digitalboard.core/roles/ess-pro/tasks/main.yml

# SPDX-License-Identifier: MIT-0
---
- name: Validate required variables
  ansible.builtin.assert:
    that:
      - ess_pro_server_name | length > 0
      - ess_pro_registry_username | length > 0
      - ess_pro_registry_token | length > 0
    fail_msg: >-
      ess_pro_server_name, ess_pro_registry_username and ess_pro_registry_token
      must be set. Provide them in group_vars/ess_servers.yml (typically as
      OpenBao lookups, following the digitalboard.core convention).
    quiet: true

- name: Validate OIDC variables when OIDC is enabled
  ansible.builtin.assert:
    that:
      - ess_pro_oidc_issuer | length > 0
      - ess_pro_oidc_client_secret | length > 0
    fail_msg: ess_pro_oidc_issuer and ess_pro_oidc_client_secret must be set when OIDC is enabled.
    quiet: true
  when: ess_pro_oidc_enabled | bool

- name: Validate S3 variables when S3 media is enabled
  ansible.builtin.assert:
    that:
      - ess_pro_s3_endpoint | length > 0
      - ess_pro_s3_access_key | length > 0
      - ess_pro_s3_secret_key | length > 0
    fail_msg: S3 endpoint, access key and secret key must be set when S3 media is enabled.
    quiet: true
  when: ess_pro_s3_media_enabled | bool

- name: Validate external Postgres variables
  ansible.builtin.assert:
    that:
      - ess_pro_postgres_host | length > 0
      - ess_pro_postgres_synapse_password | length > 0
      - ess_pro_postgres_mas_password | length > 0
    fail_msg: External Postgres host and per-component passwords must be set when ess_pro_postgres_external is true.
    quiet: true
  when: ess_pro_postgres_external | bool

- name: Run prerequisite tasks (Helm CLI, namespace)
  ansible.builtin.import_tasks: prerequisites.yml

- name: Authenticate against Element image registry and create pull secret
  ansible.builtin.import_tasks: credentials.yml

- name: Render values.yaml and deploy the Helm release
  ansible.builtin.import_tasks: deploy.yml