Add Terraform Plan workflow for manual dispatch

Author: bentoluizv

.github/workflows/tf_plan_dispatch.yaml

@@ -0,0 +1,58 @@
+name: Terraform Plan from PR
+
+on:
+  workflow_dispatch:
+
+env:
+  TF_VAR_aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
+  TF_VAR_aws_region: ${{ secrets.AWS_REGION }}
+  TF_VAR_github_actions_role_arn: ${{ secrets.GH_ACTIONS_ROLE_ARN }}
+  TF_VAR_service_url_registration_api_solana: ${{ secrets.SERVICE_URL_REGISTRATION_API_SOLANA }}
+  TF_VAR_service_api_key_registration_api_solana: ${{ secrets.SERVICE_API_KEY_REGISTRATION_API_SOLANA }}
+  TF_VAR_tech_floripa_certificate_validate_url: ${{ secrets.TECH_FLORIPA_CERTIFICATE_VALIDATE_URL }}
+  TF_VAR_api_key_value: ${{ secrets.API_KEY_VALUE }}
+  TFPLAN_S3_BUCKET: tech-floripa-plan-artifacts
+  GH_TOKEN: ${{ github.token }}
+
+permissions:
+  contents: read
+  pull-requests: write
+  id-token: write
+
+jobs:
+  plan:
+    strategy:
+      matrix:
+        include:
+          - dir: terraform
+            env: shared
+          - dir: terraform/env/dev
+            env: dev
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+
+      - uses: hashicorp/setup-terraform@v3
+
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.TF_VAR_github_actions_role_arn }}
+          aws-region: ${{ env.TF_VAR_aws_region }}
+          role-session-name: TerraformPlanSession-${{ matrix.env }}
+
+      - name: Terraform Init
+          run: |
+            set -euo pipefail
+            terraform plan -input=false -out=tfplan
+            terraform show -no-color tfplan > plan-output.txt
+            echo "## Terraform Plan (${{ matrix.env }})"
+            echo '```hcl'
+            cat plan-output.txt
+            echo '```'
+            echo '```hcl'
+            cat plan-output.txt
+            echo '```'
+          } > plan-comment.md
+
+        working-directory: ${{ matrix.dir }}