#!/usr/bin/env bash
set -o pipefail -o errexit -o nounset -x

readonly COSIGN="{{cosign_path}}"
readonly CRANE="{{crane_path}}"
readonly REPOSITORY_FILE="{{full_repo_ref_file}}"
readonly COSIGN_KEY="{{cosign_key}}"
readonly SKIP_CONFIRMATION="{{skip_confirmation}}"

REPOSITORY=$(tr -d '\n' < "$REPOSITORY_FILE")
KEY=$(tr -d '\n' < "$COSIGN_KEY")


"$COSIGN" sign "$REPOSITORY" "$SKIP_CONFIRMATION" --key="${KEY}"

REGISTRY=$(echo "$REPOSITORY" | cut -d '@' -f1)
CONTAINER_DIGEST=$(echo "$REPOSITORY" | cut -d ':' -f2 )
SIGNATURE_TAG="sha256-${CONTAINER_DIGEST}.sig"

SIGNATURE_DIGEST=$(${CRANE} digest "${REGISTRY}:${SIGNATURE_TAG}")
SIGNATURE_REPOSITORY="${REGISTRY}@${SIGNATURE_DIGEST}"

echo "$SIGNATURE_REPOSITORY"