name: 'Terraform' on: push: branches: [ "main" ] pull_request: permissions: contents: read jobs: terraform: name: 'Terraform' runs-on: ubuntu-latest environment: production defaults: run: shell: bash steps: - name: Checkout uses: actions/checkout@v3 - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - name: Terraform Init run: terraform init working-directory: ./terraform/authentik - name: Terraform Format run: terraform fmt -check continue-on-error: true working-directory: ./terraform/authentik - name: Terraform Apply run: terraform apply -var-file proxy-apps.tfvars -var-file oauth2-apps.tfvars -var-file terraform.tfvars -var-file groups.tfvars -input=false -auto-approve -parallelism=100 working-directory: ./terraform/authentik - name: Generate Wiki Content if: success() continue-on-error: true run: | echo "📋 Starting Wiki generation..." cd ./terraform/authentik # Generate terraform output echo "🔍 Generating Terraform output..." # Get only the specific output we need echo "📤 Extracting applications_for_wiki output..." terraform output -json applications_for_wiki > terraform-raw-output.json 2>&1 # Check if output has command prefix if grep -q '^\[command\]' terraform-raw-output.json; then echo "⚠️ Detected command prefix, removing first line..." tail -n +2 terraform-raw-output.json > terraform-output.json else cp terraform-raw-output.json terraform-output.json fi # Validate JSON and extract value echo "🔍 Validating and extracting JSON..." if python3 -c "import json; f=open('terraform-output.json'); data=json.load(f); f.close(); print('✅ Valid JSON')" 2>/dev/null; then # Extract just the value field using Python (more reliable than jq) cat > extract_value.py << 'EOF' import json with open('terraform-output.json', 'r') as f: data = json.load(f) # Handle both full output format and direct value if isinstance(data, dict) and 'value' in data: value = data['value'] else: value = data with open('terraform-output-value.json', 'w') as out: json.dump(value, out, indent=2) EOF python3 extract_value.py mv terraform-output-value.json terraform-output.json echo "✅ JSON extracted successfully" else echo "❌ Invalid JSON detected, trying to fix..." # Try to extract valid JSON part cat > fix_json.py << 'EOF' import json import re with open('terraform-output.json', 'r') as f: content = f.read() # Try to find and extract valid JSON try: # Find first { and last matching } start = content.find('{') if start >= 0: # Count brackets to find matching close count = 0 end = start for i in range(start, len(content)): if content[i] == '{': count += 1 elif content[i] == '}': count -= 1 if count == 0: end = i + 1 break if end > start: json_str = content[start:end] data = json.loads(json_str) if 'value' in data: data = data['value'] with open('terraform-output.json', 'w') as out: json.dump(data, out, indent=2) print('✅ Fixed JSON by extracting valid portion') else: print('❌ Could not find matching brackets') else: print('❌ No JSON found in output') except Exception as e: print(f'❌ Failed to fix JSON: {e}') EOF python3 fix_json.py fi # Debug output echo "📄 Output file size: $(wc -c < terraform-output.json) bytes" echo "🔍 Content preview:" head -c 500 terraform-output.json echo "" # Run wiki generation with debug if first attempt fails echo "📊 Running wiki generation script..." if ! python3 ../../.gitea/scripts/generate-apps-wiki.py terraform-output.json; then echo "⚠️ First attempt failed, retrying with debug..." python3 ../../.gitea/scripts/generate-apps-wiki.py terraform-output.json --debug || echo "⚠️ Wiki generation failed" fi # Check if wiki file was created if [ -f "Applications.md" ]; then echo "✅ Wiki content generated successfully" else echo "⚠️ Wiki content not generated" exit 0 fi working-directory: ./ - name: Upload Wiki to Gitea if: success() continue-on-error: true run: | cd ./terraform/authentik # Set variables GITEA_URL="${{ secrets.GT_WIKI_URL }}" GITEA_TOKEN="${{ secrets.GT_WIKI_TOKEN }}" GITEA_OWNER="${{ secrets.GT_WIKI_OWNER }}" GITEA_REPO="${{ secrets.GT_WIKI_REPO }}" # Check if file exists if [ ! -f "Applications.md" ]; then echo "⚠️ Applications.md not found, skipping wiki update" exit 0 fi echo "📤 Uploading to Gitea Wiki..." # Encode content to base64 CONTENT=$(base64 -w 0 Applications.md) # Check if wiki page exists WIKI_PAGE_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" \ -H "Authorization: token $GITEA_TOKEN" \ "$GITEA_URL/api/v1/repos/$GITEA_OWNER/$GITEA_REPO/wiki/page/Applications" || echo "000") if [ "$WIKI_PAGE_EXISTS" = "200" ]; then echo "📝 Updating existing wiki page..." curl -X PATCH \ -H "Authorization: token $GITEA_TOKEN" \ -H "Content-Type: application/json" \ -d "{ \"title\": \"Applications\", \"content_base64\": \"$CONTENT\", \"message\": \"Update applications list from CI/CD [$(date)]\" }" \ "$GITEA_URL/api/v1/repos/$GITEA_OWNER/$GITEA_REPO/wiki/page/Applications" || echo "⚠️ Wiki update failed" else echo "📄 Creating new wiki page..." curl -X POST \ -H "Authorization: token $GITEA_TOKEN" \ -H "Content-Type: application/json" \ -d "{ \"title\": \"Applications\", \"content_base64\": \"$CONTENT\", \"message\": \"Create applications list from CI/CD [$(date)]\" }" \ "$GITEA_URL/api/v1/repos/$GITEA_OWNER/$GITEA_REPO/wiki/new" || echo "⚠️ Wiki creation failed" fi echo "✅ Wiki update process completed" working-directory: ./