---
# =============================================================================
# Deploy Tasks - Pull Images and Restart Services
# =============================================================================
#
# Performs the actual deployment:
#   1. Pull the new Docker images
#   2. Restart services with --wait flag (waits for healthchecks)
#   3. Verify the deployment
#
# This task relies on healthchecks defined in docker-compose.yml:
#   - PostgreSQL: pg_isready checks database is accepting connections
#   - Gitea: curl to /api/healthz checks web server is responding
#
# The --wait flag makes docker compose block until all services are healthy.
# This is cleaner than manually polling with Ansible loops.
#
# Database migrations happen AUTOMATICALLY when Gitea starts with a new
# version. The start_period in Gitea's healthcheck allows time for this.
#
# Reference: https://docs.gitea.com/installation/upgrade-from-gitea
# =============================================================================

# -----------------------------------------------------------------------------
# Pull New Docker Images
# -----------------------------------------------------------------------------
# Pull images before stopping services to minimize downtime.
# This downloads the new image layers while the old containers still run.

- name: Pull new Docker images
  ansible.builtin.command:
    cmd: "docker compose -f {{ gitea_install_dir }}/docker-compose.yml pull"
  register: gitea_docker_pull
  changed_when: "'Pulled' in gitea_docker_pull.stdout or 'Downloaded' in gitea_docker_pull.stdout"

- name: Display image pull results
  ansible.builtin.debug:
    msg: "{{ gitea_docker_pull.stdout_lines | default(['Images already up to date']) }}"

# -----------------------------------------------------------------------------
# Restart Services with Healthcheck Wait
# -----------------------------------------------------------------------------
# docker compose up -d --wait:
#   -d        : Detached mode (run in background)
#   --wait    : Block until all services are healthy (based on healthcheck)
#
# This single command:
#   1. Stops old containers if config changed
#   2. Creates new containers with new images
#   3. Waits for healthchecks to pass
#
# Timeout is set high (5 minutes) to allow for:
#   - Database startup
#   - Gitea migrations (can take time on version upgrades)
#   - ACME certificate issuance (30-60 seconds for new domain)

- name: Restart services and wait for healthy
  ansible.builtin.command:
    cmd: "docker compose -f {{ gitea_install_dir }}/docker-compose.yml up -d --wait"
    chdir: "{{ gitea_install_dir }}"
  register: gitea_compose_up
  changed_when: true
  # 5 minute timeout for migrations + ACME certificate
  timeout: 300

- name: Display compose output
  ansible.builtin.debug:
    msg: "{{ gitea_compose_up.stdout_lines | default(['Services started']) }}"

# -----------------------------------------------------------------------------
# Verify Deployment
# -----------------------------------------------------------------------------
# Additional verification beyond healthchecks.

# Check container health status
# check_mode: false - read-only, shows current state during dry run
- name: Verify container health status
  ansible.builtin.command:
    cmd: "docker compose -f {{ gitea_install_dir }}/docker-compose.yml ps --format json"
  register: gitea_compose_status
  changed_when: false
  check_mode: false

- name: Display container status
  ansible.builtin.debug:
    msg: "Container status: {{ gitea_compose_status.stdout }}"

# Check Gitea logs for migration activity
# check_mode: false - read-only, shows current logs during dry run
- name: Check Gitea logs for errors or migrations
  ansible.builtin.command:
    cmd: "docker logs --tail 30 {{ gitea_container_name }}"
  register: gitea_logs
  changed_when: false
  check_mode: false

- name: Display recent Gitea logs
  ansible.builtin.debug:
    msg: "{{ gitea_logs.stdout_lines[-10:] | default(['No logs available']) }}"

# -----------------------------------------------------------------------------
# Final Summary
# -----------------------------------------------------------------------------

- name: Deployment summary
  ansible.builtin.debug:
    msg: |
      ============================================
      DEPLOYMENT COMPLETE
      ============================================
      Domain:     https://{{ gitea_domain }}/
      SSH:        ssh://git@{{ gitea_domain }}:{{ gitea_ssh_external_port }}/
      Gitea:      {{ gitea_version }}
      PostgreSQL: {{ gitea_postgres_version }}

      Healthchecks passed - services are running.

      Verify manually:
        1. Login at https://{{ gitea_domain }}/
        2. Clone a repo via HTTPS and SSH
        3. Check Settings > Admin for version info

      If act-runner was configured, update its config:
        vault_gitea_instance_url: https://{{ gitea_domain }}
        vault_gitea_registry: {{ gitea_domain }}
      ============================================