From 67da0f4cade037890262ba15a8de47635aacd006 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Fri, 17 Oct 2025 10:29:55 +1100
Subject: [PATCH] feat: add build job

- add build job that runs `make plan`
- enable provider caching
---
 .gitea/workflows/build.yaml | 33 +++++++++++++++++++++++++++++++++
 Makefile                    |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 .gitea/workflows/build.yaml

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
new file mode 100644
index 0000000..d610b2a
--- /dev/null
+++ b/.gitea/workflows/build.yaml
@@ -0,0 +1,33 @@
+---
+name: Build
+
+on:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: almalinux-8
+    container:
+      image: git.unkin.net/unkin/almalinux9-actionsdind:latest
+      options: --privileged
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Fetch master branch
+        run: |
+          git fetch origin master:master
+
+      - name: Show changed files
+        run: |
+          git diff --name-only master
+
+      - name: Run Terraform Plan
+        env:
+          VAULT_ROLEID: ${{ secrets.TERRAFORM_INCUS_VAULT_ROLEID }}
+        run: |
+          ls -lh ~/.config/incus
+          make plan
diff --git a/Makefile b/Makefile
index e42187b..a02f551 100644
--- a/Makefile
+++ b/Makefile
@@ -11,6 +11,7 @@ define vault_env
 	export PUPPET_CERT_PUB=$$(vault kv get -field=public_key kv/service/puppet/certificates/terraform) && \
 	export PUPPET_CERT_PRIV=$$(vault kv get -field=private_key kv/service/puppet/certificates/terraform) && \
 	export TG_QUEUE_EXCLUDE_DIR="templates/base" && \
+	export TG_PROVIDER_CACHE=1 && \
 	export $$(vault read -format=json kv/data/service/terraform/incus | jq -r '.data.data | to_entries[] | "\(.key)=\(.value)"')
 endef