les-06/.gitea/workflows/provision_configure.yaml

name: Provision & Configure

on:
  push:
    branches:
      - main
    paths:
      - terraform/**/*.tf
      - terraform/**/*.tfvars
      - terraform/**/*.tftpl
  workflow_dispatch:

jobs:
  terraform:
    name: Terraform Apply
    runs-on: skylab
    defaults:
      run:
        working-directory: ./terraform

    env:
      TF_VAR_azure_subscriptionid: ${{ secrets.AZURE_SUBSCRIPTIONID }}
      TF_VAR_azure_resourcegroup: ${{ secrets.AZURE_RESOURCEGROUP }}
      TF_VAR_esxi_hostname: ${{ secrets.ESXI_HOSTNAME }}
      TF_VAR_esxi_username: ${{ secrets.ESXI_USERNAME }}
      TF_VAR_esxi_password: ${{ secrets.ESXI_PASSWORD }}
      TF_VAR_skylab_ssh_public_key: ${{ secrets.SKYLAB_SSH_PUBLIC_KEY }}
      TF_VAR_skylab_ssh_private_key: ${{ secrets.SKYLAB_SSH_PRIVATE_KEY }}
      TF_VAR_azure_ssh_public_key: ${{ secrets.AZURE_SSH_PUBLIC_KEY }}
      TF_VAR_azure_ssh_private_key: ${{ secrets.AZURE_SSH_PRIVATE_KEY }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      # Terraform
      - name: Set up Terraform
        uses: hashicorp/setup-terraform@v3

      - name: Install ovftool
        run: |
          wget https://github.com/rgl/ovftool-binaries/raw/main/archive/VMware-ovftool-4.6.3-24031167-lin.x86_64.zip
          unzip VMware-ovftool-4.6.3-24031167-lin.x86_64.zip
          mv ovftool vmware-ovftool
          mv vmware-ovftool /usr/bin/
          chmod +x /usr/bin/vmware-ovftool/ovftool*
          ln -s /usr/bin/vmware-ovftool/ovftool /usr/bin/ovftool

      - name: Terraform Init
        run: terraform init

      - name: Terraform Format
        run: terraform fmt -check

      - name: Terraform Validate
        run: terraform validate

      - name: Terraform Plan
        run: terraform plan

      - name: Terraform Apply
        run: terraform apply -auto-approve

      # Ansible
      - name: Set up SSH
        run: |
          # mkdir -p ~/.ssh
          # printf "%s" "${{ secrets.AZURE_SSH_PRIVATE_KEY }}" > ~/.ssh/azure
          # chmod 600 ~/.ssh/azure
          # mkdir -p ~/.ssh
          printf "%s" "${{ secrets.SKYLAB_SSH_PRIVATE_KEY }}" > /skylab
          chmod 600 /skylab

      - name: Install Ansible
        shell: bash
        run: |
          apt update
          apt install -y ansible

      - name: Run Ansible Playbook
        env:
          ANSIBLE_USER: ${{ secrets.ANSIBLE_USER }}
          ANSIBLE_HOST_KEY_CHECKING: False
        run: |
          ansible-playbook -i ../ansible/inventory.ini ../ansible/main.yml