name: Update allows list

on:
  push:
    paths:
    - allows.txt
    branches:
    - main
  workflow_dispatch:

jobs:
  update-allows-list:
    if: github.repository == 'DaoCloud/public-image-mirror'
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
    - name: Start Proxy
      run: |
        wget https://github.com/wzshiming/bridge/releases/download/v0.9.0/bridge_linux_amd64 -O /usr/local/bin/bridge && chmod +x /usr/local/bin/bridge
        nohup /usr/local/bin/bridge -b :8080 -p - ${{ secrets.PROTOCOL }} 2>/dev/null &
    - name: Check Proxy
      run: |
        curl -v http://127.0.0.1:8080 || exit 1
        curl -f --proxy socks5h://127.0.0.1:8080 -v http://m.daocloud.io/v2/ || exit 1
    
    - name: Update list
      run: |
        curl -v -f --proxy socks5h://127.0.0.1:8080 -X PUT http://crmirror:8080/internal/api/allows -T ./allows.txt

    - name: Update list (new)
      run: |
        LIST="$(cat ./allows.txt | jq -R -s -c '{"items": split("\n")[:-1], "block_message": "🚫 👀-> https://github.com/DaoCloud/public-image-mirror/issues/2328 🔗 这镜像不在白名单. this image is not in the allowlist."}')"
        TOKEN="$(curl -X 'POST' \
          'https://auth.m.daocloud.io/apis/v1/users/login' \
          -H 'Accept: application/json' \
          -H 'Content-Type: application/json' \
          -d ${{ secrets.USER_LOGIN_DATA }} | jq -r .token)"
        curl -f -X 'PUT' \
          'https://auth.m.daocloud.io/apis/v1/registries/allow_images' \
          -H 'Accept: application/json' \
          -H "Authorization: Bearer ${TOKEN}" \
          -H 'Content-Type: application/json' \
          -d "${LIST}"