--- name: Tofu Apply k8s-wheatley on: push: branches: - main paths: - pve01.wheatley.in/k8s-wheatley/** - .forgejo/workflows/*-k8s-wheatley.yaml jobs: tofu-apply-k8s-wheatley: runs-on: docker defaults: run: working-directory: pve01.wheatley.in/k8s-wheatley permissions: pull-requests: write env: AWS_S3_ENDPOINT: ${{ secrets.AWS_S3_ENDPOINT }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} TF_VAR_proxmox_endpoint: ${{ secrets.PROXMOX_ENDPOINT }} TF_VAR_proxmox_api_token: ${{ secrets.PROXMOX_API_TOKEN }} steps: - uses: https://github.com/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - uses: https://github.com/opentofu/setup-opentofu@fc711fa910b93cba0f3fbecaafc9f42fd0c411cb # v2 with: tofu_version: 1.11.5 - name: Install deps run: | apt update apt install -y jq - name: OpenTofu Init id: init run: tofu init --upgrade - name: OpenTofu Format id: fmt run: tofu fmt -check - name: OpenTofu Validate id: validate run: tofu validate -no-color - name: OpenTofu Plan id: plan run: tofu plan -no-color continue-on-error: true - name: OpenTofu Apply id: apply run: tofu apply -auto-approve -no-color continue-on-error: true - name: Get merged PR id: pr run: | pr_number=$(curl -s \ -H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \ "${{ forge.api_url }}/repos/${{ forge.repository }}/commits/${{ forge.sha }}/pull" \ | jq -r '.number // empty') echo "PR_NUMBER=${pr_number}" >> $GITHUB_ENV - name: Add comment id: comment if: always() env: COMMENT_BODY: | ### ${{forge.workflow}} #### ${{ steps.fmt.outcome == 'success' && '✅' || '❌' }} OpenTofu Format and Style 🖌 #### ${{ steps.init.outcome == 'success' && '✅' || '❌' }} OpenTofu Initialization ⚙️ #### ${{ steps.validate.outcome == 'success' && '✅' || '❌' }} OpenTofu Validation 🤖

Validation Output

``` ${{ steps.validate.outputs.stdout }} ```

#### ${{ steps.apply.outcome == 'success' && '✅' || '❌' }} OpenTofu Apply 🚀

Show Apply

``` APPLY_PLACEHOLDER ```

run: | filtered_apply=$(echo "${{ steps.apply.outputs.stdout }}" | grep -vE '^\s*(module\.|data\.|resource\.).+: (Reading\.\.\.|Read complete after|Refreshing state)' | sed '/./,$!d') COMMENT_BODY="${COMMENT_BODY//'APPLY_PLACEHOLDER'/$filtered_apply}" payload=$(jq -Rs --arg body "$COMMENT_BODY" '{body: $body}' <<< "$COMMENT_BODY") existing_comment=$(curl -s \ -H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \ "${{ forge.api_url }}/repos/${{ forge.repository }}/issues/$PR_NUMBER/comments") comment_id=$(echo "$existing_comment" | jq -r \ '.[] | select(.body | test("${{ forge.workflow }}")) | .id' | head -n 1) if [ -n "${comment_id}" ] && [ "${comment_id}" != "null" ]; then echo "Found comment with id ${comment_id}, updating..." && \ curl -s -X PATCH \ -H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \ -H "Content-Type: application/json" \ "${{ forge.api_url }}/repos/${{ forge.repository }}/issues/comments/${comment_id}" \ -d "$payload" else echo "Creating new comment on PR $PR_NUMBER..." && \ curl -s -X POST \ -H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \ -H "Content-Type: application/json" \ "${{ forge.api_url }}/repos/${{ forge.repository }}/issues/$PR_NUMBER/comments" \ -d "$payload" fi