name: Kubeadm Bootstrap
run-name: ${{ gitea.actor }} requested kubeadm bootstrap

on:
  workflow_dispatch:
    inputs:
      confirm:
        description: "Type BOOTSTRAP to run rebuild + kubeadm bootstrap"
        required: true
        type: string

concurrency:
  group: kubeadm-bootstrap
  cancel-in-progress: false

jobs:
  bootstrap:
    name: "Rebuild and Bootstrap Cluster"
    runs-on: ubuntu-latest

    steps:
      - name: Validate confirmation phrase
        run: |
          if [ "${{ inputs.confirm }}" != "BOOTSTRAP" ]; then
            echo "Confirmation failed. You must type BOOTSTRAP."
            exit 1
          fi

      - name: Checkout repository
        uses: https://gitea.com/actions/checkout@v4

      - name: Create SSH key
        run: |
          install -m 0700 -d ~/.ssh
          cat > ~/.ssh/id_ed25519 << 'EOF'
          ${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}
          EOF
          chmod 0600 ~/.ssh/id_ed25519

      - name: Create kubeadm inventory
        working-directory: nixos/kubeadm/scripts
        run: |
          cat > inventory.env << EOF
          SSH_USER=${{ secrets.KUBEADM_SSH_USER }}
          CP_1=${{ secrets.KUBEADM_CP_1_IP }}
          CP_2=${{ secrets.KUBEADM_CP_2_IP }}
          CP_3=${{ secrets.KUBEADM_CP_3_IP }}
          WK_1=${{ secrets.KUBEADM_WK_1_IP }}
          WK_2=${{ secrets.KUBEADM_WK_2_IP }}
          WK_3=${{ secrets.KUBEADM_WK_3_IP }}
          EOF

      - name: Validate nix installation
        run: |
          if [ ! -x /nix/var/nix/profiles/default/bin/nix ]; then
            echo "Nix not found at /nix/var/nix/profiles/default/bin/nix"
            exit 1
          fi

      - name: Run cluster rebuild and bootstrap
        env:
          PATH: /nix/var/nix/profiles/default/bin:${{ env.PATH }}
        run: |
          ./nixos/kubeadm/scripts/rebuild-and-bootstrap.sh