---
- hosts: localhost
  vars:
    vault_addr: "{{ zuul_vault_addr }}"
    vault_secret_dest: "{{ zuul.executor.work_root }}/.approle-secret"
    vault_token_dest: "{{ zuul.executor.work_root }}/.approle-token"
    github_token_dest: "{{ zuul.executor.work_root }}/.github"
    github_token_lease: "{{ zuul.executor.work_root }}/.github_lease"

  roles:
    # Get the Vault token from prepared secret-id
    - role: create-vault-approle-token
      vault_role_id: "{{ zuul_vault.vault_role_id }}"
      vault_wrapping_token_id: "{{ lookup('file', vault_secret_dest) }}"

  tasks:

    - name: Fetch organization tokens
      no_log: true
      check_mode: false
      ansible.builtin.uri:
        url: "{{ vault_addr }}/v1/{{ zuul_vault.vault_token_path }}"
        headers:
          "X-Vault-Token": "{{ lookup('file', vault_token_dest) }}"
        method: "POST"
        body:
          org_name: "opentelekomcloud-docs"
        body_format: "json"
      register: "org_token"

    - name: Write GitHub token into the destination
      no_log: true
      copy:
        content: "{{ org_token.json.data.token }}"
        dest: "{{ github_token_dest }}"
        mode: "0400"
      when:
        - "vault_token_dest is defined"
        - "org_token is defined"
        - "org_token.json is defined"
        - "org_token.json.data is defined"
        - "org_token.json.data.token is defined"

    - name: Save token lease
      no_log: true
      copy:
        content: "{{ org_token.json.lease_id }}"
        dest: "{{ github_token_lease }}"
        mode: "0400"
      when:
        - "vault_token_dest is defined"
        - "org_token is defined"
        - "org_token.json is defined"

- hosts: all
  vars:
    github_token_dest: "{{ zuul.executor.work_root }}/.github"
    github_token: "{{ lookup('file', github_token_dest) }}"
    vault_addr: "{{ zuul_vault_addr }}"
    vault_token_file: "{{ zuul.executor.work_root }}/.approle-token"
    github_token_lease: "{{ zuul.executor.work_root }}/.github_lease"
  environment:
    GITHUB_TOKEN: "{{ github_token }}"
  tasks:

    - name: Attempt to gracefully apply patch
      block:
        - name: Read project docs configuration
          include_vars: "{{ docs_update_data_file }}"

        - name: Configure git user name
          command: "git config --global user.name 'OpenTelekomCloud Proposal Bot'"

        - name: Configure git user email
          command: "git config --global user.email 52695153+otcbot@users.noreply.github.com"

        - name: Process patch
          include_role:
            name: "apply_doc_patch"
          vars:
            doc_label: "{{ doc.label }}"
            apply_doc_patch_repository: "{{ doc.repository }}"
            apply_doc_patch_diff_patch_file: "{{ ansible_user_dir }}/{{ doc.label }}.diff.patch"
            apply_doc_patch_git_patch_file: "{{ ansible_user_dir }}/{{ doc.label }}.git.patch"
            apply_doc_patch_target_location: "{{ doc.project_location }}"
          loop: "{{ docs }}"
          loop_control:
            loop_var: "doc"
            label: "{{ doc.label }}"

      always:
        - name: Revoke GitHub token lease
          check_mode: false
          no_log: true
          delegate_to: localhost
          uri:
            url: "{{ vault_addr }}/v1/sys/leases/revoke"
            headers:
              "X-Vault-Token": "{{ lookup('file', vault_token_file) }}"
            method: "PUT"
            body:
              lease_id: "{{ lookup('file', github_token_lease) }}"
            body_format: "json"
            status_code: 204