#!/bin/sh -e

if [ -f "$__object/parameter/no-updates" ]; then
    # User requested explicitly not to have updates
    exit
fi

destination="/$__object_id"

state_should="$(cat "$__object/parameter/state")"
branch_should="$(cat "$__object/parameter/branch")"
owner="$(cat "$__object/parameter/owner")"

# If the user did not provide an owner, cdist defaults to root.
git_user="${owner:-root}"

# Only do something if we are not removing the repo and it is not the first run
if [ "$state_should" = "present" ] && [ -d "$destination/.git" ]; then
    # First fetch the remote
    # Whenever possible run git as non-root, see history of CVEs.
    su -m "$git_user" -c "git -C '$destination' fetch --quiet"
    head="$(su -m "$git_user" -c "git -C '$destination' rev-parse HEAD")"
    # Try first to get the latest commit in the remote current branch,
    # if it fails try to get the commit for the expected tag name
    upstream="$(su -m "$git_user" -c "git -C '$destination' rev-parse '@{u}'" 2>/dev/null ||
        su -m "$git_user" -c "git -C '$destination' rev-parse '${branch_should}^{}'")"
    if [ "${head}" != "$upstream" ]; then
        echo "YES"
    fi
fi