name: Pulumi

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
  AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_KEY }}
  AWS_REGION: us-east-1
  MINIO_ENDPOINT: "127.0.0.1:9000"

jobs:
  pulumi:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Install Pulumi CLI
        run: |
          curl -fsSL https://get.pulumi.com | sh
          echo "$HOME/.pulumi/bin" >> $GITHUB_PATH

      - name: Install dependencies
        run: npm ci

      - name: Install Pulumi plugins
        run: |
          pulumi plugin install resource command

      - name: Login to MinIO backend
        run: |
          pulumi login "s3://pulumi-state?endpoint=$MINIO_ENDPOINT&disableSSL=true&s3ForcePathStyle=true"

      - name: Select stack
        run: |
          pulumi stack select poc --create

      - name: Set Pulumi config
        run: |
          pulumi config set netbird:url https://netbird-poc.networkmonitor.cc
          pulumi config set --secret netbird:token "${{ secrets.NETBIRD_TOKEN }}"

      - name: Pulumi Preview
        if: github.event_name == 'pull_request'
        run: pulumi preview

      - name: Pulumi Up
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        run: pulumi up --yes