iac_modules/.github/workflows/iac-pipeline-aws-global-resources-matrix.yaml

name: AWS Cloud IAC Pipeline (Resources Matrix)

on:
  push:
  pull_request:
    paths:
    paths:
      - '.github/workflows/iac-pipeline-aws-resources-matrix.yaml'
      - 'terraform-hcl-standard/aws-cloud/component/ec2/**'
      - 'terraform-hcl-standard/aws-cloud/component/s3/**'
  workflow_dispatch:
    inputs:
      deploy_action:
        type: choice
        options: [plan, apply, destroy]
        default: plan

permissions:
  id-token: write
  contents: read

env:
  BASE_DIR: terraform-hcl-standard/aws-cloud/component
  AWS_REGION: ap-northeast-1
  DEPLOY_ACTION: ${{ github.event.inputs.deploy_action || 'plan' }}
  AWS_ROLE_ARN: arn:aws:iam::950604983695:role/GithubAction_IAC_Deploy_Role

jobs:
  terraform:
    name: "${{ matrix.component }} :: pipeline (action=${{ inputs.deploy_action }})"
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        component:
          - s3
          - ec2

    steps:
      - uses: actions/checkout@v4

      - uses: hashicorp/setup-terraform@v3
        with:
          terraform_version: 1.9.5

      - uses: terraform-linters/setup-tflint@v4
        with:
          tflint_version: v0.51.0

      - uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: ${{ env.AWS_REGION }}
          role-to-assume: ${{ env.AWS_ROLE_ARN }}

      - name: Init
        working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
        run: make init

      - name: Plan
        working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
        run: make plan

      - name: Apply
        working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
        if: ${{ env.DEPLOY_ACTION == 'apply' }}
        run: make apply

      - name: Destroy
        working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
        if: ${{ env.DEPLOY_ACTION == 'destroy' }}
        run: make destroy

      - name: Skip Apply/Destroy
        if: ${{ env.DEPLOY_ACTION != 'apply' && env.DEPLOY_ACTION != 'destroy' }}
        run: echo "Action set to plan → skipping apply/destroy steps."

      - name: Output
        working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
        if: ${{ env.DEPLOY_ACTION == 'apply' }}
        run: terraform output -json