name: Generate Checksums
on:
  push:
    branches:
      - main
  pull_request:
permissions:
  contents: write
jobs:
  checksums:
    runs-on: cn
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Generate checksums
        run: |
          set -e
          git lfs install --local
          git remote set-url origin "https://ci:${{ secrets.CI_PASSWORD }}@${{ github.server_url }}/${{ github.repository }}"
          git config lfs.https://ci:${{ secrets.CI_PASSWORD }}@${{ github.server_url }}/${{ github.repository }}.git/info/lfs.locksverify true
          # disable credentials by actions/checkout for LFS endpoints
          AUTH=$(git config --local http.${{ github.server_url }}/.extraheader)
          git config --local --unset http.${{ github.server_url }}/.extraheader
          git config --local http.${{ github.server_url }}/${{ github.repository }}.git/info/lfs/objects/batch.extraheader "$AUTH"
          git lfs pull
          IFS=$'\n'
          for file in $(git ls-files | grep "^panel/" | grep -v ".sha256$" | grep -v ".txt$"); do
            filename=$(basename "$file");
            sha256sum -b "$file" | sed "s|$file|$filename|" > "${file}.sha256";
          done
          unset IFS
          git add -A
          git config --global user.name "CI"
          git config --global user.email "ci@haozi.net"
          git config --global user.password "${{ secrets.GITHUB_TOKEN }}"
          git commit -m "chore: update checksums" || true
          git push origin ${{ github.ref }}