name: Terraform

on:
  push:
    branches: [ main ]

jobs:
  terraform:
    runs-on: ssot

    defaults:
      run:
        working-directory: terraform

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3

      - name: Terraform Init
        run: terraform init -input=false

      - name: Terraform Validate
        run: terraform validate

      - name: Terraform Plan
        run: terraform plan -input=false -out=tfplan

      - name: Upload plan
        uses: actions/upload-artifact@v3
        with:
          name: terraform-plan
          path: terraform/tfplan

      # Optional: apply only on main
      - name: Terraform Apply
        if: github.ref == 'refs/heads/main'
        run: terraform apply -input=false -auto-approve tfplan