name: Terraform Apply
description: >
  Init and apply Terraform configuration files using the official Terraform CLI.

inputs:
  terraform-dir:
    description: Directory containing .tf files
    required: false
    default: terraform
  terraform-version:
    description: Terraform version to use
    required: false
    default: "~1.15"
  var-file:
    description: Path to .tfvars file, relative to terraform-dir
    required: false
    default: ""
  workspace:
    description: Terraform workspace to use
    required: false
    default: ""
  jfrog-token:
    description: JFrog Artifactory token used for Terraform provider registry (sets TF_TOKEN_schmalz_jfrog_io)
    required: false
    default: ""

runs:
  using: composite
  steps:
    # Pinned to commit SHA instead of a tag to prevent supply chain attacks.
    # hashicorp/setup-terraform v4.0.0 — https://github.com/hashicorp/setup-terraform/commits/v4.0.0/
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85
      with:
        terraform_version: ${{ inputs.terraform-version }}

    - name: Set Terraform plugin cache directory
      shell: bash
      run: |
        mkdir -p ~/.terraform.d/plugin-cache
        echo "TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache" >> "$GITHUB_ENV"

    - name: Cache Terraform providers
      uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/cache@cache-v1
      with:
        path: ~/.terraform.d/plugin-cache
        key: ${{ runner.os }}-terraform-providers-${{ inputs.terraform-version }}-${{ hashFiles(format('{0}/.terraform.lock.hcl', inputs.terraform-dir)) }}
        restore-keys: ${{ runner.os }}-terraform-providers-${{ inputs.terraform-version }}-

    - name: Terraform Init
      shell: bash
      env:
        TF_TOKEN_schmalz_jfrog_io: ${{ inputs.jfrog-token }}
        TF_DIR: ${{ inputs.terraform-dir }}
      run: terraform -chdir="$TF_DIR" init -no-color

    - name: Terraform Select Workspace
      if: ${{ inputs.workspace != '' }}
      shell: bash
      env:
        TF_DIR: ${{ inputs.terraform-dir }}
        TF_WORKSPACE_NAME: ${{ inputs.workspace }}
      run: |
        terraform -chdir="$TF_DIR" workspace select -or-create "$TF_WORKSPACE_NAME"

    - name: Terraform Apply
      shell: bash
      env:
        TF_TOKEN_schmalz_jfrog_io: ${{ inputs.jfrog-token }}
        TF_DIR: ${{ inputs.terraform-dir }}
        VAR_FILE: ${{ inputs.var-file }}
      run: |
        ARGS="-auto-approve -no-color"
        if [ -n "$VAR_FILE" ]; then
          ARGS="$ARGS -var-file=$VAR_FILE"
        fi
        terraform -chdir="$TF_DIR" apply $ARGS

    - name: Export Terraform Outputs
      shell: bash
      env:
        TF_DIR: ${{ inputs.terraform-dir }}
      run: |
        terraform -chdir="$TF_DIR" output -json | jq -r '
          to_entries[]
          | select(.value.sensitive != true)
          | .key as $k
          | (.value.value | if type == "string" then . else tojson end) as $v
          | "\($k)<<__TF_OUT__\n\($v)\n__TF_OUT__"
        ' >> "$GITHUB_OUTPUT"