#!/usr/bin/env bash
# Publish chain138-open-snap to the public npm registry (open-permission MetaMask Snap).
#
# Authentication (first that applies):
#   1) NPM_ACCESS_TOKEN or NPM_TOKEN (e.g. in metamask-integration/chain138-snap/.env,
#      auto-sourced by this script). Use a Granular token with permission to publish
#      this package and enable "Bypass two-factor authentication (2FA)" so publish does
#      not require an authenticator code (see npm token settings).
#   2) Otherwise: existing npm login — npm whoami must succeed.
#
# If npm returns EOTP, either recreate the token with 2FA bypass for publish, or pass
# a one-time code through to npm publish, e.g.:
#   ./scripts/deployment/publish-chain138-open-snap.sh --otp=123456
#
# Canonical source repo: https://github.com/Defi-Oracle-Tooling/chain138-snap-minimal
# Usage: from repo root: ./scripts/deployment/publish-chain138-open-snap.sh [--dry-run] [npm publish args...]
set -euo pipefail

ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
DIR="$ROOT/metamask-integration/chain138-snap-minimal"
CHAIN138_ENV="$ROOT/metamask-integration/chain138-snap/.env"

if [[ ! -f "$DIR/package.json" ]]; then
  echo "error: missing $DIR/package.json" >&2
  exit 1
fi

# Optional: load npm token from sibling chain138-snap .env (gitignored; do not commit tokens).
if [[ -f "$CHAIN138_ENV" ]]; then
  _had_u=0
  [[ -o nounset ]] && _had_u=1
  set +u
  set -a
  # shellcheck disable=SC1090
  source "$CHAIN138_ENV"
  set +a
  if [[ "$_had_u" -eq 1 ]]; then
    set -u
  else
    set +u
  fi
fi

AUTH_TOKEN="${NPM_ACCESS_TOKEN:-${NPM_TOKEN:-}}"

cd "$DIR"

# Quiet the common nvm + npm warning: ~/.npmrc `prefix` vs nvm-managed Node.
unset npm_config_prefix 2>/dev/null || true
if [[ -n "${NVM_DIR:-}" && -f "${NVM_DIR}/nvm.sh" ]]; then
  # shellcheck disable=SC1090
  source "${NVM_DIR}/nvm.sh" 2>/dev/null || true
  _nvm_cur="$(nvm current 2>/dev/null || true)"
  if [[ -n "${_nvm_cur}" && "${_nvm_cur}" != "system" && "${_nvm_cur}" != "none" ]]; then
    nvm use --delete-prefix "${_nvm_cur}" --silent 2>/dev/null || true
  fi
  unset _nvm_cur
fi

cleanup() {
  [[ -n "${NPMRC_TMP:-}" && -f "${NPMRC_TMP:-}" ]] && rm -f "$NPMRC_TMP"
}
trap cleanup EXIT

if [[ -n "$AUTH_TOKEN" ]]; then
  echo "Publishing chain138-open-snap from $DIR using registry token from env (prepack runs npm run build)..."
  NPMRC_TMP="$(mktemp)"
  printf '//registry.npmjs.org/:_authToken=%s\n' "$AUTH_TOKEN" >"$NPMRC_TMP"
  npm publish --userconfig "$NPMRC_TMP" "$@"
else
  if ! npm whoami >/dev/null 2>&1; then
    echo "error: not authenticated. Set NPM_ACCESS_TOKEN (see metamask-integration/chain138-snap/.env.example) or run: npm login" >&2
    exit 1
  fi
  echo "Publishing chain138-open-snap from $DIR (logged-in npm user; prepack runs npm run build)..."
  npm publish "$@"
fi