proxy/.github/workflows/deployment.yml

name: Build & Deploy

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  infrastructure:
    name: Build Infrastructure
    runs-on: ubuntu-latest

    steps:
      - name: Checkout to Repository
        uses: actions/checkout@v2

      - name: Set-up Terraform
        uses: hashicorp/setup-terraform@v2

      - name: Format Terraform
        run: terraform fmt -check
        working-directory: ./terraform

      - name: Initialize Terraform Back-end
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        run: terraform init
        working-directory: ./terraform

      - name: Terraform Plan
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        run: terraform plan -out=tfplan -no-color
        working-directory: ./terraform

      - name: Check if there are changes
        id: check_changes
        run: |
          if [ -n "$(terraform show -no-color tfplan | grep -E 'No changes.')" ]; then
            echo "No changes detected."
            echo "::set-output name=changes::false"
          else
            echo "Changes detected."
            echo "::set-output name=changes::true"
          fi
        working-directory: ./terraform

      - name: Terraform Apply
        if: ${{ (steps.check_changes.outputs.changes == 'true') && (github.ref == 'refs/heads/main') }}
        run: terraform apply -auto-approve tfplan
        working-directory: ./terraform
  
  build:
    name: Deploy Application
    runs-on: ubuntu-latest
    steps:
      - name: Checkout to Repository
        uses: actions/checkout@v4

      - name: Use Python 3.13
        uses: actions/setup-python@v5
        with:
          python-version: '3.13'
          cache: pip
      
      - name: Install Dependencies
        run: pip install -r requirements.txt

      - name: Lint Playbooks
        run: ansible-lint
        working-directory: ./playbooks

      - name: Run Playbook
        if: ${{ github.ref == 'refs/heads/main' }}
        run: ansible-playbook deployment.yml
        working-directory: ./playbooks