Add actions (#1)

Reviewed-on: #1

.gitea/CODEOWNERS

@@ -0,0 +1 @@
+*   @luke

.gitea/workflows/ci.yml

@@ -0,0 +1,58 @@
+name: CI
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4.2.2
+
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1
+
+      - name: OpenTofu fmt
+        id: fmt
+        run: tofu fmt -check
+        continue-on-error: true
+
+      - name: OpenTofu init
+        id: init
+        run: tofu init
+
+      - name: OpenTofu validate
+        id: validate
+        run: tofu validate -no-color
+
+      - name: OpenTofu refresh
+        id: validate
+        run: tofu refresh
+        continue-on-error: true
+
+      - name: OpenTofu plan
+        id: plan
+        run: tofu plan -no-color
+        continue-on-error: true
+
+      - name: Post comment to PR
+        if: gitea.event_name == 'pull_request'
+        env:
+          PLAN: "tofu\n${{ steps.plan.outputs.stdout }}"
+        run: |
+          export PR_NUMBER="${{ gitea.event.number }}"
+          sed -i "s+[FMT_OUTCOME]+${{ steps.fmt.outcome }}+g" pr_comment.md
+          sed -i "s+[INIT_OUTCOME]+${{ steps.init.outcome }}+g" pr_comment.md
+          sed -i "s+[VALIDATE_OUTCOME]+${{ steps.validate.outcome }}+g" pr_comment.md
+          sed -i "s+[VALIDATE_OUTPUT]+${{ steps.validate.outputs.stdout }}+g" pr_comment.md
+          sed -i "s+[PLAN_OUTCOME]+${{ steps.plan.outcome }}+g" pr_comment.md
+          curl -X POST \
+            -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{\"body\": \"$(cat pr_comment.md)\"}" \
+            "https://${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/$PR_NUMBER/comments"

.gitea/workflows/deploy.yml

@@ -0,0 +1,37 @@
+name: Deploy
+on:
+  push:
+    branches:
+      - main
+      paths:
+      - tf/**
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4.2.2
+
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1
+
+      - name: OpenTofu init
+        id: init
+        run: tofu init
+
+      - name: OpenTofu validate
+        id: validate
+        run: tofu validate -no-color
+
+      - name: OpenTofu refresh
+        id: validate
+        run: tofu refresh
+
+      - name: OpenTofu plan
+        id: plan
+        run: tofu plan -no-color -out /tmp/plan.tfplan
+
+      - name: OpenTofu apply
+        id: apply
+        run: tofu apply /tmp/plan.tfplan

pr_comment.md

@@ -0,0 +1,21 @@
+#### OpenTofu Format and Style 🖌  [FMT_OUTCOME]
+#### OpenTofu Initialization ⚙️ [INIT_OUTCOME]
+#### OpenTofu Validation 🤖 [VALIDATE_OUTCOME]
+
+<details><summary>Validation Output</summary>
+
+\`\`\`\n
+[VALIDATE_OUTPUT]
+\`\`\`
+
+</details>
+
+#### OpenTofu Plan 📖 [PLAN_OUTCOME]
+
+<details><summary>Show Plan</summary>
+
+\`\`\`\n
+[PLAN_OUTPUT]
+\`\`\`
+
+</details>

renovate.json

@@ -0,0 +1,20 @@
+{
+  "assignAutomerge": false,
+  "assigneesFromCodeOwners": false,
+  "dependencyDashboardAutoclose": true,
+  "extends": ["config:recommended"],
+  "ignorePaths": ["**/.archive/**"],
+  "labels": ["type/dependencies"],
+  "platformCommit": "enabled",
+  "rebaseWhen": "behind-base-branch",
+  "rollbackPrs": true,
+  "vulnerabilityAlerts": {
+    "commitMessagePrefix": "[SECURITY] ",
+    "enabled": true,
+    "labels": ["security"],
+    "prCreation": "immediate"
+  },
+  "lockFileMaintenance": {
+    "enabled": true
+  }
+}