---
- name: Sync Code from Git Repository to Application Container
  hosts: production
  gather_facts: yes
  become: no

  vars:
    # git_repository_url and git_branch are defined in group_vars/production.yml
    # Can be overridden via -e flag if needed
    git_repository_url: "{{ git_repo_url | default(git_repository_url_default) }}"
    git_branch: "{{ git_branch | default(git_branch_default) }}"

  pre_tasks:
    - name: Optionally load secrets from vault
      include_vars:
        file: "{{ playbook_dir }}/../secrets/production.vault.yml"
      no_log: yes
      ignore_errors: yes
      delegate_to: localhost
      become: no

  tasks:
    - name: Verify application stack directory exists
      stat:
        path: "{{ app_stack_path }}"
      register: app_stack_dir

    - name: Fail if application stack directory doesn't exist
      fail:
        msg: "Application stack directory not found at {{ app_stack_path }}"
      when: not app_stack_dir.stat.exists

    - name: Check if docker-compose.yml exists
      stat:
        path: "{{ app_stack_path }}/docker-compose.yml"
      register: compose_file_exists

    - name: Fail if docker-compose.yml doesn't exist
      fail:
        msg: "docker-compose.yml not found. Run setup-infrastructure.yml first."
      when: not compose_file_exists.stat.exists

    - name: Read current .env file
      slurp:
        src: "{{ app_stack_path }}/.env"
      register: env_file_content
      failed_when: false
      changed_when: false

    - name: Check if Git configuration exists in .env
      set_fact:
        has_git_config: "{{ env_file_content.content | b64decode | regex_search('GIT_REPOSITORY_URL=') is not none }}"
      when: env_file_content.content is defined

    - name: Update .env with Git configuration
      lineinfile:
        path: "{{ app_stack_path }}/.env"
        regexp: "{{ item.regex }}"
        line: "{{ item.line }}"
        state: present
      loop:
        - { regex: '^GIT_REPOSITORY_URL=', line: 'GIT_REPOSITORY_URL={{ git_repository_url }}' }
        - { regex: '^GIT_BRANCH=', line: 'GIT_BRANCH={{ git_branch }}' }
        - { regex: '^GIT_TOKEN=', line: 'GIT_TOKEN={{ git_token | default("") }}' }
        - { regex: '^GIT_USERNAME=', line: 'GIT_USERNAME={{ git_username | default("") }}' }
        - { regex: '^GIT_PASSWORD=', line: 'GIT_PASSWORD={{ git_password | default("") }}' }
      when: not has_git_config | default(true)

    - name: Restart application container to trigger Git pull
      shell: |
        cd {{ app_stack_path }}
        docker compose restart app
      args:
        executable: /bin/bash
      register: container_restart

    - name: Wait for container to be ready
      wait_for:
        timeout: 60
      when: container_restart.changed

    - name: Check container logs for Git operations
      shell: |
        cd {{ app_stack_path }}
        docker compose logs app --tail 50 | grep -E "(Git|Clone|Pull|✅|❌)" || echo "No Git-related logs found"
      args:
        executable: /bin/bash
      register: git_logs
      changed_when: false

    - name: Display Git sync result
      debug:
        msg:
          - "=== Code Sync Summary ==="
          - "Repository: {{ git_repository_url }}"
          - "Branch: {{ git_branch }}"
          - "Container restarted: {{ 'Yes' if container_restart.changed else 'No' }}"
          - ""
          - "Git Logs:"
          - "{{ git_logs.stdout }}"
          - ""
          - "Next: Check application logs to verify code was synced"