---
## Prepare woodpecker ci
- name: "Select tasks for {{ ansible_distribution }} {{ ansible_distribution_major_version }}"
  include_tasks: "{{ distribution }}"
  with_first_found:
    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
    - "{{ ansible_distribution }}.yml"
    - "{{ ansible_os_family }}.yml"
  loop_control:
    loop_var: distribution
  when: forgejo_use_ci == True

# TODO only generate when no existing (check with docker inspect?)
- name: Generate agent key
  ansible.builtin.shell: openssl rand -hex 32
  register: forgejo_woodpecker_agent_secret
  when: forgejo_use_ci == True

- name: Set agent key
  ansible.builtin.set_fact:
    forgejo_woodpecker_agent_secret: "{{ forgejo_woodpecker_agent_secret.stdout }}"
  when: forgejo_woodpecker_agent_secret.stdout is not undefined and not None

## Prepare forgejo
- name: Ensure git user exists with ssh key
  ansible.builtin.user:
    name: "{{ forgejo_git_username }}"
    generate_ssh_key: yes
    ssh_key_type: rsa
    ssh_key_bits: 4096
    ssh_key_comment: "Forgejo Host Key"
  become: true
  register: git_user

- name: Ensure git passthrough command directory exists
  ansible.builtin.file:
    path: "/app/forgejo/"
    state: directory
    mode: "0770"
    owner: "{{ git_user['uid'] }}"
    group: "{{ git_user['group'] }}"
  become: true

- name: Passthrough git command is in right location
  ansible.builtin.copy:
    src: forgejo
    dest: "/app/forgejo/forgejo"
    owner: "{{ git_user['uid'] }}"
    group: "{{ git_user['group'] }}"
    mode: "0750"
  become: true

- name: Host machine forgejo command points to passthrough command
  ansible.builtin.file:
    state: link
    src: "/app/forgejo/forgejo"
    dest: "/usr/local/bin/forgejo"
  become: true

- name: Fetch keyfile
  fetch:
    src: "{{ git_user['home'] }}/.ssh/id_rsa.pub"
    dest: "buffer/{{ansible_hostname}}-id_rsa.pub"
    flat: yes
  become: true

- name: Ensure git user has its own key authorized for access
  ansible.posix.authorized_key:
    user: "{{ git_user['name'] }}"
    state: present
    key: "{{ lookup('file', 'buffer/{{ ansible_hostname }}-id_rsa.pub') }}"
  become: true

- name: Clean up buffer dir
  ansible.builtin.file:
    path: buffer
    state: absent
  delegate_to: localhost

## install forgejo container
- name: Check upstream status
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
      curl localhost:2019/id/{{ stack_name }}_upstream/
  register: result
  changed_when: (result.stdout | from_json) != (lookup('template', 'upstream.json.j2') | from_yaml)
  become: true
  notify: "update forgejo upstream"

- name: Deploy forgejo to swarm
  community.general.docker_stack:
    name: "{{ stack_name }}"
    state: present
    prune: yes
    compose:
      - "{{ stack_compose }}"
  become: true
  tags:
    - docker-swarm
  register: forgejo_deployment
  notify: "update forgejo upstream"

- name: Wait a minute for forgejo to become healthy
  wait_for:
    timeout: 55
  delegate_to: localhost
  when: forgejo_deployment is changed

- name: Get app container info
  ansible.builtin.command:
    cmd: docker ps -q -f name={{ stack_name }}_app
  become: true
  until: forgejo_app_container_name['rc'] | default('') == 0 and forgejo_app_container_name['stdout'] | length >= 1
  retries: 10
  delay: 10
  changed_when: False
  register: forgejo_app_container_name

- name: Look for existing admin user
  community.docker.docker_container_exec:
    container: "{{ forgejo_app_container_name['stdout'] }}"
    user: git
    command: >
      forgejo admin user list --admin
  until: forgejo_admin_list is defined and forgejo_admin_list['rc'] | default('') == 0
  retries: 15
  delay: 20
  become: true
  register: forgejo_admin_list
  changed_when: forgejo_admin_list['stdout_lines'] | length <= 1 and 'Username' in forgejo_admin_list['stdout']
  notify: "no admin user"