#!/usr/bin/env bash
# Build single-file PyInstaller binary (see applepy.spec). Requires: pip install -e ".[bundle]"
# By default fetches NIST macos_security + Lynis into applepy/data/ (git + network). Offline:
#   SKIP_VENDOR_COMPLIANCE=1 ./scripts/build_bundle.sh
set -euo pipefail
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
cd "$ROOT"
if [[ -f .venv/bin/activate ]]; then
  # shellcheck source=/dev/null
  source .venv/bin/activate
fi
if [[ "${SKIP_VENDOR_COMPLIANCE:-0}" != "1" ]]; then
  "${ROOT}/scripts/vendor_compliance_assets.sh" all
else
  echo "SKIP_VENDOR_COMPLIANCE=1: skipping scripts/vendor_compliance_assets.sh"
fi
python -m pip install -q -e ".[bundle]"
DIST_OUT="${ROOT}/dist/applepy"
if [[ -e "${DIST_OUT}" ]]; then
  echo "Removing previous binary: ${DIST_OUT}"
  rm -rf "${DIST_OUT}"
fi
python -m PyInstaller --noconfirm --clean "${ROOT}/applepy.spec"
echo "Output: ${ROOT}/dist/applepy  →  run: dist/applepy --help"