Adding PR Merge and Apply jobs, artifact handling.

2025-11-25 12:36:08 -05:00
parent 64f8aab93b
commit 01fde1f436
1 changed files with 97 additions and 32 deletions
@@ -59,7 +59,7 @@ jobs:
          notification_message: "PR Check done 🎟️"

  plan-approval:
-    name: OpenTofu Plan
+    name: OpenTofu Plan and Approval
    needs: check-and-create-pr
    runs-on: ubuntu-latest
    env:
@@ -71,7 +71,7 @@ jobs:
      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
    outputs:
      tofu-cloudflare-plan: ${{ steps.tofu_plan.outputs.plan-output }}
-
+      approval_status: ${{ steps.tf-plan-approval.outputs.approval_status }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -144,6 +144,14 @@ jobs:
          chdir: cloudflare
          out: cloudflare.tfplan

+      - run: pwd
+
+      - name: Upload Tofu Plan as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: cloudflare-tfplan
+          path: cloudflare.tfplan
+
      - name: Strip ANSI codes
        id: plain-tofu-plan
        uses: marcransome/remove-ansi-colors@v1.7.56
@@ -190,34 +198,91 @@ jobs:
            ```
            </details>

-      - run: echo ${{ steps.tf-plan-approval.outputs.approval_status }}
+  pr-merge:
+    name: PR Merge
+    needs: [check-and-create-pr, plan-approval]
+    env:
+      pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
+    if: github.ref != 'refs/heads/main' && ${{ needs.plan-approval.outputs.approval_status == 'approved' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

-  # apply:
-  #   name: Apply Tofu Plan
-  #   needs: plan-approval
-  #   runs-on: ubuntu-latest
-  #   if: ${{ needs.plan-approval.result == 'success' }}
-  #   env:
-  #     VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-  #   steps:
-  #     - name: Checkout
-  #       uses: actions/checkout@v4
-  #
-  #     - name: Setup OpenTofu
-  #       uses: opentofu/setup-opentofu@v1.0.6
-  #       with:
-  #         version: ${{ env.OPENTOFU_VERSION }}
-  #         tofu_wrapper: true
-  #
-  #     - name: Export env from Vault
-  #       run: |
-  #         set -a
-  #         source cloudflare/.env
-  #         set +a
-  #
-  #     - name: Run Tofu Apply
-  #       uses: dnogu/tofu-apply@v1
-  #       with:
-  #         working-directory: .
-  #         chdir: cloudflare
-  #         plan: cloudflare.tfplan
+      - name: Install tea
+        uses: supplypike/setup-bin@8e3f88b4f143d9b5c3497f0fc12d45c83c123787 # v4.0.1
+        with:
+          uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
+          name: tea
+          version: ${{ env.TEA_VERSION }}
+
+      - name: PR Merge
+        id: pr_merge
+        run: |
+          tea login add \
+            --name gitea-rinoa \
+            --url "${{ secrets.TREZ_GITEA_URL }}" \
+            --user gitea-sonarqube-bot \
+            --password "${{ secrets.BOT_GITEA_PASSWORD }}" \
+            --token ${{ secrets.BOT_GITEA_TOKEN }}
+
+          tea login default gitea-rinoa
+
+          echo "Merging PR..."
+
+          tea pr m \
+            --repo ${{ github.repository }} \
+            --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" \
+            --message "Merged by ${{ github.actor }}" ${pr_index}
+
+          echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
+
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
+        with:
+          gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
+          gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
+          notification_title: "GITEA: PR Merge Successful"
+          notification_message: "PR #${{ steps.pr_merge.outputs.pr_index }} merged."
+
+  apply:
+    name: Apply Tofu Plan
+    needs: [plan-approval,pr-merge]
+    runs-on: ubuntu-latest
+    if: ${{ needs.plan-approval.outputs.approval_status == 'approved' }}
+    env:
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download Tofu Plan
+        uses: actions/download-artifact@v3
+        with:
+          name: cloudflare-tfplan
+
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1.0.6
+        with:
+          version: ${{ env.OPENTOFU_VERSION }}
+          tofu_wrapper: true
+
+      - name: Export env vars from Vault .env
+        id: env-vault-vars
+        run: |
+          sed -i 's/[\"'\'']//g' cloudflare/.env
+          set -a
+          source cloudflare/.env
+          set +a
+          while IFS='=' read -r key value; do
+            if [[ -n "$key" ]]; then
+              echo "$key=$value" >> $GITHUB_ENV
+            fi
+          done < cloudflare/.env
+
+      # - name: Run Tofu Apply
+      #   uses: dnogu/tofu-apply@v1
+      #   with:
+      #     working-directory: .
+      #     chdir: cloudflare
+      #     plan: cloudflare.tfplan