Tofu Plan #29

	# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

	name: Tofu Plan

	on:
	workflow_dispatch:
	inputs:
	environment:
	type: choice
	description: Environment
	required: true
	options:
	- staging
	- prod

	permissions:
	contents: read
	id-token: write

	jobs:
	plan:
	runs-on: ubuntu-latest
	environment:
	name: ${{ github.event.inputs.environment }}
	steps:
	- name: Config Directory
	run: echo "Tofu config directory ./terraform/config/${{ github.event.inputs.environment }}"

	- name: Checkout
	uses: actions/checkout@v5

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ vars.AWS_ROLE_ARN }}
	aws-region: ${{ vars.AWS_REGION }}
	audience: "sts.amazonaws.com"
	role-session-name: "GitHubActions-${{ github.run_id }}"
	mask-aws-account-id: false
	role-duration-seconds: 900 # 15 minutes

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2

	- name: Setup OpenTofu
	uses: opentofu/setup-opentofu@v1

	- name: Initialize OpenTofu
	working-directory: ./terraform/config/${{ github.event.inputs.environment }}
	run: tofu init

	- name: Get OpenTofu version
	working-directory: ./terraform/config/${{ github.event.inputs.environment }}
	run: tofu --version

	- name: Apply tofu plan
	working-directory: ./terraform/config/${{ github.event.inputs.environment }}
	run: tofu plan -input=false

	- name: Output stderr
	if: always()
	run: echo ${{ steps.plan.outputs.stderr }}

	- name: Output exitcode
	if: always()
	run: echo ${{ steps.plan.outputs.exitcode }}

Provide feedback