#! wake up runner !
- hosts: tower
  gather_facts: false
  vars:
    # Variables depuis Environment (non-sensibles)
    vaultwarden_url: "{{ lookup('env', 'vaultwarden_url') }}"
    bw_client_secret: "{{ lookup('env', 'bw_client_secret') }}"
    bw_client_password: "{{ lookup('env', 'bw_client_password') }}"
    bw_client_id: "{{ lookup('env', 'bw_client_id') }}"
    # Token gitea runner 
    bw_requested_password_id: "{{ lookup('env', 'bw_requested_password_id') }}"
    # b8decb1a-222d-402c-a882-f70c191ba936
  tasks:


#! SECRETS
    - name: Install Bitwarden CLI
      ansible.builtin.command:
        cmd: "{{ item }}"
      delegate_to: localhost
      loop: 
        - apk add --no-cache nodejs npm
        - npm install -g @bitwarden/cli 

    - ansible.builtin.command:
        cmd: bw logout
      delegate_to: localhost
      ignore_errors: true

    - name: bitwarden token session 
      ansible.builtin.shell: "{{ item }}"
      environment:
        BW_CLIENTID: "{{ bw_client_id }}"
        BW_CLIENTSECRET: "{{ bw_client_secret }}"
        BW_PASSWORD: "{{ bw_client_password }}"
      loop:
        - bw config server {{ vaultwarden_url }}
        - bw login --apikey
        - bw unlock --passwordenv BW_PASSWORD --raw
      delegate_to: localhost
      register: bw_session_result

    - name: Get secret from Bitwarden
      command:
        argv:
          - bw
          - get
          - password
          - "{{ bw_requested_password_id }}"
          - --session
          - "{{ bw_session_result.results[-1].stdout | trim }}"
      delegate_to: localhost
      register: gitea_token_result
      no_log: true
      changed_when: false

    # - name: Return all secrets from a path
    #   ansible.builtin.debug: 
    #     msg: "{{ gitea_token_result.stdout }}"
    #   delegate_to: localhost

    - ansible.builtin.set_fact:
        gitea_token : "{{ gitea_token_result.stdout | trim }}"
      no_log: true
      delegate_to: localhost

    #! runner

    - community.docker.docker_compose_v2:
        project_src: /opt/dockerapps
        services:
          - runner
        state: present

    - ansible.builtin.pause:
        seconds: 30

# --labels ubuntu-latest:docker://ubuntu:latest

    - community.docker.docker_container_exec:
        container: runner
        command: "act_runner register --instance http://gitea:3000 --labels ubuntu-latest:docker://docker:dind --labels ubuntu-latest:docker://ubuntu:latest --labels ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest --no-interactive --ephemeral --name runner --token {{ gitea_token }}" 
        chdir: /data
        env:
          DOCKER_HOST: unix:///var/run/user/1000/docker.sock
          # BUILDKIT_STEP_LOG_MAX_SIZE: 0   
          # DOCKER_BUILDKIT: 1   

      # when: register_runner.failed == true
    # - ansible.builtin.pause:
    #     seconds: 30

    - community.docker.docker_container_exec:
        container: runner
        command: act_runner daemon --config .runner
        chdir: /data
        env:
          DOCKER_HOST: unix:///var/run/user/1000/docker.sock
      register: register_runner
      async: 0 
      poll: 0  

    - ansible.builtin.debug:
        var: register_runner


    - community.docker.docker_compose_v2:
        project_src: /opt/dockerapps
        services:
          - runner
        state: absent


    - name: logout bw
      ansible.builtin.command:
        cmd: bw logout
      delegate_to: localhost