#!/bin/bash

# Variables
GITHUB_ORG=reddrummer
GITHUB_TOKEN=$DRUMWAVE_GITHUB_TOKEN

# Set GitHub CLI authentication
export GH_TOKEN=$GITHUB_TOKEN

# Check if `gh` CLI is installed
if ! command -v gh &> /dev/null; then
    echo "GitHub CLI (gh) is not installed. Please install it and try again."
    exit 1
fi

# Function to fetch all repositories with pagination
fetch_repositories() {
    local org="$1"
    local page=1
    local per_page=30
    local repos=()

    while :; do
        # echo "Fetching repositories (page $page)..."
        page_repos=$(gh api -H "Authorization: token $GITHUB_TOKEN" \
            "/orgs/$org/repos?per_page=$per_page&page=$page" \
            --jq '.[].name')

        if [[ -z "$page_repos" ]]; then
            break
        fi

        repos+=($page_repos)
        page=$((page + 1))
    done

    echo "${repos[@]}"
}

# Fetch all repositories
repos=$(fetch_repositories "$GITHUB_ORG")

# repos="ddv-profiler"

# Loop through each repository
for repo in $repos; do
    echo "Checking actions in repository: $repo"
    
    # Get workflows for the repository
    workflows=$(gh api -H "Authorization: token $GITHUB_TOKEN" \
        "/repos/$GITHUB_ORG/$repo/actions/workflows" \
        --jq '.workflows[] | {id, name, path}')
    
    # Loop through each workflow
    echo "$workflows" | jq -c '.' | while read -r workflow; do
        workflow_id=$(echo "$workflow" | jq -r '.id')
        workflow_name=$(echo "$workflow" | jq -r '.name')
        workflow_path=$(echo "$workflow" | jq -r '.path')

        echo "Checking workflow: $workflow_name ($workflow_path)"

        # Get the YAML content of the workflow
        workflow_meta=$(gh api -H "Authorization: token $GITHUB_TOKEN" \
            "/repos/$GITHUB_ORG/$repo/actions/workflows/$workflow_id" \
            --jq '. | @base64' | base64 --decode )
	html_url=$(echo "$workflow_meta" | jq -r '.html_url')
	raw_url=$(echo "$html_url" | sed -e 's|github.com|raw.githubusercontent.com|' -e 's|/blob/|/|')
	workflow_content=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$raw_url")
	
        # Check if the workflow uses upload-artifact v3 or download-artifact v3
        if echo "$workflow_content" | fgrep  "actions/upload-artifact@v3"; then
            echo "XXX Repo: $repo, Workflow: $workflow_name uses upload-artifact@v3"
        fi
        if echo "$workflow_content" | fgrep  "actions/download-artifact@v3"; then
            echo "XXX Repo: $repo, Workflow: $workflow_name uses download-artifact@v3"
        fi
    done
done