#!/bin/bash
# SPDX-FileCopyrightText: 2025 Jiri Vyskocil
# SPDX-License-Identifier: Apache-2.0
# terok:container — this file is deployed into task containers, not used on the host.
#
# Update all updatable packages inside a terok CLI container.
# Designed to be run with sudo inside a running container when you want
# to refresh packages without a full image rebuild.

set -euo pipefail

if [[ $EUID -ne 0 ]]; then
    echo "Use sudo, man."
    exit 1
fi

# Resolve dev user's home even when running as root via sudo
DEV_HOME=$(getent passwd dev | cut -d: -f6)
NPM_PREFIX="${DEV_HOME}/.npm-packages"

allthethings.sh
sleep 1

# Detect the package manager once (deb/rpm) so we can dispatch consistently.
if command -v apt-get >/dev/null 2>&1; then
    PKG_FAMILY=deb
elif command -v dnf >/dev/null 2>&1; then
    PKG_FAMILY=rpm
else
    echo "ERROR: no supported package manager (apt-get/dnf)" >&2
    exit 1
fi

# Normalised CPU arch matching the deb/rpm naming we use for downloads.
case "$(uname -m)" in
    x86_64) ARCH=amd64; SONAR_SA=linux-x64 ;;
    aarch64) ARCH=arm64; SONAR_SA=linux-aarch64 ;;
    *) echo "Unsupported arch: $(uname -m)" >&2; exit 1 ;;
esac

echo -e "\n=== Update ALL the Things: system packages ===\n"
if [[ "$PKG_FAMILY" == "deb" ]]; then
    apt-get update && apt-get -y upgrade && rm -rf /var/lib/apt/lists/*
else
    dnf -y upgrade && dnf clean all
fi

echo -e "\n=== Update ALL the Things: npm (codex, copilot) ===\n" \
    && sudo -u dev NPM_CONFIG_PREFIX="${NPM_PREFIX}" npm update -g

echo -e "\n=== Update ALL the Things: Claude Code ===\n" \
    && sudo -u dev bash -c 'curl -fsSL https://claude.ai/install.sh | bash'

echo -e "\n=== Update ALL the Things: OpenCode ===\n" \
    && sudo -u dev bash -c 'curl -fsSL https://opencode.ai/install | bash'

echo -e "\n=== Update ALL the Things: pipx (mistral-vibe) ===\n" \
    && PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx upgrade-all

echo -e "\n=== Update ALL the Things: pip (ast-grep-cli) ===\n" \
    && pip install --break-system-packages --upgrade ast-grep-cli

echo -e "\n=== Update ALL the Things: Toad ===\n" \
    && sudo -u dev uv tool upgrade batrachian-toad \
    && rm -f /home/dev/.local/bin/toad

echo -e "\n=== Update ALL the Things: uv ===\n" \
    && curl -LsSf https://astral.sh/uv/install.sh | env UV_INSTALL_DIR=/usr/local/bin sh

echo -e "\n=== Update ALL the Things: yq ===\n" \
    && curl -fsSL -o /usr/local/bin/yq \
        "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" \
    && chmod +x /usr/local/bin/yq

# Ensure unzip is available (not present in pre-SonarScanner L1 images)
if ! command -v unzip >/dev/null 2>&1; then
    if [[ "$PKG_FAMILY" == "deb" ]]; then
        apt-get update && apt-get install -y --no-install-recommends unzip \
            && rm -rf /var/lib/apt/lists/*
    else
        dnf install -y --setopt=install_weak_deps=False unzip && dnf clean all
    fi
fi

echo -e "\n=== Update ALL the Things: SonarScanner CLI ===\n" \
    && SONAR_VERSION="8.0.1.6346" \
    && curl -fsSL -o /tmp/sonar-scanner.zip \
        "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}-${SONAR_SA}.zip" \
    && rm -rf /opt/sonar-scanner \
    && unzip -q /tmp/sonar-scanner.zip -d /opt \
    && mv "/opt/sonar-scanner-${SONAR_VERSION}-${SONAR_SA}" /opt/sonar-scanner \
    && rm /tmp/sonar-scanner.zip

echo -e "\n=== All the Things have been updated! ===\n"
