name: Terraform Plan

on:
  pull_request:
    paths:
      - 'terraform/**'
    types:
      - opened
      - synchronize
      - reopened
  push:
    branches:
      - main
    paths:
      - 'terraform/**'

env:
  TF_CLOUD_ORGANIZATION: homelab_terraform
  TF_WORKSPACE: homelab

jobs:
  terraform-plan:
    name: Terraform Plan
    runs-on: gitea-runner-hestia
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install Terraform
        run: |
          TERRAFORM_VERSION=1.10.0
          curl -fsSL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -o /tmp/terraform.zip
          unzip -o /tmp/terraform.zip -d /usr/local/bin/
          chmod +x /usr/local/bin/terraform
          terraform version

      - name: Write Terraform Cloud credentials
        env:
          TF_CLOUD_TOKEN: ${{ secrets.TF_CLOUD_TOKEN }}
        run: |
          mkdir -p ~/.terraform.d/credentials
          cat > ~/.terraform.d/credentials/tfcred.tfrc << 'EOF'
credentials "app.terraform.io" {
  token = "$TF_CLOUD_TOKEN"
}
EOF
          echo "TF credentials configured"

      - name: Terraform Init
        working-directory: ./terraform
        run: |
          terraform init \
            -backend=true \
            -backend-config="organization=$TF_CLOUD_ORGANIZATION" \
            -backend-config="workspaces.name=$TF_WORKSPACE" \
            -reconfigure

      - name: Terraform Plan
        working-directory: ./terraform
        run: |
          terraform plan -no-color 2>&1 | tee /tmp/plan_output.txt

      - name: Upload Plan Output
        if: always()
        run: |
          cat /tmp/plan_output.txt || echo "No plan output"