name: Deploy

on:
  pull_request:
  push:
    branches:
      - master

jobs:
  deploy:
    runs-on: almalinux-8
    container:
      image: git.query.consul/unkin/almalinux8-runnerdnd:latest
      options: --privileged

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Download Artifacts
        run: |
          mkdir -p /workspace/unkin/terraform-nomad/plans
          export RUN_ID=$((GITHUB_RUN_NUMBER - 1))
          export PLANS_URL="https://git.query.consul/${GITHUB_REPOSITORY}/actions/runs/${RUN_ID}/artifacts/plans"
          export MAX_RETRIES=6
          export RETRY_COUNT=0
          echo "Attempting to download plans from ${PLANS_URL}"
          while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
            # Download the file
            curl -L -o /workspace/plans.zip "${PLANS_URL}"
            # Validate if it is a valid ZIP
            if unzip -t /workspace/plans.zip > /dev/null 2>&1; then
              echo "Plans file downloaded and verified successfully."
              break
            else
              echo "Invalid or corrupt plans file. Retrying in 10 seconds... ($((RETRY_COUNT + 1))/$MAX_RETRIES)"
              RETRY_COUNT=$((RETRY_COUNT + 1))
              sleep 10
            fi
          done
          if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then
            echo "Failed to download a valid plans file after $MAX_RETRIES attempts."
            exit 1
          fi
          echo "Extracting plans..."
          unzip /workspace/plans.zip -d /workspace/unkin/terraform-nomad/plans
          echo "Plans file extracted successfully."

      - name: Show Plans
        run: |
          find /workspace -type f -name "*.plan"

      - name: Install Packages
        run: |
          dnf install terraform terragrunt vault jq -y

      - name: Run Terraform Apply
        env:
          VAULT_ROLEID: ${{ secrets.TERRAFORM_NOMAD_VAULT_ROLEID }}
        run: |
          env
          make apply