#!/bin/bash
# Generate SBOM for Docker image
# Builds the image and generates SBOM in multiple formats

set -e

IMAGE_NAME="${1:-hastebin:test}"

echo "🐳 Building Docker image: $IMAGE_NAME"
docker build -t "$IMAGE_NAME" --no-cache .

echo ""
echo "🔍 Generating SBOM for Docker image..."

# Check if syft is installed
if ! command -v syft &> /dev/null; then
    echo "Syft not found. Attempting to install to ./bin..."
    mkdir -p ./bin
    curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b ./bin
    export PATH="./bin:$PATH"
    
    # Verify installation
    if ! command -v syft &> /dev/null; then
        echo "❌ Failed to install syft automatically."
        echo "Please install manually:"
        echo "  brew install syft"
        echo "  or visit: https://github.com/anchore/syft#installation"
        exit 1
    fi
fi

# Show version
syft version

# Generate SBOM in table format
echo ""
echo "📋 Generating SBOM table..."
syft docker:"$IMAGE_NAME" -o table | tee sbom-image.txt

# Generate SBOM in SPDX JSON format
echo ""
echo "📦 Generating SBOM in SPDX JSON format..."
syft docker:"$IMAGE_NAME" -o spdx-json > sbom-image.spdx.json

# Generate SBOM in CycloneDX JSON format
echo ""
echo "🌀 Generating SBOM in CycloneDX JSON format..."
syft docker:"$IMAGE_NAME" -o cyclonedx-json > sbom-image.cyclonedx.json

echo ""
echo "✅ Image SBOM generated successfully!"
echo ""
echo "Generated files:"
ls -lh sbom-image.* | cat