change workflow

Author: brunograna

.github/workflows/develop.yml

@@ -0,0 +1,20 @@
+name: DEV DEPLOY
+
+on:
+  push:
+    branches:
+      - develop
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  terraform:
+    uses: "./.github/workflows/terraform.yml"
+    with:
+      aws-assume-role-arn: "arn:aws:iam::179916804929:role/github-actions-brunograna-pipeline-test"
+      environment: "dev"
+      aws-region: "sa-east-1"
+      aws-statefile-s3-bucket: "brunograna-sa-east-1-terraform-statefile"
+      aws-lock-dynamodb-table: "buildrun-terraform-state-lock"

.github/workflows/main.yml

@@ -0,0 +1,20 @@
+name: PROD DEPLOY
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  terraform:
+    uses: "./.github/workflows/terraform.yml"
+    with:
+      aws-assume-role-arn: "arn:aws:iam::179916804929:role/github-actions-brunograna-pipeline-test"
+      environment: "prod"
+      aws-region: "sa-east-1"
+      aws-statefile-s3-bucket: "brunograna-sa-east-1-terraform-statefile"
+      aws-lock-dynamodb-table: "buildrun-terraform-state-lock"

.github/workflows/terraform-dev.yml

@@ -0,0 +1,82 @@
+name: Terraform Workflow
+
+on:
+  workflow_call:
+    inputs:
+      aws-assume-role-arn:
+        required: true
+        type: string
+      environment:
+        required: true
+        type: string
+      aws-region:
+        required: true
+        type: string
+      aws-statefile-s3-bucket:
+        required: true
+        type: string
+      aws-lock-dynamodb-table:
+        required: true
+        type: string
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.8.3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ inputs.aws-assume-role-arn }}
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          aws-region: ${{ inputs.aws-region }}
+
+      - name: Read destroy configuration
+        id: read-destroy-config
+        run: |
+          DESTROY="$(jq -r '.${{ inputs.environment }}' ./infra/destroy_config.json)"
+          echo "destroy=$(echo $DESTROY)" >> $GITHUB_OUTPUT
+
+      - name: Terraform Init
+        run: |
+          cd infra && terraform init \
+            -backend-config="bucket=${{ inputs.aws-statefile-s3-bucket }}" \
+            -backend-config="key=${{ github.event.repository.name }}" \
+            -backend-config="region=${{ inputs.aws-region }}" \
+            -backend-config="dynamodb_table=${{ inputs.aws-lock-dynamodb-table }}"
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: Terraform Destroy
+        if: steps.read-destroy-config.outputs.destroy == 'true'
+        id: terraform-destroy
+        run: cd infra &&
+          terraform workspace select ${{ inputs.environment }} || terraform workspace new ${{ inputs.environment }} &&
+          terraform destroy -var-file="./envs/${{ inputs.environment }}/terraform.tfvars" -auto-approve
+
+      - name: Terraform Plan
+        if: steps.read-destroy-config.outputs.destroy != 'true'
+        id: terraform-plan
+        run: cd infra &&
+          terraform workspace select ${{ inputs.environment }} || terraform workspace new ${{ inputs.environment }} &&
+          terraform plan -var-file="./envs/${{ inputs.environment }}/terraform.tfvars" -out="${{ inputs.environment }}.plan"
+
+      - name: Terraform Apply
+        id: terraform-apply
+        if: steps.read-destroy-config.outputs.destroy != 'true'
+        run: cd infra &&
+          terraform workspace select ${{ inputs.environment }} || terraform workspace new ${{ inputs.environment }} &&
+          terraform apply "${{ inputs.environment }}.plan"