\n" "$$GITHUB_WORKSPACE" >&2; \
			git config --global --add safe.directory "$$GITHUB_WORKSPACE";  \
		else \
			printf "\nGit refused to trust a directory, presumably due to dubious ownership.\n" >&2; \
			printf "GitHub Actions environment not detected, so script is not automatically trusting suspicious directory.\n\n" >&2 ;\
			printf "To trust the directory git is concerned about, run:\n\n  %s\n\n" "$$remove_protection_cmd" >&2; \
		fi \
	fi

.PHONY: build-harness/shell builder build-harness/shell/pull builder/pull builder/build builder-slim/build

build-harness/shell/pull builder/pull builder/build builder-slim/build: BUILD_HARNESS_DOCKER_SHA_TAG ?= $(shell $(BUILD_HARNESS_DOCKER_SHA_TAG_CMD))
build-harness/shell/pull builder/pull:
	docker pull $(BUILD_HARNESS_DOCKER_IMAGE):$(BUILD_HARNESS_DOCKER_SHA_TAG)
	@[[ "$(BUILD_HARNESS_DOCKER_SHA_TAG)" == "latest" ]] || docker pull $(BUILD_HARNESS_DOCKER_IMAGE):latest

builder/build: export DOCKER_IMAGE_NAME = $(BUILD_HARNESS_DOCKER_IMAGE):$(BUILD_HARNESS_DOCKER_SHA_TAG)
builder/build:
	@$(MAKE) --no-print-directory docker/build

builder-slim/build: export DOCKER_IMAGE_NAME = $(BUILD_HARNESS_DOCKER_IMAGE):slim-$(BUILD_HARNESS_DOCKER_SHA_TAG)
builder-slim/build: export DOCKER_FILE := Dockerfile.slim
builder-slim/build:
	@$(MAKE) --no-print-directory docker/build

DEFAULT_DOCKER_ENVS := AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN TERM AWS_PROFILE AWS_REGION \
	AWS_DEFAULT_PROFILE AWS_DEFAULT_REGION
EXTRA_DOCKER_ENVS ?= AWS_CONFIG_FILE AWS_SHARED_CREDENTIALS_FILE
DOCKER_ENVS ?= $(DEFAULT_DOCKER_ENVS) $(EXTRA_DOCKER_ENVS)

## Start a shell inside of the `build-harness` docker container with `make build-harness/shell` or `make builder`
## Run `make` targets inside the build-harness shell by setting `TARGETS` or `TARGET`, e.g.
##     make builder TARGETS="github/init readme"
build-harness/shell builder tester: MOUNT_HOME ?= $(shell [ -d "$$HOME" ] && printf -- "-e HOME -v \"%s\":\"%s\"" "$$HOME" "$$HOME")
build-harness/shell builder tester: TARGETS ?= $(TARGET)
build-harness/shell builder tester: ARGS := $(if $(TARGETS),$(TARGETS),-l || true)
build-harness/shell builder tester: ENTRYPOINT := $(if $(TARGETS),/usr/bin/make,/bin/bash)
build-harness/shell builder pr/pre-commit pr/readme pr/github-update: RUNNER_DOCKER_TAG ?= $(shell $(BUILD_HARNESS_DOCKER_SHA_TAG_CMD))
build-harness/shell builder pr/pre-commit pr/readme pr/github-update: RUNNER_DOCKER_IMAGE ?= $(BUILD_HARNESS_DOCKER_IMAGE)
build-harness/shell builder: build-harness/runner
	@exit 0

.PHONY: build-harness/shell-slim builder-slim pr/readme pr/readme/host pr/pre-commit pr/github-update pr/github-update/host tf14-upgrade
.PHONY: precommit/terraform pr/auto-format precommit/terraform/host pr/auto-format/host

build-harness/shell-slim builder-slim precommit/terraform pr/auto-format pr/readme tf14-upgrade: RUNNER_DOCKER_IMAGE ?= $(BUILD_HARNESS_DOCKER_IMAGE)

build-harness/shell-slim builder-slim tf14-upgrade precommit/terraform pr/auto-format pr/readme: RUNNER_DOCKER_SHA_TAG ?= $(shell $(BUILD_HARNESS_DOCKER_SHA_TAG_CMD))
build-harness/shell-slim builder-slim tf14-upgrade precommit/terraform pr/auto-format pr/readme: RUNNER_DOCKER_TAG ?= \
	$(shell docker inspect --type=image $(RUNNER_DOCKER_IMAGE):$(RUNNER_DOCKER_SHA_TAG) >/dev/null 2>&1 && \
	echo "$(RUNNER_DOCKER_SHA_TAG) " || echo "slim-$(RUNNER_DOCKER_SHA_TAG)")

build-harness/shell-slim builder-slim: TARGETS ?= $(TARGET)
build-harness/shell-slim builder-slim: ARGS := $(if $(TARGETS),$(TARGETS),-l || true)
build-harness/shell-slim builder-slim: ENTRYPOINT := $(if $(TARGETS),/usr/bin/make,/bin/bash)
build-harness/shell-slim builder-slim: build-harness/runner

precommit/terraform pr/auto-format pr/readme pr/pre-commit pr/github-update tf14-upgrade : ENTRYPOINT := /usr/bin/make

# Prior to 2023-05-17 (build-harness v1.18.0), before committing changes to a terraform module, you could run
#   make pr/auto-format
# which used this setting:
#   pr/auto-format pr/auto-format/host: ARGS := github/update terraform/fmt readme
# Now the preferred target is `precommit/terraform` but the old targets are left for backwards compatibility.

precommit/terraform pr/auto-format precommit/terraform/host pr/auto-format/host: ARGS := terraform/precommit
pr/readme pr/readme/host: ARGS := readme/deps readme
pr/github-update pr/github-update/host: ARGS := github/update
precommit/terraform pr/auto-format pr/readme pr/github-update: build-harness/runner
precommit/terraform/host pr/auto-format/host pr/readme/host pr/github-update/host: git-safe-directory
	$(MAKE) $(ARGS)

pr/pre-commit: ARGS := pre-commit/run
pr/pre-commit: build-harness/runner

tf14-upgrade: export TERRAFORM_FORCE_README := true
tf14-upgrade: ARGS := github/init terraform/v14-rewrite
tf14-upgrade: build-harness/runner

.PHONY: tester tester/pull

tester tester/pull: TEST_HARNESS_DOCKER_IMAGE ?= cloudposse/test-harness
tester tester/pull: TEST_HARNESS_DOCKER_TAG ?= latest
tester: RUNNER_DOCKER_IMAGE ?= $(TEST_HARNESS_DOCKER_IMAGE)
tester: RUNNER_DOCKER_TAG ?= $(TEST_HARNESS_DOCKER_TAG)
tester: build-harness/runner

tester/pull:
	docker pull $(TEST_HARNESS_DOCKER_IMAGE):$(TEST_HARNESS_DOCKER_TAG)


.PHONY: build-harness/runner

build-harness/runner:
	$(info Starting $(RUNNER_DOCKER_IMAGE):$(RUNNER_DOCKER_TAG))
	docker run --name build-harness \
		--rm -it \
		--platform linux/amd64 \
		-e PACKAGES_PREFER_HOST=true \
		$(addprefix -e ,$(DOCKER_ENVS)) \
		$(MOUNT_HOME) \
		-v $(CURDIR):/host \
		--workdir /host \
		--entrypoint $(ENTRYPOINT) \
		$(RUNNER_DOCKER_IMAGE):$(RUNNER_DOCKER_TAG) $(ARGS)

.PHONY: reset-owner
reset-owner:
	@if [[ -n $$(find . -xdev -user 0 -print) ]]; then \
		printf "\n* To reset ownership on files, run:\n  sudo find . -xdev -user 0 -exec chown $$USER {} \;\n\n" ; \
	else \
		printf "\n* No root-owned files found\n\n" ; \
	fi

endif