---
# roles/pfsense_upgrade/tasks/update_check.yml
# Dynamic upgrade detection using pfSense repository system
# Works with tcsh default shell on pfSense

# ---------------------------------------------------------------------------
# 1. Detect available repositories and identify upgrade target
# ---------------------------------------------------------------------------
- name: List available pfSense repositories
  ansible.builtin.raw: |
    /bin/sh -c 'php -r "require_once(\"/etc/inc/pkg-utils.inc\"); \$repos = pkg_list_repos(); \$upgrade = \"\"; foreach(\$repos as \$r) { if (!isset(\$r[\"default\"])) { echo \$r[\"name\"] . \"|\" . \$r[\"descr\"]; break; } } echo \$upgrade ?: \"UP_TO_DATE\";"'
  register: _repo_check
  changed_when: false

- name: Parse repository check result
  ansible.builtin.set_fact:
    _repo_result: "{{ _repo_check.stdout | trim }}"
    _upgrade_available: "{{ _repo_check.stdout | trim != 'UP_TO_DATE' }}"

- name: Set upgrade target repository
  ansible.builtin.set_fact:
    upgrade_target_repo: "{{ _repo_result.split('|')[0] }}"
    upgrade_target_description: "{{ _repo_result.split('|')[1] | default('Unknown') }}"
  when: _upgrade_available

# ---------------------------------------------------------------------------
# 2. Get current version information
# ---------------------------------------------------------------------------
- name: Get current pfSense version
  ansible.builtin.raw: |
    /bin/sh -c 'php -r "require_once(\"/etc/inc/pkg-utils.inc\"); \$v = get_system_pkg_version(false); echo \$v[\"installed_version\"] ?? \"Unknown\";"'
  register: _current_version
  changed_when: false

- name: Set current version fact
  ansible.builtin.set_fact:
    pfsense_current_version: "{{ _current_version.stdout | trim }}"
    upgrade_available: "{{ _upgrade_available | default(false) }}"

# ---------------------------------------------------------------------------
# 3. Get current repository name
# ---------------------------------------------------------------------------
- name: Get current default repository
  ansible.builtin.raw: |
    /bin/sh -c 'php -r "require_once(\"/etc/inc/pkg-utils.inc\"); foreach(pkg_list_repos() as \$r) { if (isset(\$r[\"default\"])) { echo \$r[\"name\"]; } }"'
  register: _current_repo
  changed_when: false

- name: Set current repo fact
  ansible.builtin.set_fact:
    current_repo: "{{ _current_repo.stdout | trim | default('Unknown') }}"

# ---------------------------------------------------------------------------
# 4. Extract current branch from version (e.g., "26.03" from "26.03-RELEASE")
# ---------------------------------------------------------------------------
- name: Extract major.minor branch from version
  ansible.builtin.set_fact:
    pfsense_major_minor: "{{ pfsense_current_version.split('-')[0] }}"

# ---------------------------------------------------------------------------
# 5. Display upgrade status report
# ---------------------------------------------------------------------------
- name: Display upgrade status report
  ansible.builtin.debug:
    msg:
      - "============================================================"
      - " Update Status: {{ inventory_hostname }}"
      - "============================================================"
      - " Current version  : {{ pfsense_current_version }}"
      - " Current branch   : {{ pfsense_major_minor }}"
      - " Current repo     : {{ current_repo }}"
      - "------------------------------------------------------------"
      - " Upgrade available: {{ 'YES — ' ~ upgrade_target_repo ~ ' (' ~ upgrade_target_description ~ ')' if upgrade_available else 'NO — System is up to date' }}"
      - "------------------------------------------------------------"
      - " perform_upgrade  : {{ perform_upgrade | bool }}"
      - "============================================================"

# ---------------------------------------------------------------------------
# 6. Warnings based on upgrade availability
# ---------------------------------------------------------------------------
- name: Warn if perform_upgrade is false but upgrade is available
  ansible.builtin.debug:
    msg: |
      DRY RUN — Upgrade to {{ upgrade_target_repo }} is available but perform_upgrade=false.
      Re-run with -e "perform_upgrade=true" to apply.
  when:
    - upgrade_available | bool
    - not (perform_upgrade | bool)

- name: Display up-to-date message
  ansible.builtin.debug:
    msg: "System is up to date — no upgrade available"
  when: not upgrade_available

- name: Set facts for downstream tasks (compatibility with existing verify.yml)
  ansible.builtin.set_fact:
    upgrade_available_version: "{{ upgrade_target_repo | default('') }}"