#!/usr/bin/env bash
set -euo pipefail

# Package a scanner analyzer plugin with checksum and SBOM.
# Usage: package-analyzer.sh <project-path> <name>

if [[ $# -lt 2 ]]; then
  echo "Usage: $0 <project-path> <name>" >&2
  exit 64
fi

PROJECT=$1
NAME=$2
CONFIG=${CONFIG:-Release}
RID=${RID:-linux-x64}
OUT_ROOT="out/scanner-analyzers/${NAME}"
PUBLISH_DIR="${OUT_ROOT}/publish"
mkdir -p "$PUBLISH_DIR"

if ! command -v dotnet >/dev/null 2>&1; then
  echo "[analyzer] dotnet CLI not found" >&2
  exit 69
fi

echo "[analyzer] publishing ${NAME} (${PROJECT}) for ${RID}"
dotnet publish "$PROJECT" -c "$CONFIG" -r "$RID" --self-contained true -p:PublishSingleFile=true -p:PublishTrimmed=false -o "$PUBLISH_DIR" >/dev/null

ARCHIVE="${OUT_ROOT}/${NAME}-${RID}.tar.gz"
tar -C "$PUBLISH_DIR" -czf "$ARCHIVE" .
sha256sum "$ARCHIVE" > "${ARCHIVE}.sha256"

if command -v syft >/dev/null 2>&1; then
  syft "dir:${PUBLISH_DIR}" -o json > "${ARCHIVE}.sbom.json"
fi

cat > "${OUT_ROOT}/manifest.json" <<EOF
{
  "name": "${NAME}",
  "project": "${PROJECT}",
  "rid": "${RID}",
  "generated_at": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")",
  "archive": "$(basename "$ARCHIVE")"
}
EOF

echo "[analyzer] packaged ${NAME} at ${ARCHIVE}"