name: Ansible Minecraft CI/CD

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  lint:
    runs-on: ubuntu-latest
    name: Ansible Lint
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        
      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
          
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install ansible ansible-lint yamllint
          
      - name: Lint YAML files
        run: |
          yamllint .
        continue-on-error: true

      - name: Lint Ansible playbooks
        run: |
          ansible-lint site.yml roles/
        continue-on-error: true
          
  syntax-check:
    runs-on: ubuntu-latest
    name: Syntax Check
    needs: lint
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        
      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
          
      - name: Install Ansible
        run: |
          python -m pip install --upgrade pip
          pip install ansible
          
      - name: Install collections
        run: |
          ansible-galaxy collection install -r requirements.yml
          
      - name: Check syntax
        run: |
          ansible-playbook --syntax-check site.yml -i inventories/staging/hosts.yml

  deploy-staging:
    runs-on: ubuntu-latest
    name: Deploy to Staging
    needs: [lint, syntax-check]
    if: github.ref == 'refs/heads/develop'
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        
      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
          
      - name: Install Ansible
        run: |
          python -m pip install --upgrade pip
          pip install ansible
          
      - name: Install collections
        run: |
          ansible-galaxy collection install -r requirements.yml
          
      - name: Setup SSH key
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.ANSIBLE_SSH_PRIVATE_KEY }}" | base64 -d > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H ${{ secrets.STAGING_HOST }} >> ~/.ssh/known_hosts
          
      - name: Deploy to staging
        run: |
          ansible-playbook site.yml -i inventories/staging/hosts.yml --check --diff
        env:
          MINECRAFT_RCON_PASSWORD: ${{ secrets.MINECRAFT_RCON_PASSWORD }}
          ANSIBLE_HOST_KEY_CHECKING: 'false'

  deploy-production:
    runs-on: ubuntu-latest
    name: Deploy to Production
    needs: [lint, syntax-check]
    if: github.ref == 'refs/heads/main'
    environment: production
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        
      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
          
      - name: Install Ansible
        run: |
          python -m pip install --upgrade pip
          pip install ansible
          
      - name: Install collections
        run: |
          ansible-galaxy collection install -r requirements.yml
          
      - name: Setup SSH key
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.ANSIBLE_SSH_PRIVATE_KEY }}" | base64 -d > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H ${{ secrets.PRODUCTION_HOST }} >> ~/.ssh/known_hosts
          
      - name: Deploy to production
        run: |
          ansible-playbook site.yml -i inventories/production/hosts.yml
        env:
          MINECRAFT_RCON_PASSWORD: ${{ secrets.MINECRAFT_RCON_PASSWORD }}
          ANSIBLE_HOST_KEY_CHECKING: 'false'