name: Ansible Operations

on:
  schedule:
    - cron: "@daily"
  workflow_dispatch:

env:
  REPO_PATH: /tmp/repo

jobs:
  clone-repo:
    runs-on: ubuntu-latest
    outputs:
      repo-path: ${{ env.REPO_PATH }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          path: ${{ env.REPO_PATH }}

  setup-environment:
    runs-on: ubuntu-latest
    needs: clone-repo
    outputs:
      key-file: ${{ env.REPO_PATH }}/default-key
      vault-file: ${{ env.REPO_PATH }}/become-pass.txt
    steps:
      - name: Set up environment
        env:
          ANSIBLE_PRIVATE_KEY: ${{ secrets.ANSIBLE_PRIVATE_KEY }}
          ANSIBLE_BECOME_PASS: ${{ secrets.ANSIBLE_BECOME_PASS }}
        run: |
          mkdir -p ${{ env.REPO_PATH }}
          echo -e "$ANSIBLE_PRIVATE_KEY" > ${{ env.REPO_PATH }}/default-key
          echo "$ANSIBLE_BECOME_PASS" > ${{ env.REPO_PATH }}/become-pass.txt
          chmod 600 ${{ env.REPO_PATH }}/default-key

  ansible-jobs:
    runs-on: ubuntu-latest
    needs: setup-environment
    strategy:
      matrix:
        playbook:
          - name: update-packages
            file: update-packages.yml
          - name: prune-images
            file: prune-k3s.yml
          - name: update-proxmox
            file: update-proxmox.yml
    steps:
      - name: Run ${{ matrix.playbook.name }}
        uses: addnab/docker-run-action@v3
        with:
          image: gitea.akshun-lab.cc/aggarwalakshun/ansible:1.0.0
          options: -v ${{ env.REPO_PATH }}:/repo
          run: |
            ansible-playbook \
              -i /repo/inventory.yml \
              --vault-pass-file /repo/become-pass.txt \
              --key-file /repo/default-key \
              /repo/playbooks/${{ matrix.playbook.file }}
        env:
          ANSIBLE_HOST_KEY_CHECKING: 'False'
          ANSIBLE_PYTHON_INTERPRETER: 'auto_silent'