name: 'Keycloak Terraform'

on:
  push:
    branches: [ "main" ]
    paths:
      - 'terraform/keycloak/**'
  pull_request:

permissions:
  contents: read

jobs:
  terraform:
    name: 'Terraform'
    runs-on: ubuntu-latest
    environment: production

    defaults:
      run:
        shell: bash

    steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v4.0.0
      with:
        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}

    - name: Setup kubeconfig
      run: |
        mkdir -p ~/.kube
        echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config
        chmod 600 ~/.kube/config

    - name: Terraform Init
      run: terraform init
      working-directory: ./terraform/keycloak

    - name: Terraform Format
      run: terraform fmt -check
      continue-on-error: true
      working-directory: ./terraform/keycloak

    - name: Terraform Apply
      env:
        TF_VAR_keycloak_client_secret: ${{ secrets.KEYCLOAK_CLIENT_SECRET }}
        TF_VAR_google_client_id: ${{ secrets.GOOGLE_CLIENT_ID }}
        TF_VAR_google_client_secret: ${{ secrets.GOOGLE_CLIENT_SECRET }}
      run: terraform apply -input=false -auto-approve -parallelism=100
      working-directory: ./terraform/keycloak