---
- name: Deploy Gitea application
  hosts: gitea
  become: true
  vars:
    secret_name: "qvest-task-db-credentials"
    aws_region: "eu-central-1"

  tasks:
    - name: Create application directory
      ansible.builtin.file:
        path: /opt/gitea
        state: directory
        owner: ubuntu
        group: ubuntu
        mode: "0755"

    - name: Copy docker-compose.yml
      ansible.builtin.copy:
        src: ../docker/docker-compose.yml
        dest: /opt/gitea/docker-compose.yml
        owner: ubuntu
        group: ubuntu
        mode: "0644"

    - name: Fetch database credentials from Secrets Manager
      ansible.builtin.shell: |
        aws secretsmanager get-secret-value \
          --secret-id "{{ secret_name }}" \
          --region "{{ aws_region }}" \
          --query SecretString \
          --output text
      register: db_secret
      changed_when: false

    - name: Parse database credentials
      ansible.builtin.set_fact:
        db_creds: "{{ db_secret.stdout | from_json }}"

    - name: Create .env file
      ansible.builtin.copy:
        content: |
          DB_USER={{ db_creds.username }}
          DB_PASSWORD={{ db_creds.password }}
          DB_NAME={{ db_creds.database }}
        dest: /opt/gitea/.env
        owner: ubuntu
        group: ubuntu
        mode: "0600"

    - name: Start Docker Compose services
      community.docker.docker_compose_v2:
        project_src: /opt/gitea
        state: present
      become_user: ubuntu

    - name: Wait for Gitea to be ready
      ansible.builtin.uri:
        url: http://localhost:3000
        status_code: 200
      register: result
      until: result.status == 200
      retries: 30
      delay: 10