From f215efeb246d94124db8731dcebdda9bb8b5d380 Mon Sep 17 00:00:00 2001
From: "Trez.One" <charish.patel@trez.wtf>
Date: Sun, 2 Nov 2025 16:58:27 -0500
Subject: [PATCH] Plan PR comment and approval steps.

---
 .gitea/workflows/auto-pr-tofu-plan.yml | 68 ++++++++++++++------------
 1 file changed, 36 insertions(+), 32 deletions(-)

diff --git a/.gitea/workflows/auto-pr-tofu-plan.yml b/.gitea/workflows/auto-pr-tofu-plan.yml
index f24b6d4..23004b6 100644
--- a/.gitea/workflows/auto-pr-tofu-plan.yml
+++ b/.gitea/workflows/auto-pr-tofu-plan.yml
@@ -60,6 +60,8 @@ jobs:
     runs-on: ubuntu-latest
     env:
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+    outputs:
+      tofu-cloudflare-plan: ${{ steps.tofu_plan.outputs.plan-output }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -142,43 +144,45 @@ jobs:
           # show-sensitive:
           # display-plan:
 
-      - name: PR Comment
-        uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
-        env:
-          DEBUG: true
+      - name: Post PR comment
+        uses: borchero/terraform-plan-comment@v2.4.1
         with:
-          debug: true
-          platform: gitea
-          api_url: https://git.trez.wtf/api/v1
           token: ${{ secrets.BOT_GITEA_TOKEN }}
-          pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
-          repo_owner: ${{ github.repository_owner }}
-          repo_name: ${{ steps.env-vault-vars.outputs.repo_name }}
-          plan_file: cloudflare/cloudflare.tfplan
-          comment_template: |
-            🚀 **Tofu Plan Output**
-            ---
-            {lines}
-            Exit Code: ${{ steps.tofu_plan.outputs.exitcode }}
+          planfile: cloudflare.tfplan
+          terraform-cmd: tofu
 
-      # - name: Tofu Plan Comment
-      #   id: tofu_plan
-      #   uses: alexnorell/tofu-pr-commenter@v2.0.0
-      #   with:
-      #     commenter_type: plan
-      #     commenter_input: ${{ steps.tofu_plan.outputs.plan-output }}
-      #     commenter_exitcode: ${{ steps.tofu_plan.outputs.exitcode }}
-
-  approval:
-    name: Manual Approval
-    needs: [check-and-create-pr, plan]
-    runs-on: ubuntu-latest
-    steps:
       - name: Wait for manual approval
-        uses: hmarr/auto-approve-action@v2
+        uses: trstringer/manual-approval@v1
         with:
-          pull-request-number: ${{ needs.check-and-create-pr.outputs.pr_number }}
-          review-message: "Awaiting manual approval to apply Tofu plan"
+          secret: ${{ secrets.BOT_GITEA_TOKEN }}
+          approvers: WTF
+          minimum-approvals: 1
+          issue-title: "Tofu Plan for ${{ env.PR_NUMBER }}"
+          issue-body: "Please approve or deny the deployment of the below Tofu plan"
+          issue-body-file-path: relative/file_path/wrt/repo/root
+          exclude-workflow-initiator-as-approver: false
+          fail-on-denial: true
+          additional-approved-words: ''
+          additional-denied-words: ''
+
+      # - name: PR Comment
+      #   uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
+      #   env:
+      #     DEBUG: true
+      #   with:
+      #     debug: true
+      #     platform: gitea
+      #     api_url: https://git.trez.wtf/api/v1
+      #     token: ${{ secrets.BOT_GITEA_TOKEN }}
+      #     pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
+      #     repo_owner: ${{ github.repository_owner }}
+      #     repo_name: ${{ steps.env-vault-vars.outputs.repo_name }}
+      #     plan_file: cloudflare/cloudflare.tfplan
+      #     comment_template: |
+      #       🚀 **Tofu Plan Output**
+      #       ---
+      #       ${{ steps.tofu_plan.outputs.plan-output }}
+      #       Exit Code: ${{ steps.tofu_plan.outputs.exitcode }}
 
   apply:
     name: Apply Tofu Plan