name: Terraform on: push: branches: [main] paths: - 'terraform/**' workflow_dispatch: inputs: action: description: 'Terraform action to run' required: true default: 'plan' type: choice options: - plan - apply - destroy jobs: terraform: runs-on: ubuntu-latest container: registry.lunarfront.tech/ryan/ci-runner:latest defaults: run: working-directory: terraform steps: - name: Checkout uses: actions/checkout@v4 - name: Terraform Init env: AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }} run: terraform init - name: Terraform Plan if: github.event_name == 'push' || inputs.action == 'plan' env: AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }} TF_VAR_do_token: ${{ secrets.DO_TOKEN }} TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }} TF_VAR_ssh_key_name: ${{ secrets.DO_SSH_KEY_NAME }} TF_VAR_domain: ${{ secrets.DOMAIN }} TF_VAR_admin_ip: ${{ secrets.ADMIN_IP }} run: terraform plan - name: Terraform Apply if: inputs.action == 'apply' env: AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }} TF_VAR_do_token: ${{ secrets.DO_TOKEN }} TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }} TF_VAR_ssh_key_name: ${{ secrets.DO_SSH_KEY_NAME }} TF_VAR_domain: ${{ secrets.DOMAIN }} TF_VAR_admin_ip: ${{ secrets.ADMIN_IP }} run: terraform apply -auto-approve - name: Terraform Destroy if: inputs.action == 'destroy' env: AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }} TF_VAR_do_token: ${{ secrets.DO_TOKEN }} TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }} TF_VAR_ssh_key_name: ${{ secrets.DO_SSH_KEY_NAME }} TF_VAR_domain: ${{ secrets.DOMAIN }} TF_VAR_admin_ip: ${{ secrets.ADMIN_IP }} run: terraform destroy -auto-approve