# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file
# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run
# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events
# to the "main" branch, `terraform apply` will be executed.
#
# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform
#
# To use this workflow, you will need to complete the following setup steps.
#
# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined.
#   Example `main.tf`:
#     # The configuration for the `remote` backend.
#     terraform {
#       backend "remote" {
#         # The name of your Terraform Cloud organization.
#         organization = "example-organization"
#
#         # The name of the Terraform Cloud workspace to store Terraform state files in.
#         workspaces {
#           name = "example-workspace"
#         }
#       }
#     }
#
#     # An example resource that does nothing.
#     resource "null_resource" "example" {
#       triggers = {
#         value = "A example resource that does nothing!"
#       }
#     }
#
#
# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository.
#   Documentation:
#     - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
#     - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
#
# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
#   Example:
#     - name: Setup Terraform
#       uses: hashicorp/setup-terraform@v1
#       with:
#         cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}

name: 'IaC - Deployment'
# this is triggered when there is a pull request on the below path, where the PR type is opened or reopened
on: workflow_dispatch
#on:
#  push:
#    branches:
#      - main
#    paths:
#      - 'iac/terraform/**'


#permissions:
#  contents: read

defaults:
  run:
    shell: bash
    working-directory: ./iac/terraform
env:
      ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} 
      ARM_CLIENT_SECRET: ${{secrets.ARM_CLIENT_SECRET}}
      ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
      ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}

jobs:
  Terraform-Plan:
    name: 'Plan_Job'
    runs-on: ubuntu-latest
    steps:
    # Checkout the repository to the GitHub Actions runner
    - name: Checkout
      uses: actions/checkout@v3
    # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v1
    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
    - name: Terraform Init
      run: terraform init -lock=false -backend-config=storage_account_name="${{secrets.TFSTATE_STORAGE_ACCOUNT_NAME}}" -backend-config=container_name="${{secrets.TFSTATE_STORAGE_CONTAINER_NAME}}" -backend-config=key="${{secrets.TFSTATE_KEY}}" -backend-config=resource_group_name="${{secrets.TFSTATE_RESOURCES_GROUP_NAME}}"
    - name: Terraform Plan
      run: terraform plan -lock=false -var="location=${{secrets.LOCATION}}"
  Terraform-Apply:
    name: 'Deploy_Job'
    runs-on: ubuntu-latest
    needs: Terraform-Plan
    environment: production
    steps:
    # Checkout the repository to the GitHub Actions runner
    - name: Checkout
      uses: actions/checkout@v3
    # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v1
    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
    - name: Terraform Init
      run: terraform init -lock=false -backend-config=storage_account_name="${{secrets.TFSTATE_STORAGE_ACCOUNT_NAME}}" -backend-config=container_name="${{secrets.TFSTATE_STORAGE_CONTAINER_NAME}}" -backend-config=key="${{secrets.TFSTATE_KEY}}" -backend-config=resource_group_name="${{secrets.TFSTATE_RESOURCES_GROUP_NAME}}"
    - uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    - name: Terraform Apply
      run: terraform apply --auto-approve -var="location=${{secrets.LOCATION}}"