# Все корни Terraform в environments/dev/<имя>/ (файл main.tf).
# Новая организация = новая папка — workflow подхватит её без правки этого файла.

name: terraform-dev

on:
  pull_request:
    paths:
      - "environments/dev/**"
      - "environments/modules/**"
      - ".gitea/workflows/terraform-dev.yml"
  push:
    branches:
      - main
    paths:
      - "environments/dev/**"
      - "environments/modules/**"
      - ".gitea/workflows/terraform-dev.yml"
  workflow_dispatch:
    inputs:
      run_apply:
        description: "Run terraform apply (true/false)"
        required: true
        default: "false"

env:
  TF_IN_AUTOMATION: "true"
  TF_INPUT: "false"
  TF_CLI_ARGS_init: "-backend=false -plugin-dir=/root/.terraform.d/plugins"

jobs:
  validate:
    runs-on: [terraform-host]
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Terraform version
        run: terraform version

      - name: Terraform fmt check
        run: terraform fmt -check -recursive

      - name: Terraform init + validate (all dev environments)
        env:
          VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
          VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
        run: |
          set -euo pipefail
          found=0
          for d in environments/dev/*/; do
            [ -f "${d}main.tf" ] || continue
            found=1
            echo "========== ${d} =========="
            (cd "$d" && terraform init && terraform validate)
          done
          if [ "$found" -eq 0 ]; then
            echo "No environments found under environments/dev/*/ with main.tf"
            exit 1
          fi

  plan:
    needs: validate
    runs-on: [terraform-host]
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Terraform plan (all dev environments)
        env:
          VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
          VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
        run: |
          set -euo pipefail
          found=0
          for d in environments/dev/*/; do
            [ -f "${d}main.tf" ] || continue
            found=1
            echo "========== ${d} =========="
            (cd "$d" && terraform init && terraform plan -refresh=false -lock=false -out=tfplan)
          done
          if [ "$found" -eq 0 ]; then
            echo "No environments found under environments/dev/*/ with main.tf"
            exit 1
          fi

  apply:
    if: github.event_name == 'workflow_dispatch' && github.event.inputs.run_apply == 'true'
    needs: plan
    runs-on: [terraform-host]
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Terraform apply (all dev environments)
        env:
          VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
          VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
        run: |
          set -euo pipefail
          found=0
          for d in environments/dev/*/; do
            [ -f "${d}main.tf" ] || continue
            found=1
            echo "========== ${d} =========="
            (cd "$d" && terraform init && terraform apply -refresh=false -lock=false -auto-approve)
          done
          if [ "$found" -eq 0 ]; then
            echo "No environments found under environments/dev/*/ with main.tf"
            exit 1
          fi