---
# Initialize local storage directories for Gitea

- name: Create ServiceAccount for storage initialization
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: "{{ gitea_storage_init_sa }}"
        namespace: "{{ gitea_namespace }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"

- name: Add SCC for privileged pods to storage ServiceAccount
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRoleBinding
      metadata:
        name: "{{ gitea_storage_init_sa }}-privileged"
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: system:openshift:scc:privileged
      subjects:
      - kind: ServiceAccount
        name: "{{ gitea_storage_init_sa }}"
        namespace: "{{ gitea_namespace }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"

- name: Delete existing storage initialization Job if it exists
  kubernetes.core.k8s:
    state: absent
    api_version: batch/v1
    kind: Job
    name: "{{ gitea_storage_init_sa }}"
    namespace: "{{ gitea_namespace }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"
  ignore_errors: true

- name: Create Job to initialize local storage directories
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: batch/v1
      kind: Job
      metadata:
        name: "{{ gitea_storage_init_sa }}"
        namespace: "{{ gitea_namespace }}"
      spec:
        ttlSecondsAfterFinished: 100
        template:
          spec:
            nodeSelector:
              "{{ gitea_node_selector_key }}": ""
            containers:
            - name: init-local-dirs
              image: registry.redhat.io/openshift4/ose-cli:latest
              command:
              - /bin/sh
              - -c
              - |
                mkdir -p /host{{ gitea_data_path }} /host{{ gitea_postgresql_path }}
                {% for i in range(gitea_postgresql_ha_replicas) %}
                mkdir -p /host{{ gitea_postgresql_ha_path_prefix }}{{ i }}
                {% endfor %}
                {% for i in range(gitea_redis_replicas) %}
                mkdir -p /host{{ gitea_redis_path_prefix }}{{ i }}
                {% endfor %}
                chmod 777 /host{{ gitea_data_path }} /host{{ gitea_postgresql_path }}
                {% for i in range(gitea_postgresql_ha_replicas) %}
                chmod 777 /host{{ gitea_postgresql_ha_path_prefix }}{{ i }}
                {% endfor %}
                {% for i in range(gitea_redis_replicas) %}
                chmod 777 /host{{ gitea_redis_path_prefix }}{{ i }}
                {% endfor %}
                echo "Storage directories created and permissions set"
              securityContext:
                privileged: true
              volumeMounts:
              - name: host
                mountPath: /host
            volumes:
            - name: host
              hostPath:
                path: /
            restartPolicy: Never
            serviceAccountName: "{{ gitea_storage_init_sa }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"

- name: Wait for storage initialization job to complete
  kubernetes.core.k8s_info:
    api_version: batch/v1
    kind: Job
    name: "{{ gitea_storage_init_sa }}"
    namespace: "{{ gitea_namespace }}"
    kubeconfig: "{{ k8s_auth_params.kubeconfig }}"
    validate_certs: "{{ k8s_auth_params.validate_certs }}"
  register: job_status
  until: job_status.resources[0].status.succeeded is defined and job_status.resources[0].status.succeeded > 0
  retries: "{{ gitea_job_timeout_retries }}"
  delay: "{{ gitea_job_timeout_delay }}"