added sensible gitignore file to terraform

2026-06-08 11:17:29 +00:00 · 2025-03-31 14:29:46 +00:00 · 2025-03-31 14:29:46 +00:00 · fabccf4eba
commit fabccf4eba
parent 7d28ae938c
2 changed files with 80 additions and 0 deletions
--- a/.github/workflows/teraform.yml
+++ b/.github/workflows/teraform.yml
@ -0,0 +1,57 @@
+name: "Terraform CI/CD"
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write   # Needed for OIDC
+  contents: read
+
+jobs:
+  terraform:
+    name: "Terraform Plan & Apply"
+    runs-on: ubuntu-latest
+
+    env:
+      AWS_REGION: "eu-north-1"
+      BUCKET_NAME: "survey-extractor-terraform-state"
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials (OIDC)
+        if: env.AWS_ACCESS_KEY_ID == ''
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/TerraformGitHubRole
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Configure AWS Credentials (IAM User)
+        if: env.AWS_ACCESS_KEY_ID != ''
+        run: |
+          echo "Setting up AWS Credentials..."
+          aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
+          aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
+          aws configure set region $AWS_REGION
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Format Check
+        run: terraform fmt -check
+
+      - name: Terraform Plan
+        run: terraform plan -out=tfplan
+
+      - name: Terraform Apply (Main Branch Only)
+        if: github.ref == 'refs/heads/main'
+        run: terraform apply -auto-approve tfplan
--- a/deployment/.gitignore
+++ b/deployment/.gitignore
@ -0,0 +1,23 @@
+# Terraform state files (store sensitive info)
+*.tfstate
+*.tfstate.backup
+
+# Terraform logs
+.crash.log
+
+# Ignore Terraform's `.terraform` directory (contains provider plugins, local settings, etc.)
+.terraform/
+.terraform.lock.hcl
+
+# Ignore Terraform execution plan files
+*.tfplan
+
+# Ignore sensitive AWS credentials (if using IAM user credentials)
+.aws/
+
+# Ignore editor-specific files (optional)
+.vscode/
+.idea/
+.DS_Store
+*.swp
+