name: OpenTofu

on:
  push:
    branches:
      - master
    paths:
      - main.tf
      - .terraform.lock.hcl

permissions:
  contents: read

jobs:
  opentofu:
    name: OpenTofu
    runs-on: ubuntu-latest
    defaults:
      run:
        shell: bash
    steps:
      - name: Checkout Repo
        uses: actions/checkout@v3

      - name: Setup OpenTofu
        uses: opentofu/setup-opentofu@v1

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-1 # just a random region (also used in main.tf)

      - run: tofu init
      - run: tofu fmt -check
      - run: tofu plan -input=false
      - run: tofu apply -auto-approve -input=false