name: 🏃Run Ansible

on:
  workflow_call:
    inputs:
      playbook_path:
        required: true
        type: string
      role_repo:
        required: true
        type: string
    secrets:
      TOKEN:
        required: true

jobs:
  install_ansible:
    runs-on: ubuntu-latest

    steps:
      - name: 🔐Setup SSH for submodules
        run: |
          echo "Key length: ${#SSH_PRIVATE_KEY}"
          mkdir -p $HOME/.ssh
          echo "$SSH_PRIVATE_KEY" | base64 -d > $HOME/.ssh/id_ed25519
          chmod 600 $HOME/.ssh/id_ed25519
          ls -laR
          # ssh-keyscan -t rsa -p 2222 gitlab.mod.home > $HOME/.ssh/known_hosts
          echo "Host *" >> ~/.ssh/config
          echo "  StrictHostKeyChecking no" >> ~/.ssh/config
          echo "  UserKnownHostsFile /dev/null" >> ~/.ssh/config
          echo "Host gitea.mod.home" >> ~/.ssh/config
          echo "  port 2222" >> ~/.ssh/config
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSHKEY_B64 }}

      - name: 🛠️ Install Node.js fallback
        run: |
          if ! command -v node &> /dev/null; then
            echo "Node nicht gefunden. Installiere..."
            sudo apt-get update && sudo apt-get install -y nodejs
          fi

      - name: 🔎Checkout Repository
        uses: actions/checkout@v4
        with:
          submodules: recursive
          fetch-depth: 0
      # Python 3 installieren, was für pip und Ansible notwendig ist

      - name: ⚙️Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.x" # Wählt die neueste Python 3 Version

      # Abhängigkeiten aktualisieren und Ansible über pip installieren
      - name: ⚙️Install Ansible via pip
        run: |
          python -m pip install --upgrade pip
          pip install ansible

      # vault file anlegen
      - name: 🔑create vault file
        run: echo "${{ secrets.ANSIBLE_VAULT_KEY }}" > .vault_pass.txt

      - name: 📋Manuelles Submodule Update
        run: |
          git submodule init
          git submodule update --recursive --init --force

      - name: ⚙️Install Ansible roles
        run: |
          ansible-galaxy role install -r requirements.yml --roles-path ./roles

      - name: 🔎Check Ansible roles exists
        run: |
          ansible-galaxy list

      - name: 🔎 Checkout Triggering Role Repo
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.TOKEN }}
          repository: ${{ inputs.role_repo }}
          path: active_role

      - name: 🔎Check Ansible Playbook Syntax
        run: |
          ansible-playbook --syntax-check active_role/${{ inputs.playbook_path }}

      - name: 🏃Run Ansible deploy_valkey.yml.ansible
        run: |
          ansible-playbook -i inventory/raspberries.yaml active_role/${{ inputs.playbook_path }} --vault-password-file .vault_pass.txt -v
      # Beispiel für den Benachrichtigungsschritt
      - name: 📨Telegram Benachrichtigung senden
        uses: chapvic/telegram-notify@master
        if: always() # Stellt sicher, dass die Benachrichtigung immer gesendet wird
        with:
          token: ${{ secrets.TELEGRAM_BOT_TOKEN }} # Ihr Bot-Token Secret
          chat: ${{ secrets.TELEGRAM_CHAT_ID }} # Ihre Chat-ID Secret
          status: ${{ job.status }} # Sendet den Job-Status (success/failure/cancelled)
          title: "Deploy: ${{ inputs.role_repo }}"