name: Terraform Plan and Apply

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

permissions:
  pull-requests: write

env:
  TF_IN_AUTOMATION: true
  TF_CLI_ARGS: "-no-color"

jobs:
  plan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3
      - name: Terraform fmt
        id: fmt
        run: terraform fmt -check
        continue-on-error: true
      - name: Terraform Init
        id: init
        run: terraform init -input=false
      - name: Terraform Validate
        id: validate
        run: terraform validate
      - name: Terraform Plan
        id: plan
        run: terraform plan -out=tfplan
        continue-on-error: true
      - uses: actions/github-script@v7
        if: github.event_name == 'pull_request'
        env:
          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { data: comments } = await github.rest.issues.listComments({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
            })
            const botComment = comments.find(comment => {
              return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
            })
            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
            <details><summary>Validation Output</summary>

            \`\`\`\n
            ${{ steps.validate.outputs.stdout }}
            \`\`\`

            </details>

            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`

            <details><summary>Show Plan</summary>

            \`\`\`\n
            ${process.env.PLAN}
            \`\`\`

            </details>

            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
            if (botComment) {
              github.rest.issues.updateComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                comment_id: botComment.id,
                body: output
              })
            } else {
              github.rest.issues.createComment({
                issue_number: context.issue.number,
                owner: context.repo.owner,
                repo: context.repo.repo,
                body: output
              })
            }
      - uses: actions/upload-artifact@v3
        with:
          name: tfplan
          path: tfplan
      - uses: actions/upload-artifact@v3
        with:
          name: .terraform
          path: .terraform
  apply:
    runs-on: ubuntu-latest
    needs: plan
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3
      - uses: actions/download-artifact@v3
        with:
          name: tfplan
      - uses: actions/download-artifact@v3
        with:
          name: .terraform
          path: .terraform
      - name: Terraform apply
        id: apply
        run: terraform apply -auto-approve tfplan