---
- name: Deploy application
  hosts: "{{ target_host }}"
  vars:
    repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder }}"
    secrets_mapping_file: "/home/{{ ansible_user }}/iac/secret-mappings.yml"
  tasks:
    - name: Read secret mapping
      ansible.builtin.slurp:
        src: "{{ secrets_mapping_file }}"
      register: secret_mapping_content

    - name: Parse secret mapping
      ansible.builtin.set_fact:
        secret_mapping: "{{ secret_mapping_content['content'] | b64decode | from_yaml }}"

    - name: Generate .env content
      vars:
        env_variables: "{{ secret_mapping[target_host]['env_variables'] | default({}) }}"
      ansible.builtin.shell: |
        #!/bin/bash
        echo "Generating .env for {{ target_host }} at {{ repo_path }}/.env"
        for var in "${!env_variables[@]}"; do
          secret_id="${env_variables[$var]}"
          if [ -n "$secret_id" ]; then
            value=$(bws secret get "$secret_id" | jq -r '.value')
            echo "$var=$value"
          else
            echo "$var="
          fi
        done
      args:
        executable: /bin/bash
      register: env_file_content

    - name: Write .env file to target host
      ansible.builtin.copy:
        dest: "{{ repo_path }}/.env"
        content: "{{ env_file_content.stdout }}"
        mode: '0644'

    - name: Ensure the repository is up-to-date
      ansible.builtin.shell: git pull
      args:
        chdir: "{{ repo_path }}"
      register: git_pull_output

    - name: Display git pull output
      ansible.builtin.debug:
        var: git_pull_output.stdout_lines

    - name: Restart services using Docker Compose
      community.docker.docker_compose_v2:
        project_src: "{{ repo_path }}"
        state: present
        remove_orphans: true

    - name: Run Docker Command
      command: docker compose ps
      args:
        chdir: "{{ repo_path }}"
      register: docker_output

    - name: Display Docker Output
      debug:
        var: docker_output.stdout_lines