name: Run terraform
on:
  workflow_call:
    inputs:
      terraform_image:
        required: true
        type: string
        description: image to use inside the workflow jobs
        default: git.romalex.cc/public/terraform-image:v1
      action:
        required: true
        type: string
        description: action to run. must be PLAN or APPLY, or else would do nothing
      workspace:
        required: true
        type: string
        description: terraform workspace name
    secrets:
      pg_conn_str:
        required: true
        description: value of PG_CONN_STR env
      role_id:
        required: true
        description: value of TF_VAR_login_approle_role_id env
      secret_id:
        required: true
        description: value of TF_VAR_login_approle_secret_id

jobs:
  terraform:
    name: Run terraform ${{ inputs.action }}
    runs-on: romalex-public
    container:
      image: ${{ inputs.terraform_image }}
    env:
      PG_CONN_STR: ${{ secrets.pg_conn_str }}
      TF_VAR_login_approle_role_id: ${{ secrets.role_id }}
      TF_VAR_login_approle_secret_id: ${{ secrets.secret_id }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Init terraform
        run: terraform init
      - name: Select workspace
        run: terraform workspace select -or-create ${{ inputs.workspace }}
      - name: Terraform Plan
        if: ${{ inputs.action == 'PLAN' }}
        run: terraform plan
      - name: Terraform Apply
        if: ${{ inputs.action == 'APPLY' }}
        run: terraform apply -auto-approve