#!/bin/bash

#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

set -e
source $(dirname "$0")/lib/job_utils.sh

require_job_env BUILD_HOME
require_job_env BUILD_ISO

load_build_env

require_job_env SECUREBOOT_FORMAL
require_job_env SIGN_ISO_FORMAL

$BUILD_ISO || bail "BUILD_ISO=false, bailing out"

if $SECUREBOOT_FORMAL ; then
    notice "signing secureboot packages"
    [[ -n "$SIGNING_SERVER" ]] || die "SECUREBOOT_FORMAL requires SIGNING_SERVER"
    sign_secure_boot_env="SIGNING_SERVER=${SIGNING_USER:-signing}@${SIGNING_SERVER}"
    stx_docker_cmd $DRY_RUN_ARG "$sign_secure_boot_env PATH=\$MY_REPO/build-tools:\$PATH sign-secure-boot_debian"
fi

build_img_args=
# Job is configured to sign the ISO with official keys.
if $SIGN_ISO_FORMAL ; then
    [[ -n "$SIGNING_SERVER" ]] || die "SIGN_ISO_FORMAL requires SIGNING_SERVER"
    # Don't sign ISO with developer keys; we will sign it separately
    # in sign-iso.sh
    build_img_args+=" --no-sign"
fi
notice "building STD ISO"
stx_docker_cmd $DRY_RUN_ARG "build-image $build_img_args"