name: PVE2 Infrastructure Deploy
on: [push]

jobs:
  terraform:
    runs-on: pve2
    steps:
      - name: Native Git Checkout
        run: |
          # Clean the workspace so we don't have old files hanging around
          rm -rf ./*
          # Clone using the temporary token Gitea provides for this job
          git clone http://${{ gitea.token }}@172.16.201.201:3002/${{ gitea.repository }} .
        
      - name: Terraform Init
        run: |
          cd terraform
          terraform init

      - name: Terraform Plan & Apply
        run: |
          cd terraform
          terraform apply -auto-approve
        env:
          PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
          PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
          # Since the runner is ON the host, we can use localhost
          PM_API_URL: "https://localhost:8006/api2/json"
          # This prevents Terraform from failing if your PVE SSL cert is self-signed
          PM_TLS_INSECURE: "true"