on:
  push:
    branches:
      - 'main'
    #path:
    #  - '**/authentik/*.tf'

jobs:
  authentik":
    runs-on: docker
    steps:
      - uses: actions/checkout@v4
        with:
          sparse-checkout: |
            authentik
      - name: Setup OpenTofu
        run: |
          curl -fsSl https://get.opentofu.org/install-opentofu.sh -o /tmp/install-opentofu.sh
          chmod +x /tmp/install-opentofu.sh
          /tmp/install-opentofu.sh --install-method deb
          rm -f /tmp/install-opentofu.sh
      - name: Tofu init
        working-directory: ${{ github.workspace }}/authentik"
        run: |
          export KUBE_CONFIG_PATH="/tmp/kubeconfig"
          echo ${{ secrets.KUBE_CONFIG_BASE64 }} | base64 -d > ${KUBE_CONFIG_PATH}
          export AUTHENTIK_TOKEN=${{ secrets.AUTHENTIK_TOKEN }}
          export AUTHENTIK_URL="https://auth.lab.cowley.tech"
          tofu init
      - name: Tofu Plan
        working-directory: ${{ github.workspace }}/authentik"
        run: |
          export KUBE_CONFIG_PATH="/tmp/kubeconfig"
          echo ${{ secrets.KUBE_CONFIG_BASE64 }} | base64 -d > ${KUBE_CONFIG_PATH}
          export AUTHENTIK_TOKEN=${{ secrets.AUTHENTIK_TOKEN }}
          export AUTHENTIK_URL="https://auth.lab.cowley.tech"
          tofu plan -out tfplan
      #- name: Tofu Apply
      #  working-directory: ${{ github.workspace }}/authentik"
      #  run: |
      #    export KUBE_CONFIG_PATH="/tmp/kubeconfig"
      #    echo ${{ secrets.KUBE_CONFIG_BASE64 }} | base64 -d > ${KUBE_CONFIG_PATH}
      #    export AUTHENTIK_TOKEN=${{ secrets.AUTHENTIK_TOKEN }}
      #    export AUTHENTIK_URL="https://auth.lab.cowley.tech"
      #    tofu apply tfplan