Gotify notifications, no comments, full run.

2025-11-25 12:52:20 -05:00
parent 01fde1f436
commit 646c1b4e4d
1 changed files with 42 additions and 9 deletions
@@ -76,6 +76,14 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4

+      - name: Gotify Notification
+        uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
+        with:
+          gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
+          gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
+          notification_title: "GITEA: Terraform/OpenTofu"
+          notification_message: "Starting plan..."
+
      - name: Setup OpenTofu
        uses: opentofu/setup-opentofu@v1.0.6
        with:
@@ -144,13 +152,11 @@ jobs:
          chdir: cloudflare
          out: cloudflare.tfplan

-      - run: pwd
-
      - name: Upload Tofu Plan as artifact
        uses: actions/upload-artifact@v4
        with:
          name: cloudflare-tfplan
-          path: cloudflare.tfplan
+          path: cloudflare/cloudflare.tfplan

      - name: Strip ANSI codes
        id: plain-tofu-plan
@@ -179,6 +185,14 @@ jobs:
          pr_comments_url: ${{ env.PR_COMMENTS_URL }}
          working_directory: cloudflare

+      - name: Gotify Notification
+        uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
+        with:
+          gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
+          gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
+          notification_title: "GITEA: Terraform/OpenTofu"
+          notification_message: "Plan completed, awaiting approval..."
+
      - name: Wait for manual approval
        id: tf-plan-approval
        uses: https://git.trez.wtf/Trez/gitea-manual-approval@main
@@ -198,6 +212,14 @@ jobs:
            ```
            </details>

+      - name: Gotify Notification
+        uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
+        with:
+          gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
+          gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
+          notification_title: "GITEA: Terraform/OpenTofu"
+          notification_message: "Plan approved 👍🏽"
+
  pr-merge:
    name: PR Merge
    needs: [check-and-create-pr, plan-approval]
@@ -260,6 +282,7 @@ jobs:
        uses: actions/download-artifact@v3
        with:
          name: cloudflare-tfplan
+          path: cloudflare/cloudflare.tfplan

      - name: Setup OpenTofu
        uses: opentofu/setup-opentofu@v1.0.6
@@ -267,6 +290,16 @@ jobs:
          version: ${{ env.OPENTOFU_VERSION }}
          tofu_wrapper: true

+      - name: Generate .env from Hashicorp Vault
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
+        with:
+          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
+          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
+          HC_VAULT_AUTH: token
+          HC_VAULT_TOKEN: ${{ env.VAULT_TOKEN }}
+          HC_VAULT_SECRETS_PATH: tar-valon-terraform/env
+          ENV_FILE_NAME: cloudflare/.env
+
      - name: Export env vars from Vault .env
        id: env-vault-vars
        run: |
@@ -280,9 +313,9 @@ jobs:
            fi
          done < cloudflare/.env

-      # - name: Run Tofu Apply
-      #   uses: dnogu/tofu-apply@v1
-      #   with:
-      #     working-directory: .
-      #     chdir: cloudflare
-      #     plan: cloudflare.tfplan
+      - name: Run Tofu Apply
+        uses: dnogu/tofu-apply@v1
+        with:
+          working-directory: .
+          chdir: cloudflare
+          plan: cloudflare.tfplan