.github/workflows/terraform_plan.yaml

name: "Terraform Plan"
on:
  workflow_dispatch:
  pull_request:
    branches: [main]
    paths:
      - hosting/terraform/grafana/*.tf
      - hosting/terraform/grafana/dashboards/*.json
jobs:
  plan:
    if: ${{github.repository == 'ymgyt/syndicationd'}}
    runs-on: ubuntu-latest
    timeout-minutes: 60
    permissions:
      contents: read
      # For posting terraform output to PR
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v30
        with:
          github_access_token: ${{ secrets.GITHUB_TOKEN }}
      - uses: cachix/cachix-action@v15
        with:
          name: syndicationd
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
      - name: terraform init
        run: nix develop .#ci --accept-flake-config --command just tf grafana init
        env:
          TF_TOKEN_app_terraform_io: "${{secrets.TF_TOKEN_APP_TERRAFORM_IO}}"
      - name: terraform plan
        id: plan
        continue-on-error: true
        run: nix develop .#ci --accept-flake-config --command just tf grafana plan -no-color
        env:
          TF_TOKEN_app_terraform_io: "${{secrets.TF_TOKEN_APP_TERRAFORM_IO}}"
          TF_VAR_grafana_sa_token: "${{secrets.GRAFANA_SA_TOKEN}}"
      - name: Post plan output to github PR
        uses: actions/github-script@v7
        env:
          PLAN_RESULT: ${{steps.plan.outcome}}
          PLAN_STDOUT: ${{steps.plan.outputs.stdout}}
        with:
          script: |
            const { PLAN_RESULT, PLAN_STDOUT } = process.env

            const body = `terraform plan: ${PLAN_RESULT}
            <details>
            <summary>plan output</summary>
            \`\`\`\n
            ${PLAN_STDOUT}
            \`\`\`
            </details>`

            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body,
            })