build: provision EKS cluster via OpenTofu #1

	name: Deploy Terraform
	on:
	push:
	branches:
	# - main
	# - staging
	- develop
	paths:
	- terraform/**
	pull_request:
	branches:
	# - main
	# - staging
	- develop
	paths:
	- terraform/**

	permissions:
	id-token: write
	contents: read

	defaults:
	run:
	working-directory: ./terraform

	env:
	AWS_REGION: ${{ vars.AWS_REGION \|\| 'us-east-1' }}
	DEPLOY_ENV: ${{ vars.DEPLOY_ENV \|\| 'develop' }}
	VAR_FILE: ${{ vars.VAR_FILE \|\| 'vars/develop.tfvars' }}

	jobs:
	deploy:
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup OpenTofu
	uses: opentofu/setup-opentofu@v1
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ env.AWS_REGION }}
	role-to-assume: ${{ secrets.AWS_OIDC_ROLE }}
	# TODO: this should likely include a HOT role as well
	# TODO: determine if GH envs preferred, set TF_VAR_
	- run: sed -i 's/DEPLOY_ROLE/${{ secrets.AWS_OIDC_ROLE }}/' ${{ env.VAR_FILE }}
	- name: TF Format
	id: fmt
	run: tofu fmt -no-color
	- name: TF Init
	id: init
	run: tofu init -var-file=${{ env.VAR_FILE }}
	- name: TF Validate
	id: validate
	run: tofu validate -no-color
	- name: TF Plan
	id: plan
	if: github.event_name == 'pull_request'
	run: tofu plan -no-color -input=false -var-file=${{ env.VAR_FILE }}
	- name: TF Apply
	if: github.event_name == 'push'
	run: \|
	tofu apply -target="module.vpc" -auto-approve -input=false -var-file=${{ env.VAR_FILE }}
	tofu apply -auto-approve -input=false -var-file=${{ env.VAR_FILE }}

Provide feedback