---
- name: Create download directory
  file:
    dest: "{{ openwrt_download_dir }}"
    state: directory

- name: download the openwrt image builder
  block:
  - name: Generate OpenWrt download URLs
    set_fact:
      openwrt_url:
        https://downloads.openwrt.org/releases/{{ openwrt_release }}/targets/{{ openwrt_arch | mandatory }}/{{ openwrt_target }}

  - name: Download sha256sums
    get_url:
      url: "{{ openwrt_url }}/sha256sums"
      dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"

  - name: Download sha256sums.asc
    get_url:
      url: "{{ openwrt_url }}/sha256sums.asc"
      dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"

  - name: Check OpenPGP signature
    command: >-
      gpgv --keyring "{{ global_files_dir }}/common/keyrings/openwrt-{{ [0, 1] | map('extract', (openwrt_release | split('.'))) | join('.') }}.gpg"
          "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
    changed_when: False
    register: openwrt_image_gpg_result

  - debug:
      var: openwrt_image_gpg_result.stderr_lines

  - name: Extract SHA256 hash of the imagebuilder archive
    command: grep '{{ openwrt_tarball_name }}' "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
    changed_when: False
    register: sha256

  - name: Download imagebuilder
    get_url:
      url: "{{ openwrt_url }}/{{ openwrt_tarball_name }}"
      dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
      checksum: sha256:{{ sha256.stdout.split(' ') | first }}

  rescue:
  - name: Delete downloaded artifacts
    loop:
      - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
      - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
      - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
    file:
      path: "{{ item }}"
      state: absent

  - name: the download has failed...
    fail:
      msg: Something borked