---
- name: Sync Supabase secrets to Gitea repo variables
  hosts: supabase
  connection: local
  gather_facts: false

  tasks:
    - name: Construct env file content
      ansible.builtin.set_fact:
        _env_file: |
          SUPABASE_URL={{ supabase.url }}
          SUPABASE_ANON_KEY={{ supabase.anon_key }}
      no_log: false

    - name: Check if Gitea variable exists
      ansible.builtin.uri:
        url: "{{ gitea_base_url }}/api/v1/repos/{{ gitea_owner }}/{{ gitea_repo }}/actions/variables/{{ gitea_variable_name }}"
        method: GET
        headers:
          Authorization: "token {{ gitea_token.token }}"
        status_code: [200, 404]
      register: _gitea_var_check
      no_log: true

    - name: Create Gitea variable
      ansible.builtin.uri:
        url: "{{ gitea_base_url }}/api/v1/repos/{{ gitea_owner }}/{{ gitea_repo }}/actions/variables/{{ gitea_variable_name }}"
        method: POST
        headers:
          Authorization: "token {{ gitea_token.token }}"
          Content-Type: application/json
        body_format: json
        body:
          value: "{{ _env_file }}"
        status_code: [201]
      when: _gitea_var_check.status == 404
      no_log: true

    - name: Update Gitea variable
      ansible.builtin.uri:
        url: "{{ gitea_base_url }}/api/v1/repos/{{ gitea_owner }}/{{ gitea_repo }}/actions/variables/{{ gitea_variable_name }}"
        method: PUT
        headers:
          Authorization: "token {{ gitea_token.token }}"
          Content-Type: application/json
        body_format: json
        body:
          value: "{{ _env_file }}"
        status_code: [204]
      when: _gitea_var_check.status == 200
      no_log: true