---
- name: Deploy gitlab on OCP
  hosts: localhost
  gather_facts: false

  tasks:
    - name: Create cert-manager-operator namespace
      redhat.openshift.k8s:
        name: cert-manager-operator
        api_version: v1
        kind: Namespace
        state: present

    - name: Create OperatorGroup object for cert-manager-operator
      redhat.openshift.k8s:
        state: present
        definition:
          apiVersion: operators.coreos.com/v1
          kind: OperatorGroup
          metadata:
            name: cert-manager-operator-operatorgroup
            namespace: cert-manager-operator
          spec:
            targetNamespaces:
              - cert-manager-operator

    - name: Create cert-manager-operator subscription
      redhat.openshift.k8s:
        state: present
        definition:
          apiVersion: operators.coreos.com/v1alpha1
          kind: Subscription
          metadata:
            labels:
              operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator: ''
            name: openshift-cert-manager-operator
            namespace: cert-manager-operator
          spec:
            channel: stable-v1
            installPlanApproval: Automatic
            name: openshift-cert-manager-operator
            source: redhat-operators
            sourceNamespace: openshift-marketplace

    - name: Create gitlab-system namespace
      redhat.openshift.k8s:
        name: gitlab-system
        api_version: v1
        kind: Namespace
        state: present

    - name: Create OperatorGroup object for gitlab-operator-kubernetes
      redhat.openshift.k8s:
        state: present
        definition:
          apiVersion: operators.coreos.com/v1
          kind: OperatorGroup
          metadata:
            name: gitlab-operator-kubernetes-operatorgroup
            namespace: gitlab-system
          spec:
            targetNamespaces:
              - gitlab-system

    - name: Create gitlab subscription
      redhat.openshift.k8s:
        state: present
        definition:
          apiVersion: operators.coreos.com/v1alpha1
          kind: Subscription
          metadata:
            labels:
              operators.coreos.com/gitlab-operator-kubernetes.gitlab-system: ''
            name: gitlab-operator-kubernetes
            namespace: gitlab-system
          spec:
            channel: stable
            installPlanApproval: Automatic
            name: gitlab-operator-kubernetes
            source: community-operators
            sourceNamespace: openshift-marketplace

    - name: Wait for gitlab operator to install
      kubernetes.core.k8s_info:
        api_version: apiextensions.k8s.io/v1
        kind: CustomResourceDefinition
        name: gitlabs.apps.gitlab.com
      register: crd_gitlab
      until: crd_gitlab.resources | list | length == 1
      retries: 10
      delay: 30

    - name: Wait until gitlab-operator is up
      kubernetes.core.k8s_info:
        api_version: v1
        kind: Deployment
        name: gitlab-controller-manager
        namespace: gitlab-system
      register: pod_list
      until: pod_list | json_query('resources[*].status.readyReplicas') | unique >= [1]
      retries: 10
      delay: 30

    - name: Get available charts from gitlab operator repo
      register: gitlab_chart_versions
      ansible.builtin.uri:
        url: https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/raw/master/CHART_VERSIONS?ref_type=heads
        method: GET
        return_content: true

    - name: Debug gitlab_chart_versions
      ansible.builtin.debug:
        var: gitlab_chart_versions.content | from_yaml

    - name: Get latest chart from available_chart_versions
      ansible.builtin.set_fact:
        gitlab_chart_version: "{{ (gitlab_chart_versions.content | split())[0] }}"

    - name: Grab url for Gitlab spec
      ansible.builtin.set_fact:
        cluster_domain: "apps{{ lookup('ansible.builtin.env', 'K8S_AUTH_HOST') | regex_search('\\.[^:]*') }}"
      when: cluster_domain is undefined

    - name: Deploy a GitLab instance
      redhat.openshift.k8s:
        state: present
        definition:
          apiVersion: apps.gitlab.com/v1beta1
          kind: GitLab
          metadata:
            name: gitlab
            namespace: gitlab-system
          spec:
            chart:
              version: "{{ gitlab_chart_version }}"
              values:
                nginx-ingress:
                  enabled: false
                certmanager:
                  install: false
                global:
                  hosts:
                    domain: "{{ cluster_domain }}"   # apps.cluster-9xrlv.9xrlv.sandbox644.opentlc.com
                  ingress:
                    class: none
                    configureCertmanager: true
                    annotations:
                      route.openshift.io/termination: "edge"
                certmanager-issuer:
                  email: "{{ cert_email | default('nobody@nowhere.nosite') }}"

    - name: Print out warning and initial details about deployment
      vars:
        msg: |
          If not immediately successful be aware that the Gitlab instance can take
          a couple minutes to come up, so be patient.

          URL for Gitlab instance:
          https://gitlab.{{ cluster_domain }}

          The initial login user is 'root', and the password can be found by logging
          into the OpenShift cluster portal, and on the left hand side of the administrator
          portal, under workloads, select Secrets and look for 'gitlab-gitlab-initial-root-password'
      ansible.builtin.debug:
        msg: "{{ msg.split('\n') }}"

...