name: Terraform Plan and Apply

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

env:
  TF_PLUGIN_CACHE_DIR: ${{ gitea.workspace }}/.terraform.d/plugin-cache
  TF_IN_AUTOMATION: true
  TF_CLI_ARGS: "-no-color"
  NOMAD_ADDR: "${{ vars.NOMAD_ADDR }}"
  NOMAD_TOKEN: "${{ secrets.NOMAD_TOKEN }}"
  PG_CONN_STR: "${{ secrets.PG_CONN_STR }}"

jobs:
  cicd:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3

      - name: Create Terraform Plugin Cache Dir
        run: mkdir -v -p $TF_PLUGIN_CACHE_DIR

      - name: Cache Terraform Plugins
        uses: actions/cache@v4
        with:
          path: ${{ env.TF_PLUGIN_CACHE_DIR }}
          key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}

      - name: Terraform Init
        id: init
        run: terraform init -input=false

      - name: Terraform Validate
        id: validate
        run: terraform validate

      - name: Terraform Plan
        id: plan
        run: terraform plan -out=tfplan

      - name: Terraform Apply
        if: github.ref == 'refs/heads/main' && steps.plan.outcome == 'success'
        run: terraform apply -auto-approve tfplan