name: Ansible Deploy to Hosts
on:
  pull_request:
    types: [closed]
  workflow_dispatch:

jobs:
  deploy:
    if: github.event.pull_request.merged == true
    runs-on: docker
    container:
      image: mafyuh/ansible-bws:v1.0.8
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Fetch all history for git diff
        run: git fetch --depth=2

      - name: Detect modified folders
        id: detect-changes
        run: |
          if [ "$(git rev-parse --is-shallow-repository)" = "true" ]; then
            git fetch --unshallow
          fi
          folders=$(git diff --name-only HEAD~1 HEAD | grep '^docker/' | cut -d/ -f2 | sort | uniq)
          echo "Modified folders: $folders"
          echo "::set-output name=folders::$folders"

      - name: Map Folder to Host
        shell: bash
        run: |
          IFS=' ' read -r -a folder_array <<< "${{ steps.detect-changes.outputs.folders }}"
          for folder in "${folder_array[@]}"; do
            case $folder in
              actual)
                target_host="ubu.lan"
                ;;
              arrs)
                target_host="arrs.lan"
                ;;
              arm)
                target_host="arm.lan"
                ;;
              AI)
                target_host="ai.lan"
                ;;
              authentik)
                target_host="auth.lan"
                ;;
              ag-main)
                target_host="dns.lan"
                ;;
              exporters)
                target_host="all"
                ;;
              grafana)
                target_host="ubu.lan"
                ;;
              jellyfin)
                target_host="jf.lan"
                ;;
              kasm)
                target_host="kasm.lan"
                ;;
              netboot)
                target_host="netboot.lan"
                ;;
              nexterm)
                target_host="ubu.lan"
                ;;
              npm)
                target_host="npm.lan"
                ;;
              plex)
                target_host="plex.lan"
                ;;
              paperless)
                target_host="ubu.lan"
                ;;
              portainer)
                target_host="port.lan"
                ;;
              runner)
                target_host="runner.lan"
                ;;
              # Add cases for other folders/hosts
              *)
                echo "Unknown folder: $folder"
                exit 1
                ;;
            esac
            echo "Deploying to $target_host for folder $folder"

            echo "target_host=$target_host" >> $GITHUB_ENV
            echo "folder=$folder" >> $GITHUB_ENV
          done

      - name: Get Secrets from Bitwarden
        id: bitwarden-secrets
        uses: https://github.com/bitwarden/sm-action@v2
        with:
          access_token: ${{ secrets.BW_ACCESS_TOKEN }}
          base_url: https://vault.bitwarden.com
          secrets: |
            267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host
            e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host
            6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host
            52512c15-b474-42c3-9835-b23e001edf35 > auth_host
            903364d9-1b29-4b7f-aa66-b23e001f7327 > jf_host
            e4c5d8be-b91f-41ab-8071-b23e00203340 > kasm_host
            566329f5-5af3-4bcd-b187-b23e00216134 > netboot_host
            fb62a8d1-6dd5-4fab-aff4-b23e0021e215 > npm_host
            fe0a2fa5-8e2b-4b4f-ac68-b26100315b20 > plex_host
            90a16954-45df-49ad-9f45-b23e002273c5 > runner_host
            a5b6fa4b-4643-4f85-988b-b23e00245e2f > ubu_host
            26b06759-9791-42d7-a076-b23e0063c4dd > ssh_private_key

  
      - name: Create hosts.ini file
        run: |
          cat <<EOF > ansible/hosts.ini
          [iac]
          arrs.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arrs_host }} ansible_user=mafyuh
          ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424
          arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424
          auth.lan ansible_host=${{ steps.bitwarden-secrets.outputs.auth_host }} ansible_user=mafyuh
          jf.lan ansible_host=${{ steps.bitwarden-secrets.outputs.jf_host }} ansible_user=mafyuh
          kasm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.kasm_host }} ansible_user=mafyuh
          netboot.lan ansible_host=${{ steps.bitwarden-secrets.outputs.netboot_host }} ansible_user=mafyuh
          npm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.npm_host }} ansible_user=mafyuh
          plex.lan ansible_host=${{ steps.bitwarden-secrets.outputs.plex_host }} ansible_user=mafyuh ansible_port=2009
          runner.lan ansible_host=${{ steps.bitwarden-secrets.outputs.runner_host }} ansible_user=mafyuh
          ubu.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ubu_host }} ansible_user=mafyuh
          EOF

      - name: Ensure SSH directory exists
        run: |
          mkdir -p /root/.ssh
          chmod 700 /root/.ssh

      - name: Create Private key
        run: |
          cat <<EOF > /root/.ssh/id_rsa
          ${{ steps.bitwarden-secrets.outputs.ssh_private_key }}
          EOF
      
      - name: Set permissions for private key
        run: |
          chmod 700 /root/.ssh/id_rsa

      - name: Set up SSH agent
        run: |
          eval $(ssh-agent -s)
          ssh-add /root/.ssh/id_rsa


      - name: Run Ansible Playbook
        env:
          BWS_ACCESS_TOKEN: ${{ secrets.BWS_ACCESS_TOKEN }}
          ANSIBLE_CONFIG: ansible/ansible.cfg
        run: |
          ansible-playbook -i ansible/hosts.ini ./ansible/playbooks/deploy-docker.yml \
            --extra-vars "target_host=${{ env.target_host }} folder=${{ env.folder }} bw_access_token=${{ secrets.BW_ACCESS_TOKEN }}"