- name: Assert docs file exists
  ansible.builtin.stat:
    path: "{{ repo_root }}/docs/{{ doc_filename }}"
  register: _doc_stat

- name: Fail when docs file missing
  ansible.builtin.assert:
    that:
      - _doc_stat.stat.exists
    fail_msg: "docs file missing: docs/{{ doc_filename }}"

- name: Find matching ansible/files doc_id directory
  ansible.builtin.find:
    paths: "{{ repo_root }}/ansible/files"
    file_type: directory
    patterns: "{{ doc_id }}"
    use_regex: false
  register: _files_dirs

- name: Fail when ansible/files doc_id directory missing
  ansible.builtin.assert:
    that:
      - _files_dirs.matched | int >= 1
    fail_msg: "ansible/files missing doc_id directory: ansible/files/{{ doc_id }}"

- name: Show noop verification summary
  ansible.builtin.debug:
    msg:
      - "doc_id={{ doc_id }}"
      - "doc={{ doc_filename }}"
      - "files_dirs={{ _files_dirs.files | map(attribute='path') | list }}"

- name: Verify cluster reachable (kubectl get nodes) [runbook baseline]
  ansible.builtin.shell: |
    set -euo pipefail
    KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} kubectl get nodes
  args:
    executable: /bin/bash
  delegate_to: "{{ groups['k3s_server'][0] }}"
  become: true
  run_once: true
  changed_when: false

- name: Verify core namespace exists (kube-system) [runbook baseline]
  ansible.builtin.shell: |
    set -euo pipefail
    KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} kubectl get ns kube-system
  args:
    executable: /bin/bash
  delegate_to: "{{ groups['k3s_server'][0] }}"
  become: true
  run_once: true
  changed_when: false

- name: Find YAML manifests under ansible/files doc_id dirs
  ansible.builtin.find:
    paths: "{{ _files_dirs.files | map(attribute='path') | list }}"
    file_type: file
    patterns:
      - "*.yml"
      - "*.yaml"
    recurse: true
    use_regex: false
  register: _files_manifests

- name: Show manifest count summary
  ansible.builtin.debug:
    msg:
      - "doc_id={{ doc_id }}"
      - "manifest_files={{ _files_manifests.matched | default(0) }}"
      - "manifest_paths={{ (_files_manifests.files | map(attribute='path') | list)[:12] }}"

- name: Build kubernetes-manifest validation list (exclude example/non-k8s files)
  ansible.builtin.set_fact:
    _k8s_manifest_files: >-
      {{
        (_files_manifests.files | default([]))
        | rejectattr('path', 'search', '\\.example\\.')
        | rejectattr('path', 'search', 'docker-compose')
        | list
      }}

- name: Show filtered kubernetes manifest count
  ansible.builtin.debug:
    msg:
      - "doc_id={{ doc_id }}"
      - "k8s_manifest_files={{ _k8s_manifest_files | length }}"
      - "k8s_manifest_paths={{ (_k8s_manifest_files | map(attribute='path') | list)[:12] }}"

- name: Server-side dry-run apply (kubectl apply --dry-run=server) [doc assertion]
  ansible.builtin.shell: |
    set -euo pipefail
    KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} \
      kubectl apply --dry-run=client -f -
  args:
    executable: /bin/bash
    stdin: "{{ lookup('ansible.builtin.file', item.path) }}"
  loop: "{{ _files_manifests.files }}"
  loop_control:
    label: "{{ item.path }}"
  delegate_to: "{{ groups['k3s_server'][0] }}"
  become: true
  run_once: true
  changed_when: false
  when:
    - (_files_manifests.matched | default(0) | int) > 0
    - "'example.' not in item.path"
    - "'docker-compose' not in item.path"