---
# roles/pfsense_upgrade/tasks/main.yml

- name: Include pre-flight checks
  ansible.builtin.import_tasks: preflight.yml
  tags: [always, preflight, check]

- name: Include version detection
  ansible.builtin.import_tasks: version_detect.yml
  tags: [always, check]

- name: Include update check
  ansible.builtin.import_tasks: update_check.yml
  tags: [always, check]

# Config backup to webhook (before upgrade)
- name: Include config backup to webhook
  ansible.builtin.import_tasks: backup_webhook.yml
  tags: [always, backup]
  when: perform_upgrade | bool

- name: DEBUG - Check CARP conditions
  ansible.builtin.debug:
    msg:
      - "ha_peer is defined: {{ ha_peer is defined }}"
      - "ha_peer value: {{ ha_peer | default('UNDEFINED') }}"
      - "ha_peer length: {{ ha_peer | length if ha_peer is defined else 'N/A' }}"
  when: always

# CARP pre-upgrade (demotion)
- name: Include CARP pre-upgrade logic
  ansible.builtin.import_tasks: carp_pre.yml
  tags: [always, check, carp]
  when: 
    - ha_peer is defined
    - ha_peer | length > 0
    - upgrade_available | bool   # Also only if upgrade is available

# Upgrade execution
- name: Include upgrade execution
  ansible.builtin.import_tasks: upgrade.yml
  tags: [upgrade]
  when: 
    - perform_upgrade | bool
    - upgrade_available | bool

# CARP post-upgrade (restore)
- name: Include CARP post-upgrade restore
  ansible.builtin.import_tasks: carp_post.yml
  tags: [upgrade, carp]
  when:
    - ha_peer is defined
    - ha_peer | length > 0
    - perform_upgrade | bool
    - upgrade_available | bool   # Also only if upgrade is available

# Verification
- name: Include post-upgrade verification
  ansible.builtin.import_tasks: verify.yml
  tags: [upgrade, verify]
  when: perform_upgrade | bool