name: Docs destroy
on:
  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
    types: [closed]

permissions: {}

env:
  TG_NON_INTERACTIVE: 'true'

jobs:
  deploy:
    name: Docs Destroy
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}

      - name: Setup Mise
        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0

      - name: Destroy Docs Subdomain
        env:
          TF_VAR_prefix_name: 'pr-${{ github.event.number }}'
          TF_VAR_prefix_event_type: 'pr'
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
        working-directory: 'deployment/modules/cloudflare/docs'
        run: 'mise run //deployment:tf destroy -- -refresh=false'

      - name: Comment
        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
        with:
          token: ${{ steps.token.outputs.token }}
          number: ${{ github.event.number }}
          delete: true
          body-include: '<!-- Docs PR URL -->'