survey-extraction/.github/workflows/teraform.yml

name: "Terraform CI/CD"

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

permissions:
  id-token: write   # Needed for OIDC
  contents: read

jobs:
  terraform:
    name: "Terraform Plan & Apply"
    runs-on: ubuntu-latest

    env:
      AWS_REGION: "eu-north-1"
      BUCKET_NAME: "survey-extractor-tf-state"

    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Configure AWS Credentials (OIDC)
        if: env.AWS_ACCESS_KEY_ID == ''
        uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/TerraformGitHubRole
          aws-region: ${{ env.AWS_REGION }}

      - name: Configure AWS Credentials (IAM User)
        if: env.AWS_ACCESS_KEY_ID != ''
        run: |
          echo "Setting up AWS Credentials..."
          # aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
          # aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
          # aws configure set region $AWS_REGION

      # - name: Setup Terraform
      #   uses: hashicorp/setup-terraform@v3

      # - name: Terraform Init
      #   run: terraform init

      # - name: Terraform Format Check
      #   run: terraform fmt -check

      # - name: Terraform Plan
      #   run: terraform plan -out=tfplan

      # - name: Terraform Apply (Main Branch Only)
      #   if: github.ref == 'refs/heads/main'
      #   run: terraform apply -auto-approve tfplan