---
- name: Post patching results to SharePoint (Graph)
  hosts: localhost
  gather_facts: false
  vars:
    tenant_id: "{{ lookup('env', 'SP_TENANT_ID') }}"
    client_id: "{{ lookup('env', 'SP_CLIENT_ID') }}"
    client_secret: "{{ lookup('env', 'SP_CLIENT_SECRET') }}"
    site_id: "{{ lookup('env', 'SP_SITE_ID') }}"
    list_id: "{{ lookup('env', 'SP_LIST_ID') }}"

    # Helpful AWX vars (exist in AWX/Controller job context)
    job_id: "{{ tower_job_id | default('n/a') }}"
    job_name: "{{ tower_job_template_name | default('Patch run') }}"
    job_url: "{{ tower_job_url | default('') }}"
    # If you track failure via workflow gating, you can also pass an explicit var.
    status: "{{ (tower_job_failed | default(false)) | ternary('failed','successful') }}"

    # Example timestamps; prefer UTC/ISO8601
    run_start: "{{ tower_job_launch_time | default(ansible_date_time.iso8601) }}"
    run_end: "{{ ansible_date_time.iso8601 }}"

    # Example summary text (customize as needed)
    summary_text: >-
      Job {{ job_id }} {{ status }}.
      Template={{ job_name }}.
      URL={{ job_url }}.

  tasks:
    - name: Acquire Graph token (client credentials)
      uri:
        url: "https://login.microsoftonline.com/{{ tenant_id }}/oauth2/v2.0/token"
        method: POST
        headers:
          Content-Type: "application/x-www-form-urlencoded"
        body: >
          client_id={{ client_id }}
          &client_secret={{ client_secret | urlencode }}
          &scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
          &grant_type=client_credentials
      register: graph_token
      no_log: true
      failed_when: graph_token.status not in [200]

    - name: Create SharePoint list item (Graph)
      uri:
        url: "https://graph.microsoft.com/v1.0/sites/{{ site_id }}/lists/{{ list_id }}/items"
        method: POST
        headers:
          Authorization: "Bearer {{ graph_token.json.access_token }}"
          Content-Type: "application/json"
        body_format: json
        body:
          fields:
            Title: "{{ job_name }} ({{ job_id }})"
            Status: "{{ status }}"        # <-- make sure your list has 'Status' (or change to your internal name)
            RunStart: "{{ run_start }}"   # <-- DateTime column (internal name)
            RunEnd: "{{ run_end }}"       # <-- DateTime column (internal name)
            Notes: "{{ summary_text }}"   # <-- Multiple lines of text (internal name)
      register: sp_create
      failed_when: sp_create.status not in [200, 201]
      no_log: true

    - name: Show created list item id
      debug:
        var: sp_create.json.id