name: deploy-gitea-gce
on:
  workflow_dispatch:
permissions:
  contents: read
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Extract project_id
        id: pj
        run: echo "pid=$(jq -r .project_id <<< '${{ secrets.GCP_SA_KEY_JSON }}')" >> $GITHUB_OUTPUT

      - uses: google-github-actions/auth@v2
        with:
          credentials_json: ${{ secrets.GCP_SA_KEY_JSON }}

      - uses: hashicorp/setup-terraform@v3

      - name: Terraform Init
        working-directory: terraform
        run: terraform init

      - name: Terraform Import firewall if exists
        working-directory: terraform
        run: |
          set +e
          terraform import google_compute_firewall.gitea_allow projects/${{ steps.pj.outputs.pid }}/global/firewalls/allow-gitea-3000-ssh
          set -e || true

      - name: Terraform Apply
        working-directory: terraform
        env:
          TF_VAR_project_id: ${{ steps.pj.outputs.pid }}
        run: terraform apply -auto-approve