- name: Pull and run private GHCR image
  hosts: all
  become: true

  tasks:

    - name: Log in to GitHub Container Registry
      community.docker.docker_login:
        registry_url: ghcr.io
        username: "{{ ghcr_username }}"
        password: "{{ ghcr_token }}"

    - name: Stop stage container if it exists
      docker_container:
        name: echo
        state: absent
    
    - name: Remove old image if exists
      docker_image:
        name: "{{ image_name }}"
        state: absent
        force_absent: true

    - name: Pull image from GHCR
      community.docker.docker_image:
        name: "{{ image_name }}"
        source: pull

    - name: Run container from image
      docker_container:
        name: echo
        image: "{{ image_name }}"
        command: ["server_web"]
        restart_policy: always
        state: started
        networks:
          - name: traefik
        labels:
          traefik.enable: "true"
          traefik.docker.network: "web"
          traefik.http.routers.iecho.entrypoints: "web,websecure"
          traefik.http.routers.iecho.rule: "Host(`iecho.omidshj.ir`)"
          traefik.http.services.iecho.loadbalancer.server.port: "80"
          traefik.http.routers.iecho.tls: "true"
          traefik.http.routers.iecho.tls.certresolver: "letsencrypt"
          traefik.http.routers.iecho.service: "iecho"
          traefik.http.routers.echo.entrypoints: "web,websecure"
          traefik.http.routers.echo.rule: "Host(`echo.omidshj.ir`)"
          traefik.http.services.echo.loadbalancer.server.port: "3000"
          traefik.http.routers.echo.tls: "true"
          traefik.http.routers.echo.tls.certresolver: "letsencrypt"
          traefik.http.routers.echo.service: "echo"