stages:
  - lint
  - build
  - destroy

include:
  - project: 'developerdurp/jobtemplates'
    ref: main
    file: 
      - 'terraform.yml'
      - 'ansible.yml'

format:
  stage: lint
  variables:
    WORKDIR: $CI_PROJECT_DIR/terraform
  allow_failure: false
  extends: .terraform_fmt
  rules: 
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"   
      changes:
        compare_to: refs/heads/main
        paths:
          - 'terraform/*'       
      when: always
    - when: never

validate:
  stage: lint
  variables:
    WORKDIR: $CI_PROJECT_DIR/terraform
  allow_failure: false
  extends: .terraform_validate
  rules: 
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"   
      changes:
        compare_to: refs/heads/main
        paths:
          - 'terraform/*'       
      when: always
    - when: never    

plan:
  stage: lint
  variables:
    WORKDIR: $CI_PROJECT_DIR/terraform
    ARGUMENTS: -var=pm_password=$pm_password -var=pm_api_url=$pm_api_url -var-file=terraform.tfvars
  allow_failure: false
  extends: .terraform_plan
  needs: ["validate","format"]
  rules: 
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"   
      changes:
        compare_to: refs/heads/main
        paths:
          - 'terraform/*'       
      when: always
    - when: never

k3s:
  stage: build
  variables:
    WORKDIR: $CI_PROJECT_DIR/terraform
    ARGUMENTS: -var=pm_password=$pm_password -var=pm_api_url=$pm_api_url -var-file=terraform.tfvars
  allow_failure: false
  extends: .terraform_apply   
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'
      changes:
        paths:
          - 'terraform/*'     
          - 'ansible/*'  
      when: always
    - if: '$CI_COMMIT_BRANCH == "main"'
      changes:
        paths:
          - 'ansible/dns.yml'
      when: never   
    - if: $CI_PIPELINE_SOURCE == "schedule"
      when: never              
    - when: never          

k3s-ansible:
  stage: build
  variables:
    WORKDIR: $CI_PROJECT_DIR/ansible
    FILE: main.yml
    REQUIREMENTS: requirements.yml
  allow_failure: false
  extends: .ansible_apply
  before_script: 
    - cat $ansible > $WORKDIR/ansible 
  needs: ["k3s"]
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'
      changes:
        paths:
          - 'terraform/*'     
          - 'ansible/*'  
      when: always
    - if: '$CI_COMMIT_BRANCH == "main"'
      changes:
        paths:
          - 'ansible/dns.yml'
      when: never      
    - if: $CI_PIPELINE_SOURCE == "schedule"
      when: never       
    - when: never    

k3s-dns:
  stage: build
  variables:
    WORKDIR: $CI_PROJECT_DIR/ansible
    FILE: dns.yml
    REQUIREMENTS: requirements.yml
  allow_failure: false
  extends: .ansible_apply
  before_script: 
    - cat $ansible > $WORKDIR/ansible 
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'
      changes:
        paths:
          - 'ansible/dns.yml'
      when: always
    - when: never    

k3s-update:
  stage: build
  variables:
    WORKDIR: $CI_PROJECT_DIR/ansible
    FILE: update.yml
    REQUIREMENTS: requirements.yml
  allow_failure: false
  extends: .ansible_apply
  before_script: 
    - cat $ansible > $WORKDIR/ansible   
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule"
      when: always 
    - when: never        

k3s-destroy:
  stage: destroy
  variables:
    WORKDIR: $CI_PROJECT_DIR/terraform
    ARGUMENTS: -var=pm_password=$pm_password -var=pm_api_url=$pm_api_url -var-file=terraform.tfvars
  allow_failure: false
  extends: .terraform_destroy  
  needs: ["k3s"]
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'
      changes:
        paths:
          - 'terraform/*'     
          - 'ansible/*'  
      when: manual
    - if: '$CI_COMMIT_BRANCH == "main"'
      changes:
        paths:
          - 'ansible/dns.yml'
      when: never   
    - if: $CI_PIPELINE_SOURCE == "schedule"
      when: never              
    - when: never   



#destroy:
#  stage: destroy
#  image:
#    name: hashicorp/terraform:light
#    entrypoint:
#      - '/usr/bin/env'
#      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
#  variables:
#    PLAN: plan.tfplan
#    JSON_PLAN_FILE: tfplan.json
#    TF_IN_AUTOMATION: "true"
#    GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}
#  cache:
#    key: "$CI_COMMIT_SHA"
#    paths:
#      - .terraform
#  script:
#    - apk add --update curl jq
#    - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
#    - terraform --version
#    - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5"      
#    - terraform destroy -auto-approve -var-file=terraform.tfvars
#  only:
#    changes:
#      - terraform.tf 
#      - terraform.tfvars 
#      - jobs/main.yml     
#  when: manual