- name: Copy nodejs demo manifest
  ansible.builtin.copy:
    src: "{{ nodejs_manifest_src }}"
    dest: "{{ nodejs_manifest_dest }}"
    mode: "0644"

- name: Apply nodejs demo manifest
  ansible.builtin.shell: |
    set -e
    KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f {{ nodejs_manifest_dest }}
  args:
    executable: /bin/bash
  changed_when: true

- name: Rollout status nodejs-demo
  ansible.builtin.include_tasks: kubectl-rollout-status.yml
  vars:
    verify_rollout_ref: deployment/nodejs-demo
    verify_rollout_timeout_s: "{{ nodejs_rollout_timeout_s | default(180) | int }}"

- name: Assert Service targetPort matches expected (optional)
  when: nodejs_expected_target_port is defined and (nodejs_expected_target_port | int) > 0
  ansible.builtin.shell: |
    set -euo pipefail
    exp="{{ nodejs_expected_target_port | int }}"
    got=$(KUBECONFIG={{ k3s_kubeconfig }} kubectl get svc nodejs-demo -n default -o jsonpath='{.spec.ports[0].targetPort}')
    echo "svc/nodejs-demo targetPort=$got expected=$exp"
    test "$got" = "$exp"
  args:
    executable: /bin/bash
  changed_when: false

- name: Assert Endpoints exist
  ansible.builtin.include_tasks: kubectl-endpoints-ready.yml
  vars:
    verify_endpoints_service: nodejs-demo
    verify_endpoints_assertion_label: "{{ nodejs_endpoints_assertion_label | default('nodejs_demo_endpoints') }}"

- name: TLS SNI + certificate (optional, caller sets nodejs_tls_sni_*)
  when: nodejs_tls_sni_probe_enabled | default(false) | bool
  ansible.builtin.include_tasks: tls-openssl-sni.yml
  vars:
    verify_tls_connect_host: "{{ nodejs_tls_sni_connect_host }}"
    verify_tls_port: "{{ nodejs_tls_sni_port | default(443) | int }}"
    verify_tls_servername: "{{ nodejs_tls_sni_servername }}"
    verify_tls_assertion_label: "{{ nodejs_tls_sni_assertion_label }}"

- name: HTTP check nodejs demo (path/host optional)
  when: nodejs_http_check_enabled | default(true)
  ansible.builtin.include_tasks: http-curl-expect.yml
  vars:
    verify_http_entry_base: "{{ nodejs_verify_entry_base }}"
    verify_http_path: "{{ nodejs_verify_path | default('/node') }}"
    verify_http_host_header: "{{ nodejs_verify_host | default('') }}"
    verify_http_assertion_label: "{{ nodejs_http_assertion_label | default('nodejs_demo_entry_http') }}"
    verify_http_connect_timeout: "{{ nodejs_http_connect_timeout | default(3) | int }}"
    verify_http_max_time: "{{ nodejs_http_max_time | default(8) | int }}"
    verify_http_retries: "{{ nodejs_http_retries | default(10) | int }}"
    verify_http_retry_sleep: "{{ nodejs_http_retry_sleep | default(2) | int }}"
    verify_http_tls_insecure: "{{ nodejs_http_tls_insecure | default(false) | bool }}"

- name: Teardown when VERIFY_TEARDOWN=1
  when:
    - verify_teardown == "1"
    - not (nodejs_verify_skip_teardown | default(false) | bool)
  ansible.builtin.shell: |
    set -e
    KUBECONFIG={{ k3s_kubeconfig }} kubectl delete -f {{ nodejs_manifest_dest }} --ignore-not-found=true
  args:
    executable: /bin/bash
  changed_when: true