---
version: '3'

vars:
  INSTALL_GROUP:
    sh: |
      if type apk &> /dev/null; then
        echo 'apk'
      elif type apt-get &> /dev/null; then
        echo 'apt-get'
      elif type dnf &> /dev/null; then
        echo 'dnf'
      elif type pacman &> /dev/null; then
        echo 'pacman'
      elif type yum &> /dev/null; then
        echo 'yum'
      elif [ '{{OS}}' == 'darwin' ]; then
        echo 'brew'
      fi
  REQUIREMENTS_TASKFILE: .config/taskfiles/install/Taskfile-requirements.yml

gpg:
  apt-get:
    - gnupg-agent
    - gnupg-curl
    - gnupg2
    - pcscd
    - scdaemon
  brew:
    - gnupg
    - pinentry-mac
  dnf:
    - gnupg2
    - pinentry-curses
  pacman:
    - gnupg
  yum:
    - gnupg2
    - pinentry-curses

yubikey:
  apt-get:
    - cryptsetup
    - dirmngr
    - gnupg2
    - gnupg-agent
    - hopenpgp-tools
    - libpcsclite-dev
    - libssl-dev
    - openssl
    - pcscd
    - python3-gnupg
    - python3-pip
    - python3-pyscard
    - rng-tools
    - scdaemon
    - secure-delete
    - swig
    - wget
    - yubikey-personalization
  brew:
    - gnupg
    - hopenpgp-tools
    - pinentry-mac
    - swig
    - wget
    - ykman
    - yubikey-personalization
  dnf:
    - gnupg2
    - gnupg2-smime
    - pcsc-lite
    - pcsc-lite-libs
    - pinentry-curses
  pacman:
    - ccid
    - gnupg
    - hopenpgp-tools
    - pcsclite
    - yubikey-personalization
  python:
    - PyOpenSSL
    - yubikey-manager
  yum:
    - gnupg2
    - gnupg2-smime
    - pcsc-lite
    - pcsc-lite-libs
    - pinentry-curses

tasks:
  gpg:
    cmds:
      - task: install
        vars:
          REQUIREMENTS_KEY: gpg

  install:
    deps:
      - install:deps:{{OS}}
    vars:
      INSTALL_GROUP: '{{if .REQUIREMENTS_GROUP}}{{.REQUIREMENTS_GROUP}}{{else}}{{.INSTALL_GROUP}}{{end}}'
      REQUIREMENTS_KEY: '{{if .CLI_ARGS}}{{.CLI_ARGS}}{{else}}{{.REQUIREMENTS_KEY}}{{end}}'
    cmds:
      - task: :{{if .REQUIREMENTS_GROUP_TASK}}{{.REQUIREMENTS_GROUP_TASK}}{{else}}install:software:system{{end}}
        vars:
          PACKAGE:
            sh: yq e '.["{{.REQUIREMENTS_KEY}}"]["{{.INSTALL_GROUP}}"]' {{.REQUIREMENTS_TASKFILE}} | sed 's/- / /' | tr -d '\n' | sed 's/^ //'

  install:deps:darwin:
    cmds:
      - task: :install:software:brew
      - task: :install:software:yq

  install:deps:linux:
    cmds:
      - task: :install:software:yq

  onlykey:
    summary: |
      # Preload OnlyKey Installer Files

      Windows
      OnlyKey_5.3.6.exe
      SHA256 - 22fc0b80d0b11fa5b0f9a566ae11edb8aee41e53905259e2a8a948c71e45e1fe

      MacOS
      OnlyKey.App.5.3.6.dmg
      SHA256 - 1f7756227af0752bf2d1071bf6f04e5a3282df54ac0125fdfb4abfab7edb115a

      Linux
      OnlyKey_5.3.6_amd64.deb
      SHA256 - d5e223581b459c869a2f2d4c84cd77f52b851dced5c87dea5f8d93ec1cecc7c4
      GPG Signature verify with debsig-verify
      A1D6 4A3B 496C B0F3 6E12 B46F 9A9F 520D 44EA 53D1
    cmds:
      - mkdir -p ~/Downloads
      - curl -sSL https://github.com/trustcrypto/OnlyKey-App/releases/download/v5.3.6/OnlyKey.App.5.3.6.dmg > ~/Downloads/OnlyKey.App.5.3.6.dmg
      - curl -sSL https://github.com/trustcrypto/OnlyKey-App/releases/download/v5.3.6/OnlyKey_5.3.6.exe > ~/Downloads/OnlyKey_5.3.6.exe
      - curl -sSL https://github.com/trustcrypto/OnlyKey-App/releases/download/v5.3.6/OnlyKey_5.3.6_amd64.deb > ~/Downloads/OnlyKey_5.3.6_amd64.deb
      - |
        if type apt &> /dev/null; then
          sudo apt install debsig-verify
        fi

  yubikey:
    cmds:
      - task: :install:software:yubikey-agent
      - task: install
        vars:
          REQUIREMENTS_KEY: yubikey
      - task: install
        vars:
          REQUIREMENTS_GROUP: python
          REQUIREMENTS_GROUP_TASK: install:python:pip
          REQUIREMENTS_KEY: yubikey