#!/usr/bin/env node
/*
 * Signs an unlisted release via AMO using web-ext and outputs artifacts to releases/<version>/
 * Requires env: AMO_JWT_ISSUER, AMO_JWT_SECRET
 */
const fs = require('fs');
const path = require('path');
const { execSync } = require('child_process');

const root = path.join(__dirname, '..');
const pkg = require(path.join(root, 'package.json'));
const manifest = require(path.join(root, 'manifest.json'));

const issuer = process.env.AMO_JWT_ISSUER;
const secret = process.env.AMO_JWT_SECRET;

if (!issuer || !secret) {
  console.error('Missing AMO credentials. Set AMO_JWT_ISSUER and AMO_JWT_SECRET.');
  process.exit(1);
}

const addonId = manifest?.applications?.gecko?.id;
if (!addonId || addonId.includes('example')) {
  console.error('Invalid add-on id. Set applications.gecko.id in manifest.json to your stable ID.');
  process.exit(1);
}

const version = pkg.version;
if (!version) {
  console.error('package.json is missing version');
  process.exit(1);
}

const outDir = path.join(root, 'releases', version);
fs.mkdirSync(outDir, { recursive: true });

function run(cmd) {
  console.log(`> ${cmd}`);
  execSync(cmd, { stdio: 'inherit' });
}

try {
  // Lint before signing
  run('npx --yes web-ext lint --source-dir .');

  // Sign (unlisted) and place artifacts in releases/<version>
  const signCmd = [
    'npx --yes web-ext sign',
    '--channel=unlisted',
    `--api-key="${issuer}"`,
    `--api-secret="${secret}"`,
    `--id="${addonId}"`,
    `--artifacts-dir "${outDir}"`,
  ].join(' ');
  run(signCmd);

  console.log('\nSigned artifacts written to:', outDir);
  console.log('Next: host .xpi and update updates.json (if self-hosting updates).');
} catch (err) {
  console.error('Release signing failed:', err.message);
  process.exit(1);
}