#
# Webhook to Fedora Messaging
#
---
- name: Setup the database
  hosts: apps_dbserver:apps_dbserver_stg
  gather_facts: no
  become: yes
  become_user: postgres
  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - /srv/private/ansible/vars.yml
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
    - name: Webhook2fedmsg DB user
      community.postgresql.postgresql_user:
        name: webhook2fedmsg
        password: "{{ (env == 'production') | ternary(webhook2fedmsg_prod_db_password, webhook2fedmsg_stg_db_password) }}"
    - name: Webhook2fedmsg database creation
      community.postgresql.postgresql_db:
        name: webhook2fedmsg
        owner: webhook2fedmsg
        encoding: UTF-8

- name: Make the app be real
  hosts: os_control[0]:os_control_stg[0]
  user: root
  gather_facts: false

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
    - role: rabbit/user
      user_name: "webhook2fedmsg{{ env_suffix }}"
      user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(github|gitlab|discourse|forgejo)\..*

    - role: openshift/project
      project_app: webhook2fedmsg
      project_description: "Relay webhooks to Fedora Messaging"
      project_appowners:
        - ryanlerch
        - abompard
        - t0xic0der
        - kevin
      tags:
        - apply-appowners

    - role: openshift/secret-file
      secret_file_app: webhook2fedmsg
      secret_file_secret_name: fedora-messaging-ca
      secret_file_key: cacert.pem
      secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
    - role: openshift/secret-file
      secret_file_app: webhook2fedmsg
      secret_file_secret_name: fedora-messaging-crt
      secret_file_key: webhook2fedmsg-cert.pem
      secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/webhook2fedmsg{{env_suffix}}.crt"
    - role: openshift/secret-file
      secret_file_app: webhook2fedmsg
      secret_file_secret_name: fedora-messaging-key
      secret_file_key: webhook2fedmsg-key.pem
      secret_file_privatefile: "rabbitmq/{{env}}/pki/private/webhook2fedmsg{{env_suffix}}.key"

    - role: openshift/imagestream
      imagestream_app: webhook2fedmsg
      imagestream_imagename: webhook2fedmsg

    - role: openshift/object
      object_app: webhook2fedmsg
      object_template: buildconfig.yml.j2
      object_objectname: buildconfig.yml

    - role: openshift/object
      object_app: webhook2fedmsg
      object_template: configmap.yml.j2
      object_objectname: configmap.yml

    - role: openshift/object
      object_app: webhook2fedmsg
      object_file: service.yml
      object_objectname: service.yml

    # Routes
    - role: openshift/route
      route_app: webhook2fedmsg
      route_name: web
      route_host: "webhook{{ env_suffix }}.fedoraproject.org"
      route_serviceport: web
      route_servicename: web
    - role: openshift/route
      route_app: webhook2fedmsg
      route_name: web-alt
      route_host: "webhook2fedmsg.apps.ocp{{env_suffix}}.fedoraproject.org"
      route_serviceport: web
      route_servicename: web

    # FASJSON access
    - role: openshift/ipa-client
      ipa_client_app: webhook2fedmsg
    - role: openshift/keytab
      keytab_app: webhook2fedmsg
      keytab_key: service.keytab
      keytab_secret_name: keytab
      keytab_service: webhook2fedmsg

    # Deployment config
    - role: openshift/object
      object_app: webhook2fedmsg
      object_template: deploymentconfig.yml.j2
      object_objectname: deploymentconfig.yml

  # - role: openshift/start-build
  #   start_build_app: webhook2fedmsg
  #   start_build_buildname: webhook2fedmsg
  #   tags:
  #   - never
  #   - build

  # - role: openshift/rollout
  #   rollout_app: webhook2fedmsg
  #   rollout_dcname: webhook2fedmsg
  #   tags:
  #   - never
  #   - rollout