---

# generic
name: "Linting and Deployment"
on: # yamllint disable-line rule:truthy
  push:
    branches:
      - "main"

# jobs
jobs:

  # ansible linting
  Linting:
    runs-on: "ubuntu-latest"
    container:
      image: "cr.simoncor.net/siempie/ansible-deployment:latest"
      credentials:
        username: "${{ vars.REGISTER_USERNAME }}"
        password: "${{ vars.REGISTER_PASSWORD }}"

    # steps
    steps:

      # checkout code
      - name: "Clone repo"
        uses: "actions/checkout@v4"

      # setup vault key
      - name: "Setup Vault Key"
        run: |
          echo ${{ secrets.VAULT_KEY }} >> secret.key

      # run ansible linter
      - name: "Run Ansible Lint"
        run: |
          ansible-lint -c .


  # ansible deployment
  Deployment:
    runs-on: "ubuntu-latest"
    needs: "Linting"

    # steps
    steps:

      # ansible deployment
      - name: "Ansible deployment"
        uses: "appleboy/ssh-action@v1.2.0"
        with:

          # bastion
          proxy_host: "bastion.simoncor.net"
          proxy_port: "22"
          proxy_username: "${{ secrets.USERNAME }}"
          proxy_key: "${{ secrets.SSHKEY }}"

          # ansible server
          host: "ansible.siempie.internal"
          port: "22"
          username: "${{ secrets.USERNAME }}"
          key: "${{ secrets.SSHKEY }}"

          # execute commands
          script: |
            sudo /usr/bin/git -C /etc/ansible/roles/common reset --hard HEAD
            sudo /usr/bin/git -C /etc/ansible/roles/common clean -fd
            sudo /usr/bin/git -C /etc/ansible/roles/common fetch --quiet
            sudo /usr/bin/git -C /etc/ansible/roles/common pull origin main --quiet