default:
  image: ghcr.io/vojtechmares/container-images/tfenv:latest
  cache:
    key: terraform
    paths:
      - .terraform
      - .tfenv

stages:
  - init
  - format
  - validate
  - plan
  - apply

variables:
  PLAN: plan.cache
  PLAN_JSON: plan.json

init:
  stage: init
  before_script:
    - tfenv install
    - tfenv use
  script:
    - terraform init

format:
  stage: format
  script:
    - terraform fmt -check -recursive -diff

validate:
  stage: validate
  script:
    - terraform validate

plan:
  stage: plan
  variables:
    TF_VAR_cloudflare_email: $CLOUDFLARE_EMAIL
    TF_VAR_cloudflare_api_key: $CLOUDFLARE_API_KEY
    TF_VAR_hcloud_token: $HCLOUD_TOKEN
  before_script:
    - apt-get update && apt-get install -y jq
    - shopt -s expand_aliases
    - alias convert_report="jq -r '([.resource_changes[]?.change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
  script:
    - terraform plan -out=$PLAN
    - terraform show --json $PLAN | convert_report > $PLAN_JSON
  artifacts:
    name: plan
    paths:
      - plan.cache
    reports:
      terraform: $PLAN_JSON

apply:
  stage: apply
  variables:
    TF_VAR_cloudflare_email: $CLOUDFLARE_EMAIL
    TF_VAR_cloudflare_api_key: $CLOUDFLARE_API_KEY
    TF_VAR_hcloud_token: $HCLOUD_TOKEN
  script:
    - terraform apply -auto-approve
  dependencies:
    - plan
  rules:
    - if: $CI_COMMIT_BRANCH == 'main'
      when: manual