From f5ee3353fa5a6603d6ee4bd534d27f3b40a797e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?c=C4=83t=C4=83lin?= <catalin@roboces.dev>
Date: Mon, 5 Aug 2024 16:40:07 +0200
Subject: [PATCH] ci: add tofu/{authentik,adguard} deployments

---
 .forgejo/workflows/deploy-tofu.yaml | 54 +++++++++++++++++++++++++++++
 README.md                           |  4 +++
 2 files changed, 58 insertions(+)
 create mode 100644 .forgejo/workflows/deploy-tofu.yaml
 create mode 100644 README.md

diff --git a/.forgejo/workflows/deploy-tofu.yaml b/.forgejo/workflows/deploy-tofu.yaml
new file mode 100644
index 0000000..3f7a401
--- /dev/null
+++ b/.forgejo/workflows/deploy-tofu.yaml
@@ -0,0 +1,54 @@
+---
+name: OpenTofu deployments
+
+on:  # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - 'main'
+      - 'ci/debug'
+
+jobs:
+  authentik:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v4
+      - uses: opentofu/setup-opentofu@v1
+        with:
+          tofu_version: 1.7.0
+      - name: Deploy
+        env:
+          AUTHENTIK_URL: ${{ secrets.AUTHENTIK_URL }}
+          AUTHENTIK_TOKEN: ${{ secrets.AUTHENTIK_TOKEN }}
+          TF_VAR_firezone_client_id: ${{ secrets.TF_VAR_firezone_client_id }}
+          TF_VAR_firezone_client_secret: ${{ secrets.TF_VAR_firezone_client_secret }}
+          TF_VAR_gitea_client_id: ${{ secrets.TF_VAR_gitea_client_id }}
+          TF_VAR_gitea_client_secret: ${{ secrets.TF_VAR_gitea_client_secret }}
+          TF_VAR_miniflux_client_id: ${{ secrets.TF_VAR_miniflux_client_id }}
+          TF_VAR_miniflux_client_secret: ${{ secrets.TF_VAR_miniflux_client_secret }}
+          TF_VAR_portainer_client_id: ${{ secrets.TF_VAR_portainer_client_id }}
+          TF_VAR_portainer_client_secret: ${{ secrets.TF_VAR_portainer_client_secret }}
+          TF_VAR_paperless_client_id: ${{ secrets.TF_VAR_paperless_client_id }}
+          TF_VAR_paperless_client_secret: ${{ secrets.TF_VAR_paperless_client_secret }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          cd tofu/authentik
+          tofu init
+          tofu apply -auto-approve
+
+  adguard:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v4
+      - uses: opentofu/setup-opentofu@v1
+        with:
+          tofu_version: 1.7.0
+      - name: Deploy
+        env:
+          ADGUARD_PASSWORD: ${{ secrets.ADGUARD_PASSWORD }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          cd tofu/adguard
+          tofu init
+          tofu apply -auto-approve
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..4706caa
--- /dev/null
+++ b/README.md
@@ -0,0 +1,4 @@
+# fukuops
+
+[![Last build status](https://git.roboces.dev/catalin/fukuops/badges/workflows/ci.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions)
+[![Tofu deployments](https://git.roboces.dev/catalin/fukuops/badges/workflows/deploy-tofu.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions)