name: Production GitOps Engine
on:
  push:
    branches:
      - main

jobs:
  execute-ansible:
    runs-on: ubuntu-latest
    steps:
      - name: Code Extraction
        uses: actions/checkout@v3

      - name: Initialize SSH Control Pipeline
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.MINIPC_SSH_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          # Scan host signature to block manual interactive prompts
          ssh-keyscan -H 10.0.10.68 >> ~/.ssh/known_hosts

      - name: Bootstrap Ansible Runtime
        run: |
          apt-get update && apt-get install -y python3-pip sshpass rsync
          # Pull upstream Ansible to ensure Python 3.12+ compatibility
          pip3 install --break-system-packages ansible

      - name: Run Orchestration Playbook
        run: |
          ansible-playbook -i inventory.ini site.yml -vvv