name: Build Infra (Opentofu)

on:
  push:
    branches:
      - master

jobs:
  opentofu:
    name: Opentofu Build
    runs-on: self-hosted
    container:
      image: node:20-bullseye
    
    env:
      PG_CONN_STR: ${{ secrets.PG_CONN_STR }}   # available to all steps
     
    steps:
      - name: Checkout code
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Generate Dynamic Vars (Secrets)
        run: |
          cat <<EOF > terraform.auto.tfvars
          ci_user = "${{ secrets.CI_USER }}"
          ci_password = "${{ secrets.CI_PASSWORD }}"
          proxmox_api_url = "${{ secrets.PVE_API_URL }}"
          proxmox_api_token_id = "${{ secrets.PVE_API_TOKEN_ID }}"
          proxmox_api_token_secret = "${{ secrets.PVE_API_TOKEN_SECRET }}"
          ssh_key = "${{ secrets.SSH_PRIVATE_KEY }}"
          passphrase = "${{ secrets.SSH_PASSPHRASE }}"
          EOF
      
      - name: Setup Opentofu
        uses: opentofu/setup-opentofu@v1
      
      - name: Format vars file
        run: tofu fmt terraform.auto.tfvars

      - name: Opentofu Init
        run: tofu init

      - name: Opentofu Format Check
        run: tofu fmt -check -recursive

      - name: Opentofu Validate
        run: tofu validate

      - name: Opentofu Plan
        id: plan
        run: |
          tofu plan -out=tfplan -detailed-exitcode

      - name: Opentofu Apply
        if: success()
        run: tofu apply -auto-approve tfplan