name: Destroy Infrastructure

# Manual trigger only - for safety
on:
  workflow_dispatch:
    inputs:
      confirm:
        description: 'Type "DESTROY" to confirm'
        required: true
        type: string

jobs:
  destroy:
    name: Destroy Infrastructure
    runs-on: self-hosted
    if: github.event.inputs.confirm == 'DESTROY'

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup OpenTofu
        run: |
          if ! command -v tofu &> /dev/null; then
            curl -fsSL https://get.opentofu.org/install-opentofu.sh | bash
          fi

      - name: Confirm Destruction
        run: |
          echo "⚠️  WARNING: This will destroy all infrastructure!"
          echo "Proceeding in 10 seconds..."
          sleep 10

      - name: Terraform Destroy
        run: |
          cd terraform

          # Create tfvars from secrets
          cat > terraform.tfvars <<EOF
          proxmox_token_id     = "${{ secrets.PROXMOX_TOKEN_ID }}"
          proxmox_token_secret = "${{ secrets.PROXMOX_TOKEN_SECRET }}"
          ssh_public_key       = "${{ secrets.SSH_PUBLIC_KEY }}"
          forgejo_token        = "${{ secrets.FORGEJO_TOKEN }}"
          forgejo_repo_url     = "${{ secrets.FORGEJO_REPO_URL }}"
          EOF

          tofu init
          tofu destroy -auto-approve
        env:
          PM_API_URL: https://192.168.100.10:8006/api2/json
          PM_API_TOKEN_ID: ${{ secrets.PROXMOX_TOKEN_ID }}
          PM_API_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }}

      - name: Cleanup
        run: |
          echo "Infrastructure destroyed successfully"