name: Build Infra (Opentofu)

on:
  push:
    branches:
      - master

jobs:
  opentofu:
    name: Opentofu Build
    runs-on: self-hosted

    env:
      PG_CONN_STR: ${{ secrets.PG_CONN_STR }}
      
    steps:
      - name: Checkout code
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Setup Opentofu CLI
        run: |
          curl -L https://github.com/opentofu/opentofu/releases/latest/download/opentofu-linux-amd64 -o /usr/local/bin/tofu
          chmod +x /usr/local/bin/tofu
          tofu version

      - name: Generate Dynamic Vars (Secrets)
        run: |
          cat <<EOF > terraform.auto.tfvars
          ci_user = "${{ secrets.CI_USER }}"
          ci_password = "${{ secrets.CI_PASSWORD }}"
          proxmox_api_url = "${{ secrets.PVE_API_URL }}"
          proxmox_api_token_id = "${{ secrets.PVE_API_TOKEN_ID }}"
          proxmox_api_token_secret = "${{ secrets.PVE_API_TOKEN_SECRET }}"
          ssh_key = "${{ secrets.SSH_PRIVATE_KEY }}"
          passphrase = "${{ secrets.SSH_PASSPHRASE }}"
          EOF

      - name: Opentofu Init
        run: tofu init

      - name: Opentofu Format Check
        run: tofu fmt -check -recursive

      - name: Opentofu Validate
        run: tofu validate

      - name: Opentofu Plan
        id: plan
        run: |
          tofu plan -out=tfplan -detailed-exitcode

      - name: Opentofu Apply
        if: success()
        run: tofu apply -auto-approve tfplan