---
# Setup Gitea Repository

- name: Set repository variables from parameters
  ansible.builtin.set_fact:
    repo_name: "{{ gitea_repo_name | default('michaelschiemer') }}"
    repo_owner: "{{ gitea_repo_owner | default('michael') }}"
    repo_private: "{{ gitea_repo_private | default(false) | bool }}"
    repo_description: "{{ gitea_repo_description | default('Main application repository') }}"
    repo_auto_init: "{{ gitea_repo_auto_init | default(false) | bool }}"
    configure_git_remote: "{{ gitea_configure_git_remote | default(true) | bool }}"
    git_repo_path: "{{ gitea_git_repo_path | default('/home/michael/dev/michaelschiemer') }}"

- name: Verify Gitea is accessible
  ansible.builtin.uri:
    url: "{{ gitea_url }}"
    method: GET
    status_code: [200, 302, 502]
    validate_certs: false
    timeout: "{{ gitea_health_check_timeout | default(10) }}"
  register: gitea_health
  failed_when: false

- name: Debug Gitea health status
  ansible.builtin.debug:
    msg: "Gitea health check returned status: {{ gitea_health.status }}"
  when: gitea_show_status | default(true) | bool

- name: Fail if Gitea is not accessible
  ansible.builtin.fail:
    msg: "Gitea is not accessible at {{ gitea_url }}. Status: {{ gitea_health.status }}. Please check if Gitea is running."
  when: gitea_health.status not in [200, 302, 502]

- name: Check if API token exists in vault
  ansible.builtin.set_fact:
    has_vault_token: "{{ vault_git_token is defined and vault_git_token | length > 0 }}"
  no_log: true

- name: Get or create Gitea API token
  ansible.builtin.uri:
    url: "{{ gitea_url }}/api/v1/users/{{ gitea_admin_username }}/tokens"
    method: POST
    user: "{{ gitea_admin_username }}"
    password: "{{ gitea_admin_password }}"
    body_format: json
    body:
      name: "ansible-repo-setup-{{ ansible_date_time.epoch }}"
      scopes:
        - write:repository
        - read:repository
        - admin:repo
    status_code: [201, 400, 401, 502]
    validate_certs: false
    force_basic_auth: yes
  register: api_token_result
  failed_when: false
  when: not has_vault_token
  no_log: true

- name: Extract API token from response
  ansible.builtin.set_fact:
    gitea_api_token: "{{ api_token_result.json.sha1 | default('') }}"
  when: 
    - not has_vault_token
    - api_token_result.status == 201
    - api_token_result.json.sha1 is defined
  no_log: true

- name: Use existing API token from vault
  ansible.builtin.set_fact:
    gitea_api_token: "{{ vault_git_token }}"
  when: has_vault_token
  no_log: true

- name: Set flag to use basic auth if token creation failed
  ansible.builtin.set_fact:
    use_basic_auth: "{{ gitea_api_token | default('') | length == 0 }}"
  no_log: true

- name: Fail if no authentication method available
  ansible.builtin.fail:
    msg: "Could not create or retrieve Gitea API token, and admin credentials are not available. Please create a token manually or set vault_git_token in vault."
  when: 
    - use_basic_auth | bool
    - gitea_admin_password | default('') | length == 0

- name: Initialize repo_check variable
  ansible.builtin.set_fact:
    repo_check: {"status": 0}
  when: repo_check is not defined

- name: Check if repository already exists (with token)
  ansible.builtin.uri:
    url: "{{ gitea_url }}/api/v1/repos/{{ repo_owner }}/{{ repo_name }}"
    method: GET
    headers:
      Authorization: "token {{ gitea_api_token }}"
    status_code: [200, 404, 502]
    validate_certs: false
    timeout: "{{ gitea_health_check_timeout | default(10) }}"
  register: repo_check_token
  when: not use_basic_auth
  failed_when: false

- name: Set repo_check from token result
  ansible.builtin.set_fact:
    repo_check: "{{ repo_check_token }}"
  when: 
    - not use_basic_auth
    - repo_check_token is defined

- name: Check if repository already exists (with basic auth)
  ansible.builtin.uri:
    url: "{{ gitea_url }}/api/v1/repos/{{ repo_owner }}/{{ repo_name }}"
    method: GET
    user: "{{ gitea_admin_username }}"
    password: "{{ gitea_admin_password }}"
    status_code: [200, 404, 502]
    validate_certs: false
    force_basic_auth: yes
    timeout: "{{ gitea_health_check_timeout | default(10) }}"
  register: repo_check_basic
  when: use_basic_auth
  failed_when: false
  no_log: true

- name: Set repo_check from basic auth result
  ansible.builtin.set_fact:
    repo_check: "{{ repo_check_basic }}"
  when: 
    - use_basic_auth
    - repo_check_basic is defined

- name: Debug repo_check status
  ansible.builtin.debug:
    msg: "Repository check - Status: {{ repo_check.status | default('undefined') }}, use_basic_auth: {{ use_basic_auth | default('undefined') }}"
  when: gitea_show_status | default(true) | bool

- name: Create repository in Gitea (with token)
  ansible.builtin.uri:
    url: "{{ gitea_url }}/api/v1/user/repos"
    method: POST
    headers:
      Authorization: "token {{ gitea_api_token }}"
      Content-Type: "application/json"
    body_format: json
    body:
      name: "{{ repo_name }}"
      description: "{{ repo_description }}"
      private: "{{ repo_private }}"
      auto_init: "{{ repo_auto_init }}"
    status_code: [201, 409, 502]
    validate_certs: false
    timeout: "{{ gitea_health_check_timeout | default(10) }}"
  register: repo_create_result
  when: 
    - (repo_check.status | default(0)) in [404, 502, 0] or (gitea_force_create_repo | default(false) | bool)
    - not use_basic_auth
  failed_when: false

- name: Create repository in Gitea (with basic auth)
  ansible.builtin.uri:
    url: "{{ gitea_url }}/api/v1/user/repos"
    method: POST
    user: "{{ gitea_admin_username }}"
    password: "{{ gitea_admin_password }}"
    body_format: json
    body:
      name: "{{ repo_name }}"
      description: "{{ repo_description }}"
      private: "{{ repo_private }}"
      auto_init: "{{ repo_auto_init }}"
    status_code: [201, 409]
    validate_certs: false
    force_basic_auth: yes
    timeout: "{{ gitea_health_check_timeout | default(10) }}"
  register: repo_create_result
  when: 
    - ((repo_check.status | default(0)) != 200) or (gitea_force_create_repo | default(false) | bool)
    - use_basic_auth
  no_log: true

- name: Debug repository creation result
  ansible.builtin.debug:
    msg: "Repository creation - Status: {{ repo_create_result.status | default('undefined') }}, Response: {{ repo_create_result.json | default('no json') }}"
  when:
    - repo_create_result is defined
    - gitea_show_status | default(true) | bool
  failed_when: false

- name: Display repository creation result
  ansible.builtin.debug:
    msg: "Repository {{ repo_owner }}/{{ repo_name }} already exists or was created successfully"
  when: repo_check.status | default(0) == 200 or (repo_create_result is defined and repo_create_result.status | default(0) == 201)

- name: Get repository clone URL
  ansible.builtin.set_fact:
    repo_clone_url: "{{ gitea_url | replace('https://', '') | replace('http://', '') }}/{{ repo_owner }}/{{ repo_name }}.git"
    repo_https_url: "https://{{ gitea_admin_username }}:{{ gitea_api_token }}@{{ gitea_url | replace('https://', '') | replace('http://', '') }}/{{ repo_owner }}/{{ repo_name }}.git"

- name: Check if Git repository exists locally
  ansible.builtin.stat:
    path: "{{ git_repo_path }}/.git"
  register: git_repo_exists
  when: configure_git_remote | bool
  delegate_to: localhost
  run_once: true

- name: Configure Git remote (local)
  ansible.builtin.command: >
    git remote set-url origin {{ repo_clone_url }}
  args:
    chdir: "{{ git_repo_path }}"
  register: git_remote_result
  when: 
    - configure_git_remote | bool
    - git_repo_path is defined
    - git_repo_exists.stat.exists
  delegate_to: localhost
  run_once: true
  changed_when: git_remote_result.rc == 0
  failed_when: false

- name: Add Git remote if it doesn't exist
  ansible.builtin.command: >
    git remote add origin {{ repo_clone_url }}
  args:
    chdir: "{{ git_repo_path }}"
  register: git_remote_add_result
  when: 
    - configure_git_remote | bool
    - git_repo_path is defined
    - git_repo_exists.stat.exists
    - git_remote_result.rc != 0
  delegate_to: localhost
  run_once: true
  changed_when: git_remote_add_result.rc == 0
  failed_when: false

- name: Display success message
  ansible.builtin.debug:
    msg:
      - "========================================"
      - "✅ Repository created successfully!"
      - "========================================"
      - "Repository URL: {{ gitea_url }}/{{ repo_owner }}/{{ repo_name }}"
      - "Clone URL: {{ repo_clone_url }}"
      - ""
      - "Next steps:"
      - "1. Push your code: git push -u origin staging"
      - "2. Monitor pipeline: {{ gitea_url }}/{{ repo_owner }}/{{ repo_name }}/actions"
      - ""
      - "Note: If you need to push, you may need to authenticate with:"
      - "   Username: {{ gitea_admin_username }}"
      - "   Password: (use vault_gitea_admin_password or create a Personal Access Token)"
      - "========================================"
  when: gitea_show_status | default(true) | bool