---

- name: Check if Gitea user has already been created
  stat:
    path: "{{ jenkins_gitea_password_file }}"
  register: result

- name: Do we have to create the Gitea user
  set_fact:
    createGiteaUser: "{{ result.stat.exists is undefined or result.stat.exists == False }}"

- name: Generate a password for the Gitea user
  set_fact:
    giteaPassword: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"  # preferably no colons in password, for HTTP's URL simplicity
  when: createGiteaUser
  no_log: yes

- name: Retrieve the password for the post_install message
  slurp:
    src: "{{ jenkins_gitea_password_file }}"
  register: tmp
  when: not createGiteaUser
  no_log: yes
- name: Set the password as a fact
  set_fact:
    giteaPassword: "{{ tmp.content | b64decode | trim }}"
  when: not createGiteaUser
  no_log: yes

- name: Create webhook dedicated user
  shell: echo 'jenkins.model.Jenkins.instance.securityRealm.createAccount("{{ giteaUsername | quote }}", "{{ giteaPassword | quote }}")' | {{ jenkins_cli_command }} groovy =
  when: createGiteaUser
  no_log: yes

- name: Upload the new password
  copy:
    content: "{{ giteaPassword }}"
    dest: "{{ jenkins_gitea_password_file }}"
    owner: jenkins
    group: jenkins
    mode: 0600
  when: createGiteaUser
  # Note : We still need a way to tell the user how to be authenticated for the webhook.
  #        For the time being, we store it here and display it at the end of the playbook.
  no_log: yes