From b03d7b14570ced071577bced163bc85da0cda360 Mon Sep 17 00:00:00 2001
From: LamSut <lamsut0007@gmail.com>
Date: Wed, 16 Oct 2024 09:27:55 +0700
Subject: [PATCH] fix gitlab file

---
 .github/workflows/main.yml | 80 +++++++++++++++++++++++++-------------
 1 file changed, 52 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ad68ae2..c18024b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,4 +1,4 @@
-name: Terraform Workflow
+name: Terraform Pipeline
 
 on:
   push:
@@ -7,49 +7,73 @@ on:
 env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_DEFAULT_REGION: us-east-1
+  AWS_DEFAULT_REGION: "us-east-1"
 
 jobs:
-  terraform:
+  validate:
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up Terraform
+      - name: Install Terraform
         uses: hashicorp/setup-terraform@v2
-        with:
-          terraform_version: latest
 
-      - name: Cache Terraform modules (optional)
-        uses: actions/cache@v3
-        with:
-          path: ~/.terraform/modules
-          key: ${{ runner.os }}-terraform-${{ hashFiles('.terraform') }}
-          restore-keys: |
-            ${{ runner.os }}-terraform-
+      - name: Validate Terraform configuration
+        run: terraform validate
+
+  plan:
+    runs-on: ubuntu-latest
+    needs: validate
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v2
 
       - name: Initialize Terraform
         run: terraform init
 
-      - name: Validate Terraform configuration
-        run: terraform validate
-
-      - name: Create Terraform plan (optional)
+      - name: Create Terraform plan
         run: terraform plan -out=planfile
-        outputs: plan_file: planfile
 
-      - name: Upload plan artifacts (optional)
+      - name: Upload planfile artifact
         uses: actions/upload-artifact@v3
         with:
-          name: terraform-plan
-          if: steps.plan.outputs.plan_file
-          path: ${{ steps.plan.outputs.plan_file }}
+          name: planfile
+          path: planfile
 
-      - name: Apply Terraform changes (manual)
-        run: terraform apply planfile
-        needs: apply
+  apply:
+    runs-on: ubuntu-latest
+    needs: plan
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v2
+
+      - name: Download planfile artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: planfile
+          path: .
+
+      - name: Apply Terraform changes (manual approval required)
+        run: terraform apply -input=false planfile
+        env:
+          TF_IN_AUTOMATION: true  # Discourage manual approval in production
+        if: github.event.inputs.apply  # Manual trigger
+
+  destroy:
+    runs-on: ubuntu-latest
+    needs: apply
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v2
 
-      - name: Destroy infrastructure (manual)
+      - name: Destroy Terraform resources (manual approval required)
         run: terraform destroy --auto-approve
-        needs: destroy
\ No newline at end of file
+        env:
+          TF_IN_AUTOMATION: true  # Discourage manual approval in production
+        if: github.event.inputs.destroy  # Manual trigger
\ No newline at end of file