stages:
  - lint
  - test
  - deploy
  - notify

services:
  - name: docker:dind
    command: ["--tls=false"]

variables:
  DOCKER_IMAGE: "hub.cism-ms.ru/ansible/ansible:latest"
  DOCKER_TLS_CERTDIR: ""
  ANSIBLE_FORCE_COLOR: "true"

before_script:
  - echo "$CI_REGISTRY_PASSWORD" | docker login hub.cism-ms.ru -u "$CI_REGISTRY_USER" --password-stdin
  - docker pull $DOCKER_IMAGE
  - echo "Fixing directory permissions..."
  - chmod o-w $CI_PROJECT_DIR

lint:
  stage: lint
  script:
    - echo "Начинаем стейдж Lint"
    - echo "Распаковываем секреты..."
    - ansible-vault decrypt vars/secrets.yml --vault-password-file ./vault-password.txt
    - echo "Запускаем ansible-lint..."
    - ansible-lint roles/*
    - echo "Упаковываем секреты..."
    - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
  allow_failure: false
  rules:
    - if: $CI_COMMIT_REF_NAME != "main" && $CI_COMMIT_REF_NAME != "master"

test:
  stage: test
  script:
    - echo "Распаковываем секреты..."
    - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
    - echo "Запускаем тесты через Молекулу..."
    - molecule test --parallel
    - echo "Упаковываем секреты..."
    - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
  allow_failure: false
  rules:
    - if: $CI_COMMIT_REF_NAME != "main" && $CI_COMMIT_REF_NAME != "master"

deploy:
  stage: deploy
  script:
    - echo "Распаковываем секреты..."
    - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
    - echo "Все ок. Деплоим в прод..."
    - ansible-playbook roles/deploy.yaml
    - echo "Упаковываем секреты..."
    - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
  rules:
    - if: $CI_COMMIT_REF_NAME != "main" && $CI_COMMIT_REF_NAME != "master"
  when: manual

notify:
  stage: notify
  script:
    - |
      if [ "$CI_JOB_STATUS" == "success" ]; then
        MESSAGE="✅ Пайплайн успешно завершен!%0AПроект: $CI_PROJECT_NAME%0AВетка: $CI_COMMIT_REF_NAME%0AСтатус: $CI_JOB_STATUS"
      else
        MESSAGE="❌ Пайплайн завершен с ошибкой!%0AПроект: $CI_PROJECT_NAME%0AВетка: $CI_COMMIT_REF_NAME%0AСтатус: $CI_JOB_STATUS"
      fi
#      curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \
#        -d "chat_id=$TELEGRAM_CHAT_ID" \
#        -d "text=$MESSAGE"
  rules:
    - if: $CI_JOB_STATUS  # Отправлять уведомление только после завершения пайплайна

after_script:
  - echo "Работа пайплайна завершена"