---

- name: update over multiple reboots
  block:
    - name: check for available updates
      win_updates:
        category_names:
          - CriticalUpdates
          - DefinitionUpdates
          - SecurityUpdates
          - UpdateRollups
          - Updates
        state: searched
      register: available_updates

    - debug:
        msg: |
          {{ inventory_hostname }} has {{ available_updates.found_update_count }} updates available.
          {% for update in updates %}
            - {{ update.title }}
          {% endfor %}
      vars:
        updates: "{{ (available_updates.updates.values() | list) if (available_updates.updates is mapping) else (available_updates.updates) }}"
      when: available_updates.updates is defined

    - block:
        - name: install windows updates using powershell script
          script: win-updates.ps1
          become: yes
          become_method: runas
          become_user: SYSTEM
          when:
            - available_updates.updates is defined
            - available_updates.found_update_count > 0

      rescue:
        - name: reboot the system to recover from a failed update
          win_reboot:
            reboot_timeout: 7200

    - name: wait for system to be responsive after update
      wait_for_connection:
        delay: 60
        sleep: 10
        timeout: 600

    - name: check to see if reboot is required
      win_reg_stat:
        path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
        name: CustomRebootRequired
      register: update_reboot_required_key

    - name: reboot the system to continue with the update
      win_reboot:
        reboot_timeout: 7200
      when: update_reboot_required_key.exists

    - name: check for missing updates
      win_updates:
        category_names:
          - CriticalUpdates
          - DefinitionUpdates
          - SecurityUpdates
          - UpdateRollups
          - Updates
        state: searched
      register: missing_updates

    - debug:
        msg: |
          {{ inventory_hostname }} has {{ missing_updates.found_update_count }} updates still missing.
          {% for update in updates %}
            - {{ update.title }}
          {% endfor %}
      vars:
        updates: "{{ (missing_updates.updates.values() | list) if (missing_updates.updates is mapping) else (missing_updates.updates) }}"
      when: missing_updates.updates is defined

    - block:
        - name: set update count
          set_fact:
            update_retry_count: '{{ update_retry_count | default(0) | int + 1 }}'

        - name: still more updates - need to retry
          fail:
            msg: >
              '{{ inventory_hostname }} has {{ missing_updates.found_update_count }} updates still missing.
              {{ (update_retry_limit | int) - (update_retry_count | int) }} more retries left'
          when: ((update_retry_limit | int) - (update_retry_count | int) > 0)
      when: missing_updates.found_update_count > 0

    - name: ensure the CustomRebootRequired key doesn't exist
      win_regedit:
        path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
        name: CustomRebootRequired
        state: absent

  rescue:
    - debug:
        msg: "Still more updates remaining - retrying..."

    - include_tasks: updates-powershell.yml