Model/.github/workflows/deploy_terraform.yml

name: Deploy infrastructure

on:
  push:
    branches:
      - "**"

env:
  AWS_REGION: eu-west-2

  # Temporary until we have more environemnts. You'll just need export STAGE dynamically in the future
  STAGE: dev

jobs:
  # ============================================================
  # 1️⃣ Shared Terraform (plan only for now)
  # ============================================================
  shared_terraform:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          # This will need to be changed to env imports when we have different env to dynamically allocate prod, staging etc
          aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3

      - name: Terraform Init (shared)
        working-directory: infrastructure/terraform/shared
        run: terraform init -reconfigure

      - name: Terraform Workspace (shared)
        working-directory: infrastructure/terraform/shared
        run: terraform workspace select ${STAGE} || terraform workspace new ${STAGE}

      - name: Terraform Plan (shared)
        working-directory: infrastructure/terraform/shared
        run: terraform plan -var-file=${STAGE}.tfvars -out=tfplan

      # - name: Terraform Apply (shared)
      #   working-directory: infrastructure/terraform/shared
      #   run: terraform apply -auto-approve -var-file=${STAGE}.tfvars tfplan

  # ============================================================
  # 2️⃣ Build Docker image (tag = GitHub SHA, digest resolved)
  # ============================================================
  image:
    uses: ./.github/workflows/_build_docker_image.yml
    with:
      # ecr_repo will need to changed to dynamic env in the future
      ecr_repo: address2uprn-dev
      aws_region: ${{ env.AWS_REGION }}
      dockerfile_path: backend/address2UPRN/Dockerfile
      build_context: backend/address2UPRN
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}

  # # ============================================================
  # # 3️⃣ Deploy Lambda (Terraform, immutable digest)
  # # ============================================================
  # deploy_lambda:
  #   needs: image
  #   uses: ./.github/workflows/_deploy_lambda.yml
  #   with:
  #     lambda_name: address2uprn
  #     lambda_path: infrastructure/terraform/lambda/address2uprn
  #     stage: ${{ env.STAGE }}
  #     aws_region: ${{ env.AWS_REGION }}
  #     image_digest: ${{ needs.image.outputs.image_digest }}
  #   secrets:
  #     AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
  #     AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
  #     AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}