name: Deploy Proxmox Infra on: workflow_dispatch: push: branches: - main paths: - '01-proxmox-infra/**' - '.gitea/workflows/**' pull_request: branches: - main paths: - '01-proxmox-infra/**' - '.gitea/workflows/**' jobs: preview: name: Pulumi Preview runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - name: Checkout Code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '24' - name: Restore Stack Config run: echo "${{ secrets.PROXMOX_INFRA_PULUMI_DEV_YAML }}" | base64 -d > 01-proxmox-infra/Pulumi.dev.yaml - name: Install Dependencies run: npm ci working-directory: 01-proxmox-infra - name: Install Pulumi CLI run: curl -fsSL https://get.pulumi.com | sh && echo "$HOME/.pulumi/bin" >> $GITHUB_PATH - name: Generate Local pfSense SDK run: pulumi package add terraform-provider marshallford/pfsense 0.22.0 working-directory: 01-proxmox-infra - name: Preview uses: pulumi/actions@v5 with: command: preview stack-name: dev work-dir: 01-proxmox-infra cloud-url: ${{ secrets.PULUMI_BACKEND_URL }} env: PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }} deploy: name: Pulumi Deploy runs-on: ubuntu-latest if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' steps: - name: Checkout Code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '24' - name: Restore Stack Config run: echo "${{ secrets.PROXMOX_INFRA_PULUMI_DEV_YAML }}" | base64 -d > 01-proxmox-infra/Pulumi.dev.yaml - name: Install Dependencies run: npm ci working-directory: 01-proxmox-infra - name: Install Pulumi CLI run: curl -fsSL https://get.pulumi.com | sh && echo "$HOME/.pulumi/bin" >> $GITHUB_PATH - name: Generate Local pfSense SDK run: pulumi package add terraform-provider marshallford/pfsense 0.22.0 working-directory: 01-proxmox-infra - name: Shutdown VMs run: | pulumi login "$PULUMI_BACKEND_URL" PVE1=$(pulumi stack output --stack dev --show-secrets pve1Endpoint) TOKEN1=$(pulumi stack output --stack dev --show-secrets pve1ApiToken) PVE2=$(pulumi stack output --stack dev --show-secrets pve2Endpoint) TOKEN2=$(pulumi stack output --stack dev --show-secrets pve2ApiToken) IDS=$(pulumi stack output --stack dev --json vmIds) M1=$(echo "$IDS" | jq -r .master1) M2=$(echo "$IDS" | jq -r .master2) W1=$(echo "$IDS" | jq -r .worker1) M3=$(echo "$IDS" | jq -r .master3) W2=$(echo "$IDS" | jq -r .worker2) for id in $M1 $M2 $W1; do curl -sf -k -X POST "$PVE1/api2/json/nodes/pve/qemu/$id/status/shutdown" \ -H "Authorization: PVEAPIToken=$TOKEN1" || true done for id in $M3 $W2; do curl -sf -k -X POST "$PVE2/api2/json/nodes/pve-bckp/qemu/$id/status/shutdown" \ -H "Authorization: PVEAPIToken=$TOKEN2" || true done wait_stopped() { local ep=$1 tok=$2 node=$3 id=$4 for i in $(seq 1 36); do status=$(curl -sf -k "$ep/api2/json/nodes/$node/qemu/$id/status/current" \ -H "Authorization: PVEAPIToken=$tok" | jq -r .data.status) [ "$status" = "stopped" ] && return 0 sleep 5 done echo "Timeout: VM $id did not stop within 3 minutes" && exit 1 } for id in $M1 $M2 $W1; do wait_stopped "$PVE1" "$TOKEN1" pve "$id"; done for id in $M3 $W2; do wait_stopped "$PVE2" "$TOKEN2" pve-bckp "$id"; done working-directory: 01-proxmox-infra env: PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }} PULUMI_BACKEND_URL: ${{ secrets.PULUMI_BACKEND_URL }} - name: Refresh State uses: pulumi/actions@v5 with: command: refresh stack-name: dev work-dir: 01-proxmox-infra cloud-url: ${{ secrets.PULUMI_BACKEND_URL }} env: PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }} - name: Deploy uses: pulumi/actions@v5 with: command: up stack-name: dev work-dir: 01-proxmox-infra cloud-url: ${{ secrets.PULUMI_BACKEND_URL }} env: PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}