name: Upstream sync

# Daily check against the upstream mirror. Fast-forwards `main` to
# `upstream/develop` when upstream has advanced, then pings the Infra
# Matrix room so we know the wallet branch is due for a rebase.
#
# See SYNC.md on the wallet branch for the full topology + procedure
# this job implements.

on:
  schedule:
    # 12:00 UTC daily — quiet time for all our time zones, avoids the
    # morning-meeting window where an unexpected Matrix ping is noise.
    - cron: '0 12 * * *'
  workflow_dispatch:  # manual trigger from the Actions UI too

jobs:
  sync-main:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout main
        uses: actions/checkout@v4
        with:
          ref: main
          fetch-depth: 0
          # Built-in token Gitea hands us — scoped to this repo, has push.
          token: ${{ secrets.GITEA_TOKEN }}

      - name: Wire upstream mirror + fetch wallet
        run: |
          set -euo pipefail
          # Sulkta-Coop/element-x-upstream is a read-only pull-mirror of
          # github.com/element-hq/element-x-android. Kept local for
          # LAN-speed fetches and offline resilience.
          git remote add upstream http://192.168.0.5:3001/Sulkta-Coop/element-x-upstream.git
          git fetch upstream develop
          git fetch origin wallet:refs/remotes/origin/wallet

      - name: Fast-forward main
        id: ff
        run: |
          set -euo pipefail
          git config user.name "sulkta-bot"
          git config user.email "bot@sulkta.com"
          OLD=$(git rev-parse --short HEAD)
          echo "main was at $OLD"
          if git merge --ff-only upstream/develop; then
            NEW=$(git rev-parse --short HEAD)
            if [ "$OLD" = "$NEW" ]; then
              echo "main already up to date with upstream/develop"
              echo "advanced=false" >> "$GITHUB_OUTPUT"
            else
              echo "main advanced: $OLD -> $NEW"
              git push origin main
              echo "advanced=true" >> "$GITHUB_OUTPUT"
              echo "old=$OLD" >> "$GITHUB_OUTPUT"
              echo "new=$NEW" >> "$GITHUB_OUTPUT"
            fi
          else
            echo "::warning::main could not fast-forward to upstream/develop — someone committed to main directly?"
            echo "advanced=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Measure wallet drift
        if: steps.ff.outputs.advanced == 'true'
        id: drift
        run: |
          set -euo pipefail
          MB=$(git merge-base refs/remotes/origin/wallet main)
          BEHIND=$(git rev-list --count "$MB..main")
          NEW_ADDED=$(git rev-list --count "$MB..upstream/develop")
          echo "behind=$BEHIND" >> "$GITHUB_OUTPUT"
          echo "new_added=$NEW_ADDED" >> "$GITHUB_OUTPUT"
          echo "wallet is $BEHIND commits behind main now; $NEW_ADDED new upstream commits this run"

      - name: Matrix notification (Infra room)
        if: steps.ff.outputs.advanced == 'true'
        env:
          MATRIX_TOKEN: ${{ secrets.MATRIX_HOUSE_BOT_TOKEN }}
        run: |
          set -euo pipefail
          TXN=$(date +%s%N)
          ROOM='!rvxiUrWpgvMTAwzjGm:sulkta.com'  # Infra
          BODY="element-x upstream advanced · main ${{ steps.ff.outputs.old }} → ${{ steps.ff.outputs.new }} (${{ steps.drift.outputs.new_added }} commits). wallet is ${{ steps.drift.outputs.behind }} commits behind — rebase before next build."

          # jq keeps the body properly JSON-escaped; safer than shell interp
          # shellcheck disable=SC2086
          PAYLOAD=$(printf '%s' "$BODY" | jq -Rs '{msgtype: "m.text", body: .}')

          curl --fail -s -X PUT \
            -H "Authorization: Bearer $MATRIX_TOKEN" \
            -H "Content-Type: application/json" \
            "https://chat.sulkta.com/_matrix/client/v3/rooms/${ROOM}/send/m.room.message/${TXN}" \
            -d "$PAYLOAD"
          echo "notified"