diff --git a/.gitea/workflows/auto-pr-tofu-plan.yml b/.gitea/workflows/auto-pr-tofu-plan.yml index 13e2567..5085fa5 100644 --- a/.gitea/workflows/auto-pr-tofu-plan.yml +++ b/.gitea/workflows/auto-pr-tofu-plan.yml @@ -7,7 +7,8 @@ on: - "main" - "renovate/**" paths: - - "cloudflare/**" + - "cloudflare/**" + env: OPENTOFU_VERSION: "1.10.6" HC_VAULT_VERSION: "1.20.4" @@ -21,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@v4 with: fetch-depth: 1 @@ -29,11 +30,11 @@ jobs: run: | echo "VAULT_TOKEN=${{ secrets.VAULT_GITEA_TOKEN }}" >> $GITHUB_ENV - - name: Gotify Notification + - name: Gotify Notification - Start uses: eikendev/gotify-action@master with: - gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" - gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }} + gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }} notification_title: "GITEA: PR Check @ Rinoa" notification_message: "Checking for existing PR... 🔍" @@ -43,14 +44,14 @@ jobs: with: url: ${{ secrets.TREZ_GITEA_URL }} token: ${{ secrets.BOT_GITEA_TOKEN }} - pr-label: docker-compose,manual + pr-label: "docker-compose,manual" assignee: ${{ github.actor }} - - name: Gotify Notification + - name: Gotify Notification - Done uses: eikendev/gotify-action@master with: - gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" - gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }} + gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }} notification_title: "GITEA: PR Check @ Rinoa" notification_message: "PR Check done 🎟️" @@ -62,6 +63,7 @@ jobs: VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} outputs: tofu-cloudflare-plan: ${{ steps.tofu_plan.outputs.plan-output }} + steps: - name: Checkout uses: actions/checkout@v4 @@ -86,16 +88,12 @@ jobs: id: env-vault-vars run: | echo "🧩 Cleaning and loading cloudflare/.env into GitHub Actions environment..." - - # 1️⃣ Strip any single or double quotes from the file to avoid invalid URIs or extra quoting sed -i 's/[\"'\'']//g' cloudflare/.env - # 2️⃣ Load all vars into current shell set -a source cloudflare/.env set +a - # 3️⃣ Export to GitHub Actions environment while IFS='=' read -r key value; do if [[ -n "$key" ]]; then echo "$key=$value" >> $GITHUB_ENV @@ -103,7 +101,6 @@ jobs: done < cloudflare/.env repo_name=$(echo "${{ github.repository }}" | awk -F"/" '{print $2}') - echo "repo_name=$repo_name" >> "$GITHUB_OUTPUT" - name: Run tofu init @@ -121,26 +118,37 @@ jobs: chdir: cloudflare out: cloudflare.tfplan - - name: Comment Tofu Plan on PR - uses: marocchino/sticky-pull-request-comment@v2 + - name: Save plan output to file (with collapsible Markdown) + run: | + mkdir -p tmp + { + echo "## 🧩 OpenTofu Plan — Cloudflare" + echo "**Branch:** \`${{ github.ref_name }}\`" + echo "**Exit Code:** \`${{ steps.tofu_plan.outputs.exitcode }}\`" + echo "**Working Directory:** \`cloudflare\`" + echo "" + echo "
🪶 Click to expand full plan output" + echo "" + echo '```hcl' + cat <<< "${{ steps.tofu_plan.outputs.plan-output }}" + echo '```' + echo "" + echo "
" + echo "" + echo "*(This plan was automatically generated by the workflow.)*" + } > tmp/tofu-plan.md + echo "Plan file saved: tmp/tofu-plan.md ($(wc -c < tmp/tofu-plan.md) bytes)" + + - name: Comment full Tofu Plan on PR (safe) + uses: https://git.trez.wtf/Trez.One/git-auto-comment@main with: - GITHUB_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }} - header: "🧩 OpenTofu Plan — Cloudflare" - message: | - ## 🧩 OpenTofu Plan Result - **Branch:** `${{ github.ref_name }}` - **Exit Code:** `${{ steps.tofu_plan.outputs.exitcode }}` - **Working Directory:** `cloudflare` - -
🪶 Click to expand full plan output - - ``` - ${{ steps.tofu_plan.outputs.plan-output }} - ``` - -
- - *(This plan was automatically generated by the workflow.)* + platform: gitea + api_url: https://git.trez.wtf/api/v1 + token: ${{ secrets.BOT_GITEA_TOKEN }} + pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }} + repo_owner: ${{ github.repository_owner }} + repo_name: ${{ steps.env-vault-vars.outputs.repo_name }} + comment_template_path: tmp/tofu-plan.md - name: Wait for manual approval uses: trstringer/manual-approval@v1 @@ -148,59 +156,38 @@ jobs: secret: ${{ secrets.BOT_GITEA_TOKEN }} approvers: WTF minimum-approvals: 1 - issue-title: "Tofu Plan for ${{ env.PR_NUMBER }}" + issue-title: "Tofu Plan for ${{ needs.check-and-create-pr.outputs.pr_number }}" issue-body: "Please approve or deny the deployment of the below Tofu plan" issue-body-file-path: cloudflare.tfplan exclude-workflow-initiator-as-approver: false fail-on-denial: true - additional-approved-words: '' - additional-denied-words: '' - - # - name: PR Comment - # uses: https://git.trez.wtf/Trez.One/git-auto-comment@main - # env: - # DEBUG: true - # with: - # debug: true - # platform: gitea - # api_url: https://git.trez.wtf/api/v1 - # token: ${{ secrets.BOT_GITEA_TOKEN }} - # pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }} - # repo_owner: ${{ github.repository_owner }} - # repo_name: ${{ steps.env-vault-vars.outputs.repo_name }} - # plan_file: cloudflare/cloudflare.tfplan - # comment_template: | - # 🚀 **Tofu Plan Output** - # --- - # ${{ steps.tofu_plan.outputs.plan-output }} - # Exit Code: ${{ steps.tofu_plan.outputs.exitcode }} # apply: # name: Apply Tofu Plan - # needs: approval + # needs: plan-approval # runs-on: ubuntu-latest - # if: ${{ needs.approval.result == 'success' }} + # if: ${{ needs.plan-approval.result == 'success' }} # env: # VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} # steps: # - name: Checkout # uses: actions/checkout@v4 - + # # - name: Setup OpenTofu # uses: opentofu/setup-opentofu@v1.0.6 # with: # version: ${{ env.OPENTOFU_VERSION }} # tofu_wrapper: true - + # # - name: Export env from Vault # run: | # set -a # source cloudflare/.env # set +a - + # # - name: Run Tofu Apply # uses: dnogu/tofu-apply@v1 # with: # working-directory: . # chdir: cloudflare - # plan: cloudflare.tfplan \ No newline at end of file + # plan: cloudflare.tfplan