name: Build Infra

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  terraform:
    name: Terraform Build
    runs-on: self-hosted
    defaults:
      run:
        working-directory: ./opentofu-homelab
    env:
      PG_CONN_STR: ${{ secrets.PG_CONN_STR }}   # <-- Add PostgreSQL backend connection string
    steps:
      - name: Checkout code
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2
        with:
          terraform_version: 1.9.0

      - name: Terraform Init
        run: terraform init

      - name: Terraform Format Check
        run: terraform fmt -check -recursive

      - name: Terraform Validate
        run: terraform validate

      - name: Terraform Plan
        id: plan
        run: |
          terraform plan -out=tfplan -detailed-exitcode
        continue-on-error: false

      - name: Generate Dynamic Vars (Secrets)
        run: |
          cat <<EOF > terraform.auto.tfvars
          ci_user = "${{ secrets.CI_USER }}"
          ci_password = "${{ secrets.CI_PASSWORD }}"
          proxmox_api_url = "${{ secrets.PVE_API_URL }}"
          proxmox_api_token_id = "${{ secrets.PVE_API_TOKEN_ID }}"
          proxmox_api_token_secret = "${{ secrets.PVE_API_TOKEN_SECRET }}"
          ssh_key = "${{ secrets.SSH_PRIVATE_KEY }}"
          passphrase = "${{ secrets.SSH_PASSPHRASE }}"
          EOF

      - name: Terraform Apply
        if: success()
        run: terraform apply -auto-approve tfplan