export MAKEFLAGS :=

all:
	@echo 'no default action, available actions:'
	@for n in check-git-history setup-git-hooks empty-out-secrets; do echo "  - $$n"; done
	@echo
	@exit 1

check-git-history:
	f() { \
		local result=0; \
		local ret; \
		for h in $$(git log --format=%h | tac); do \
			git verify-commit --raw $$h 2>&1 | grep -qP '^\[GNUPG:\] VALIDSIG (\S+ )+9C561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A$$'; \
			ret=$$?; \
			if [ $$ret -ne 0 ]; then \
				echo "[!] found unsigned commit: $$h"; \
				result=1; \
			fi; \
		done; \
		exit $$result; \
	}; f

setup-git-hooks:
	echo -e '#!/usr/bin/env sh\nmake check-git-history && exec nix flake check' >.git/hooks/pre-commit
	chmod +x .git/hooks/pre-commit

empty-out-secrets:
	for f in $$(find secrets -type f -name '*.nix'); do echo '{ }' > $$f; done