name: Ansible Minecraft Server CI/CD

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]
  workflow_dispatch:
    inputs:
      environment:
        description: 'Environment to deploy'
        required: true
        default: 'staging'
        type: choice
        options:
          - staging
          - production

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install ansible ansible-lint yamllint

      - name: Run yamllint
        run: |
          yamllint -c .yamllint .
        continue-on-error: true

      - name: Run ansible-lint
        run: |
          ansible-lint --exclude .gitea/ .
        continue-on-error: true
        
      - name: Validate ansible syntax
        run: |
          ansible-playbook site.yml --syntax-check

  test:
    runs-on: ubuntu-latest
    needs: lint
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'

      - name: Install Ansible
        run: |
          python -m pip install --upgrade pip
          pip install ansible

      - name: Install Ansible collections
        run: |
          ansible-galaxy collection install -r requirements.yml

      - name: Test playbook structure
        run: |
          # Verify all roles exist
          for role in 01-server_hardening 02-installation-java 03-Installation-Minecraft 04-backups 05-Update; do
            if [ ! -d "roles/$role" ]; then
              echo "Role $role not found"
              exit 1
            fi
          done

      - name: Check inventory files
        run: |
          ansible-inventory -i inventories/staging/hosts.yml --list
          ansible-inventory -i inventories/production/hosts.yml --list

  deploy:
    runs-on: ubuntu-latest
    needs: [lint, test]
    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'

      - name: Install Ansible
        run: |
          python -m pip install --upgrade pip
          pip install ansible

      - name: Install collections
        run: |
          ansible-galaxy collection install -r requirements.yml

      - name: Setup SSH key
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.ANSIBLE_SSH_KEY }}" > ~/.ssh/ansible_key
          chmod 600 ~/.ssh/ansible_key
          
      - name: Setup vault password
        run: |
          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > .vault_pass
          chmod 600 .vault_pass

      - name: Determine environment
        id: env
        run: |
          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
            echo "environment=${{ github.event.inputs.environment }}" >> $GITHUB_OUTPUT
          elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
            echo "environment=production" >> $GITHUB_OUTPUT
          else
            echo "environment=staging" >> $GITHUB_OUTPUT
          fi

      - name: Deploy to environment
        env:
          ANSIBLE_HOST_KEY_CHECKING: false
          ANSIBLE_VAULT_PASSWORD_FILE: .vault_pass
        run: |
          ansible-playbook \
            -i inventories/${{ steps.env.outputs.environment }}/hosts.yml \
            site.yml \
            --limit minecraft_servers \
            --diff

      - name: Clean up
        if: always()
        run: |
          rm -f ~/.ssh/ansible_key
          rm -f .vault_pass