From fabccf4eba6f0922876b76fb9b96f4294806fbcf Mon Sep 17 00:00:00 2001
From: Jun-te Kim <junte@domna.homes>
Date: Mon, 31 Mar 2025 14:29:46 +0000
Subject: [PATCH] added sensible gitignore file to terraform

---
 .github/workflows/teraform.yml | 57 ++++++++++++++++++++++++++++++++++
 deployment/.gitignore          | 23 ++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 .github/workflows/teraform.yml
 create mode 100644 deployment/.gitignore

diff --git a/.github/workflows/teraform.yml b/.github/workflows/teraform.yml
new file mode 100644
index 0000000..f573ba4
--- /dev/null
+++ b/.github/workflows/teraform.yml
@@ -0,0 +1,57 @@
+name: "Terraform CI/CD"
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write   # Needed for OIDC
+  contents: read
+
+jobs:
+  terraform:
+    name: "Terraform Plan & Apply"
+    runs-on: ubuntu-latest
+
+    env:
+      AWS_REGION: "eu-north-1"
+      BUCKET_NAME: "survey-extractor-terraform-state"
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials (OIDC)
+        if: env.AWS_ACCESS_KEY_ID == ''
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/TerraformGitHubRole
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Configure AWS Credentials (IAM User)
+        if: env.AWS_ACCESS_KEY_ID != ''
+        run: |
+          echo "Setting up AWS Credentials..."
+          aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
+          aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
+          aws configure set region $AWS_REGION
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Format Check
+        run: terraform fmt -check
+
+      - name: Terraform Plan
+        run: terraform plan -out=tfplan
+
+      - name: Terraform Apply (Main Branch Only)
+        if: github.ref == 'refs/heads/main'
+        run: terraform apply -auto-approve tfplan
\ No newline at end of file
diff --git a/deployment/.gitignore b/deployment/.gitignore
new file mode 100644
index 0000000..342e48f
--- /dev/null
+++ b/deployment/.gitignore
@@ -0,0 +1,23 @@
+# Terraform state files (store sensitive info)
+*.tfstate
+*.tfstate.backup
+
+# Terraform logs
+.crash.log
+
+# Ignore Terraform's `.terraform` directory (contains provider plugins, local settings, etc.)
+.terraform/
+.terraform.lock.hcl
+
+# Ignore Terraform execution plan files
+*.tfplan
+
+# Ignore sensitive AWS credentials (if using IAM user credentials)
+.aws/
+
+# Ignore editor-specific files (optional)
+.vscode/
+.idea/
+.DS_Store
+*.swp
+