#!/usr/bin/env bash
set -euo pipefail

die() {
    echo $* >&2
    exit 1
}

if [ -z "${CHOCOLATEY_API_KEY:-}" ] ; then
    die '$CHOCOLATEY_API_KEY is not set'
fi

# parse command line arguments
choco_nupkg=$1

# push to chocolatey
# --debug --verbose: the server returns only an opaque 409, so capture full client output for diagnosis. GitHub Actions masks the API key.
set +e
output=$(choco push "$choco_nupkg" --source https://push.chocolatey.org/ --api-key "$CHOCOLATEY_API_KEY" --debug --verbose 2>&1)
status=$?
set -e

echo "$output"
[ "$status" -eq 0 ] && exit 0

# On failure, dump choco's own log — it can hold the real server error the console masks as a generic 409 (chocolatey/choco#2007).
choco_log="${ChocolateyInstall:-C:/ProgramData/chocolatey}/logs/chocolatey.log"
choco_log="${choco_log//\\//}"
if [ -f "$choco_log" ]; then
    echo "=== chocolatey.log (tail -200) ==="
    tail -n 200 "$choco_log" || true  # never let a log-read hiccup mask the 409 guidance below
fi

# `choco push` returns 409 when the version already exists in Chocolatey's system,
# including "pending"/"rejected" moderation states that are hidden from the public
# feed — re-pushing the same version then always fails.
if grep -qiE '409|conflict|already exists' <<<"$output"; then
    nupkg_name=$(basename "$choco_nupkg")
    version=${nupkg_name#ggshield.}
    version=${version%.nupkg}
    cat >&2 <<EOF

ERROR: Chocolatey rejected the push of ${nupkg_name} with HTTP 409 (Conflict).
Version ${version} already exists in Chocolatey's system — it was most likely
submitted earlier and is now pending or rejected in moderation. Such versions are
hidden from the public feed, so the channel looks stuck on the last approved one.

Re-pushing the same version will always 409; this release was NOT published.
Action: review the ggshield package in the maintainer view at
https://community.chocolatey.org (it lists pending/rejected versions). If
${version} is rejected, the version number is burned — publish a fresh version.
EOF
    exit 1
fi

echo "Chocolatey push of ${choco_nupkg} failed (exit ${status}). See output above." >&2
exit "$status"
