# TODO(mordred) We should do *something* where this could use a zuul cloned
# copy of project-config instead. This is needed not just for things like
# manage-projects (which could be run completely differently and non-locally)
# but also for things like notify-impact, which is currently run by a gerrit
# hook inside of the container via jeepyb.
- name: Clone project-config repo
  git:
    repo: https://opendev.org/openstack/project-config
    dest: /opt/project-config
    force: yes

- name: Synchronize podman-compose directory
  synchronize:
    src: gerrit-podman/
    dest: /etc/gerrit-podman/

- name: Create Gerrit Group
  group:
    name: "{{ gerrit_user_name }}"
    gid: "{{ gerrit_id }}"
    system: yes

- name: Create Gerrit User
  user:
    name: "{{ gerrit_user_name }}"
    uid: "{{ gerrit_id }}"
    comment: Gerit User
    shell: /bin/bash
    home: "{{ gerrit_home_dir }}"
    group: "{{ gerrit_user_name }}"
    create_home: yes
    system: yes

- name: Ensure review_site directory exists
  file:
    state: directory
    path: "{{ gerrit_site_dir }}"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0755

- name: Ensure Gerrit volume directories exists
  file:
    state: directory
    path: "{{ gerrit_site_dir }}/{{ item }}"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0755
  loop:
    - etc
    - git
    - index
    - cache
    - static
    - hooks
    - tmp
    - logs

- name: Write Gerrit config file
  template:
    src: gerrit.config
    dest: "{{ gerrit_site_dir }}/etc/gerrit.config"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0644

- name: Write Gerrit SSH private key
  copy:
    content: "{{ gerrit_ssh_rsa_key_contents }}"
    dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0600

- name: Write Gerrit SSH public key
  copy:
    content: "{{ gerrit_ssh_rsa_pubkey_contents }}"
    dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key.pub"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0644

- name: Write Welcome SSH private key
  copy:
    content: "{{ welcome_message_gerrit_ssh_private_key }}"
    dest: "{{ gerrit_site_dir }}/etc/ssh_welcome_rsa_key"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0600
  when: welcome_message_gerrit_ssh_private_key is defined

- name: Write Welcome SSH public key
  copy:
    content: "{{ welcome_message_gerrit_ssh_public_key }}"
    dest: "{{ gerrit_site_dir }}/etc/ssh_welcome_rsa_key.pub"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0644
  when: welcome_message_gerrit_ssh_public_key is defined

- name: Copy static hooks
  copy:
    src: "hooks/{{ item }}"
    dest: "{{ gerrit_site_dir }}/hooks/{{ item }}"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0555
  loop:
    - change-merged
    - change-abandoned

- name: Copy notify-impact yaml file
  copy:
    src: "/opt/project-config/gerrit/notify_impact.yaml"
    dest: "{{ gerrit_site_dir }}/hooks/notify_impact.yaml"
    remote_src: yes
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0444

- name: Install patchset-created hook
  template:
    src: patchset-created.j2
    dest: "{{ gerrit_site_dir }}/hooks/patchset-created"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: 0555

# TODO(mordred) These things should really go into the image instead.
- name: Copy static and etc
  copy:
    src: "{{ item }}"
    dest: "{{ gerrit_site_dir }}/{{ item }}"
    owner: "{{ gerrit_user_name }}"
    group: "{{ gerrit_user_name }}"
    mode: preserve
  loop:
    - static
    - etc

- name: Install podman-compose
  pip:
    name: podman-compose
    state: latest
    # NOTE(mordred) Cannot use full path to pip3 here because it is
    # different on zuul test nodes and in production. This is, of
    # course, not stellar.
    executable: pip3

# TODO(mordred) Make this suck less, like if we could do an init container
# or something just generally less gross.
- name: Run gerrit init
  when: gerrit_run_init | bool
  command: >
    podman run -it --rm --net=host -u gerrit
    -v /home/gerrit2/review_site/cache:/var/gerrit/cache
    -v /home/gerrit2/review_site/etc:/var/gerrit/etc
    -v /home/gerrit2/review_site/git:/var/gerrit/git
    -v /home/gerrit2/review_site/tmp:/var/gerrit/tmp
    -v /home/gerrit2/review_site/hooks:/var/gerrit/hooks
    -v /home/gerrit2/review_site/index:/var/gerrit/index
    -v /home/gerrit2/review_site/logs:/var/log/gerrit
    -v /home/gerrit2/review_site/static:/var/gerrit/static
    docker.io/opendevorg/gerrit:2.13
    /usr/local/openjdk-8/bin/java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit -b --no-auto-start --install-all-plugins

- name: Run podman-compose up
  shell:
    cmd: podman-compose up -d
    chdir: /etc/gerrit-podman/