name: Terraform CI/CD

on:
  push:
    branches:
      - "**"
  pull_request:

jobs:
  terraform:
    runs-on: ssot

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3
        with:
          terraform_version: 1.6.6

      - name: Terraform Init
        run: terraform init -input=false

      - name: Terraform Format
        run: terraform fmt -check -recursive

      - name: Terraform Validate
        run: terraform validate

      - name: Terraform Plan
        run: |
          terraform plan \
            -input=false \
            -out=tfplan

      - name: Show Terraform Plan
        run: terraform show -no-color tfplan > plan.txt

      - name: Upload plan artifact
        uses: actions/upload-artifact@v3
        with:
          name: terraform-plan
          path: |
            tfplan
            plan.txt

      - name: Terraform Apply
        if: github.ref == 'refs/heads/main'
        run: terraform apply -input=false -auto-approve tfplan