name: Create staging infra (REUSABLE)

on:
  workflow_call:
    inputs:
      TYPE:
        required: true
        type: string
    secrets:
      CICD_SECRETS:
        required: true

jobs:
  create:
    runs-on: ubuntu-latest
    steps:
      # Prepare
      - name: Generate SSH keypair
        run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n  StrictHostKeyChecking no" > ~/.ssh/ssh_config
        if: inputs.TYPE != 'k8s'
      - name: Checkout source code
        uses: actions/checkout@v3
      - name: Install terraform
        uses: hashicorp/setup-terraform@v2
      - name: Install kubectl
        uses: azure/setup-kubectl@v3
        if: inputs.TYPE == 'k8s'
      - name: Set up Python 3.11
        uses: actions/setup-python@v4
        if: inputs.TYPE != 'k8s'
        with:
          python-version: "3.11"
          cache: "pip"
      - name: Install ansible
        run: pip install ansible
        if: inputs.TYPE != 'k8s'
      - name: Install ansible libs
        run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner,1.18.1 && ansible-galaxy collection install --timeout 120 community.general
        if: inputs.TYPE != 'k8s'
      # Create infra
      - run: ./tests/create.sh ${{ inputs.TYPE }}
        env:
          CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
          REG_USER: ${{ github.actor }}
          REG_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - run: |
          tar -cf terraform.tar /tmp/${{ inputs.TYPE }}
          echo "$SECRET_KEY" > /tmp/.secret_key
          openssl enc -in terraform.tar -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out terraform.tar.enc
          rm -f /tmp/.secret_key
        if: always()
        env:
          SECRET_KEY: ${{ secrets.SECRET_KEY }}
      - uses: actions/upload-artifact@v3
        if: always()
        with:
          name: tf-${{ inputs.TYPE }}
          path: terraform.tar.enc