---
- name: Gitea setup
  block:
  - name: Install Gitea dynamic files
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      resource_definition: "{{ lookup('template', 'gitea/' + item) | from_yaml }}"
    with_items:
      - gitea-Namespace.yaml.j2
      - gitea-pvc.yml.j2
      - gitea-IngressRoute.yml.j2
#      - gitea-IngressRouteTCP.yml.j2
  - name: Install Gitea static files
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      resource_definition: "{{ lookup('file', 'gitea/' + item) | from_yaml }}"
    with_items:
      - gitea-ConfigMap.yaml
      - gitea-Deployment.yaml
      - gitea-Service.yaml
  tags:
    - gitea

- name: Drone setup
  block:
  - name: Configure environnement
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      resource_definition: "{{ lookup('template', item) | from_yaml }}"
    with_items:
      - drone-Namespace.yaml.j2
    tags:
      - drone-server
      - drone-runner

  - name: Drone Server install
    block:
    - name: Install Drone dynamic files
      k8s:
        state: present
        context: "{{ my_context }}"
        merge_type: merge
        resource_definition: "{{ lookup('template', item) | from_yaml }}"
      with_items:
        - drone/drone-PersistentVolumeClaim.yml.j2
        - drone/drone-Secret.yaml.j2
        - drone/drone-IngressRoute.yml.j2
    - name: Install Drone Static files
      k8s:
        state: present
        context: "{{ my_context }}"
        merge_type: merge
        resource_definition: "{{ lookup('file', item) | from_yaml }}"
      with_items:
        - drone/drone-ConfigMap.yaml
        - drone/drone-Deployment.yaml
        - drone/drone-Service.yaml
    tags:
      - drone-server

  - name: Drone Runner install
    block:
    - name: Install Drone Runner dynamic files
      k8s:
        state: present
        context: "{{ my_context }}"
        merge_type: merge
        resource_definition: "{{ lookup('template', item) | from_yaml }}"
      with_items:
        - drone-runner/drone-runner-Secret.yaml.j2
    - name: Install Drone Runner static files
      k8s:
        state: present
        context: "{{ my_context }}"
        merge_type: merge
        resource_definition: "{{ lookup('file', item) | from_yaml }}"
      with_items:
        - drone-runner/drone-runner-Namespace.yaml
        - drone-runner/drone-runner-ServiceAccount.yaml
        - drone-runner/drone-runner-Role.yaml
        - drone-runner/drone-runner-RoleBinding.yaml
        - drone-runner/drone-runner-ConfigMap.yaml
        - drone-runner/drone-runner-Service.yaml
        - drone-runner/drone-runner.yaml
    tags:
      - drone-runner
  tags:
    - drone

# https://github.com/aquasecurity/trivy/tree/main/helm/trivy
- name: Trivy Setup
  block:
  - name: Git clone stable repo on HEAD
    ansible.builtin.git:
      repo: "https://github.com/aquasecurity/trivy.git"
      dest: tmp/trivy
  - name: Deploy trivy chart from local path
    community.kubernetes.helm:
      state: present
      name: trivy
      context: "{{ my_context }}"
      chart_ref: tmp/trivy/helm/trivy
      release_namespace: "{{ trivy_namespace }}"
      create_namespace: true
      values:
        image:
          tag: "{{ trivy_version }}"
#        persistence:
#          storageClass: "{{ trivy_storage_classname }}"
#        trivy:
#          gitHubToken: ""
#          cache:
#            redis:
#              enabled: false
#              url: "" # e.g. redis://redis.redis.svc:6379
#        ingress:
#          enabled: false
#          annotations: {}
#            # kubernetes.io/ingress.class: nginx
#          hosts:
#            - host: trivy.{{ traefik_domain }}

  tags:
    - trivy