.github/workflows/plan.yml

name: Plan

on: issue_comment

jobs:
  plan:
    name: Plan GKE
    if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '!terraform plan') && github.repository_owner == 'ExpidusOS' }}
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
      pull-requests: write
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      AWS_REGION: us-west-1
      AWS_ACCESS_KEY_ID: ${{ secrets.WASABI_ACCESS_KEY }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.WASABI_SECRET_KEY }}
    strategy:
      matrix:
        region: [us-west1]
    steps:
      - uses: actions/checkout@v3
        with:
          ref: refs/pull/${{ github.event.issue.number }}/merge
      - id: install-aws-cli
        uses: unfor19/install-aws-cli-action@v1
      - id: 'auth'
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v1.1.1'
        with:
          token_format: 'access_token'
          workload_identity_provider: 'projects/769178210270/locations/global/workloadIdentityPools/ci-pool/providers/github'
          service_account: 'github-ci@expidusos-infra.iam.gserviceaccount.com'
      - name: Write variables
        run: |
          cat << EOF > terraform.tfvars
          region = "${{ matrix.region }}"
          aws_access_key_id = "${{ secrets.WASABI_ACCESS_KEY }}"
          aws_secret_access_key = "${{ secrets.WASABI_SECRET_KEY }}"
          cloudflare_token = "${{ secrets.CLOUDFLARE_TOKEN }}"
          cloudflare_key = "${{ secrets.CLOUDFLARE_KEY }}"
          EOF
      - name: Pull Terraform State
        run: |
          aws s3 --endpoint-url=https://s3.us-west-1.wasabisys.com cp s3://expidusos-ci/infra/${{ matrix.region }}/terraform.tfstate ./terraform.tfstate
      - name: Plan
        uses: dflook/terraform-github-actions/terraform-plan@main