---
- set_fact:
    pull_by_digest: >-
      {%- if download.sha256 is defined and download.sha256 != '' -%}true{%- else -%}false{%- endif -%}

- set_fact:
    pull_args: >-
      {%- if pull_by_digest|bool %}{{download.repo}}@sha256:{{download.sha256}}{%- else -%}{{download.repo}}:{{download.tag}}{%- endif -%}

- name: Register docker images info
  shell: "{% raw %}/usr/bin/docker images -q | xargs /usr/bin/docker inspect -f '{{.RepoTags}},{{.RepoDigests}}'{% endraw %}"
  register: docker_images_raw
  ignore_errors: true
  when: not download_always_pull|bool

- set_fact: docker_images="{{docker_images_raw.stdout|regex_replace('\[|\]|\\n]','')|regex_replace('\s',',')}}"
  when: not download_always_pull|bool

- set_fact:
    pull_required: >-
      {%- if pull_args in docker_images.split(',') %}false{%- else -%}true{%- endif -%}
  when: not download_always_pull|bool

- name: Check the local digest sha256 corresponds to the given image tag
  assert:
    that: "{{download.repo}}:{{download.tag}} in docker_images.split(',')"
  when: not download_always_pull|bool and not pull_required|bool and pull_by_digest|bool