name: IAC

on:
  push:
    branches: [ main ]
  workflow_dispatch:

jobs:
  hello:
    #precisa da imagem costum do opentofu
    runs-on: [ fenix-opentofu ]
    env:
      CONSUL_HTTP_TOKEN: ${{ secrets.CONSUL_HTTP_TOKEN }}
      PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
      PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
      BW_EMAIL: ${{ secrets.BW_EMAIL }}
      BW_PASSWORD: ${{ secrets.BW_PASSWORD }}
      
    steps:
      - name: Updating apt-get
        run: |
          apt-get update -y

      - name: Cloning iac repository
        uses: actions/checkout@v4
        with:
          path: infra/iac

      - name: cloning iac secrets repository
        uses: actions/checkout@v4
        with:
          repository: fenix-gitea-admin/iac-teste-secrets
          token: ${{ secrets.GGITEA_TOKEN }}
          path: infra/secrets

      - name: vaultwarden login
        working-directory: infra/iac
        run: |
          BW_SESSION=$(bw login)

      - name: Init OpenTofu
        working-directory: infra/iac
        run: |
          tofu init

      - name: Plan
        working-directory: infra/iac
        run: |
          # Find all .auto.tfvars in the secrets folder
          VAR_FILES=""
          for f in ../secrets/secrets/*.auto.tfvars; do
            VAR_FILES="$VAR_FILES -var-file=$f"
          done
          tofu plan $VAR_FILES -out=./tfplan  | tee ./tfplan.txt

      - name: Upload tfplan to Gitea Packages
        working-directory: infra/iac
        run: |
          curl --user ${{ secrets.GGITEA_USER }}:${{ secrets.GGITEA_TOKEN }} \
            --upload-file ./tfplan.txt \
            https://gitea.fenix-dev.com/api/packages/${{ secrets.GGITEA_USER }}/generic/tofu-plan/${{ github.sha }}/tfplan.txt

      - name: Apply
        working-directory: infra/iac
        run: |
          tofu apply -auto-approve ./tfplan