Final Code Updated

Author: Riteshatri

.github/workflows/dev.yaml

@@ -35,9 +35,9 @@ jobs:
     with:
       environment:  dev
       tfvars_file:  environments/dev.tfvars
-      rgname:       ritkargvdev
-      saname:       ritkasavdev
-      scname:       ritkascvdev
+      rgname:       ritkargv
+      saname:       ritkasav
+      scname:       ritkascv
       key:          dev.tfstate
 
       # Run toggles
@@ -57,7 +57,6 @@ jobs:
 
       # ✔ Apply approval only during manual trigger
       useEnvironmentApply:   ${{ github.event_name == 'workflow_dispatch' && inputs.use_environment_apply == true }}
-
       useEnvironmentDestroy: ${{ github.event_name == 'workflow_dispatch' && inputs.use_environment_destroy == true }}
 
     secrets:

.github/workflows/terraform-multi.yml

@@ -56,53 +56,29 @@ jobs:
 
       - name: Compute and print inputs + derived toggles
         env:
-          # raw inputs (workflow_dispatch boolean inputs)
-          input_use_environment_init:    ${{ inputs.use_environment_init }}
-          input_do_init:                 ${{ inputs.do_init }}
-          input_use_environment_plan:    ${{ inputs.use_environment_plan }}
-          input_do_plan:                 ${{ inputs.do_plan }}
-          input_use_environment_apply:   ${{ inputs.use_environment_apply }}
-          input_do_apply:                ${{ inputs.do_apply }}
-          input_use_environment_destroy: ${{ inputs.use_environment_destroy }}
-          input_do_destroy:              ${{ inputs.do_destroy }}
-
-          # Derived run toggles (what your reusable workflow expects)
-          # run on push OR when corresponding input is true
-          run_init:   ${{ github.event_name == 'push' || inputs.do_init }}
-          run_plan:   ${{ github.event_name == 'push' || inputs.do_plan }}
-          run_apply:  ${{ github.event_name == 'push' || inputs.do_apply }}
-          run_destroy: ${{ github.event_name == 'workflow_dispatch' && inputs.do_destroy }}
-
-          # Derived environment-approval toggles: push should force approval for apply
-          use_env_init:    ${{ github.event_name == 'workflow_dispatch' && inputs.use_environment_init }}
-          use_env_plan:    ${{ github.event_name == 'workflow_dispatch' && inputs.use_environment_plan }}
-          use_env_apply:   ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.use_environment_apply) }}
-          use_env_destroy: ${{ github.event_name == 'workflow_dispatch' && inputs.use_environment_destroy }}
-        run: |
-          echo "---- Raw inputs (workflow_dispatch) ----"
-          echo "use_environment_init:    $input_use_environment_init"
-          echo "do_init:                 $input_do_init"
-          echo "use_environment_plan:    $input_use_environment_plan"
-          echo "do_plan:                 $input_do_plan"
-          echo "use_environment_apply:   $input_use_environment_apply"
-          echo "do_apply:                $input_do_apply"
-          echo "use_environment_destroy: $input_use_environment_destroy"
-          echo "do_destroy:              $input_do_destroy"
-          echo ""
+          # inputs provided by the caller workflow (workflow_call inputs)
+          input_runInit:            ${{ inputs.runInit }}
+          input_runPlan:            ${{ inputs.runPlan }}
+          input_runApply:           ${{ inputs.runApply }}
+          input_runDestroy:         ${{ inputs.runDestroy }}
 
-          echo "---- Derived run toggles (will be passed to reusable workflow) ----"
-          echo "runInit:     $run_init"
-          echo "runPlan:     $run_plan"
-          echo "runApply:    $run_apply"
-          echo "runDestroy:   $run_destroy"
-          echo ""
+          input_useEnvironmentInit:    ${{ inputs.useEnvironmentInit }}
+          input_useEnvironmentPlan:    ${{ inputs.useEnvironmentPlan }}
+          input_useEnvironmentApply:   ${{ inputs.useEnvironmentApply }}
+          input_useEnvironmentDestroy: ${{ inputs.useEnvironmentDestroy }}
 
-          echo "---- Derived environment (approval) toggles ----"
-          echo "useEnvironmentInit:    $use_env_init"
-          echo "useEnvironmentPlan:    $use_env_plan"
-          echo "useEnvironmentApply:   $use_env_apply"
-          echo "useEnvironmentDestroy: $use_env_destroy"
+        run: |
+          echo "---- Actual inputs received (workflow_call inputs) ----"
+          echo "runInit:     $input_runInit"
+          echo "runPlan:     $input_runPlan"
+          echo "runApply:    $input_runApply"
+          echo "runDestroy:  $input_runDestroy"
           echo ""
+          echo "---- Environment approval inputs (caller-controlled) ----"
+          echo "useEnvironmentInit:    $input_useEnvironmentInit"
+          echo "useEnvironmentPlan:    $input_useEnvironmentPlan"
+          echo "useEnvironmentApply:   $input_useEnvironmentApply"
+          echo "useEnvironmentDestroy: $input_useEnvironmentDestroy"
 
           echo "---- Note ----"
           echo "If any job has 'environment: <non-empty>' that job will request approval from that environment's protection rules."
@@ -161,12 +137,12 @@ jobs:
           ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
           ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
           ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-        run: terraform plan -var-file="../environments/prod.tfvars" -out="tf-plan-${{ inputs.environment }}.tfplan"
+        run: terraform plan -var-file="../environments/${{ inputs.environment }}.tfvars" -out="tf-plan-${{ inputs.environment }}.tfplan"
       # Yha tak wala block...
 
       # Use below mentioned with , when in provider.tf > provider "azurerm" > use_oidc = false (ya fir yeh line humne use hi nhi ki ho)
       # - name: Terraform Plan
-        # run: terraform plan -var-file="../environments/prod.tfvars" -out="tf-plan-${{ inputs.environment }}.tfplan"
+        # run: terraform plan -var-file="../environments/${{ inputs.environment }}" -out="tf-plan-${{ inputs.environment }}.tfplan"
       # Yha tak wala block...
 
       - name: Upload plan

.github/workflows/test.yaml

@@ -0,0 +1,65 @@
+name: test
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'environments/test.tfvars'
+
+  workflow_dispatch:
+    inputs:
+      use_environment_init:    { type: boolean, default: false, description: "Require approval before Init?" }
+      do_init:                 { type: boolean, default: false, description: "Run terraform init + fmt + validate?" }
+
+      use_environment_plan:    { type: boolean, default: false, description: "Require approval before Plan?" }
+      do_plan:                 { type: boolean, default: false, description: "Run terraform plan?" }
+
+      use_environment_apply:   { type: boolean, default: false, description: "Require approval before Apply?" }
+      do_apply:                { type: boolean, default: false, description: "Run terraform apply?" }
+
+      use_environment_destroy: { type: boolean, default: false, description: "Require approval before Destroy?" }
+      do_destroy:              { type: boolean, default: false, description: "Run terraform destroy?" }
+
+permissions:
+  contents: read
+  id-token: write
+
+concurrency:
+  group: test-tf
+  cancel-in-progress: false
+
+jobs:
+  call:
+    uses: ./.github/workflows/terraform-multi.yml
+    with:
+      environment:  test
+      tfvars_file:  environments/test.tfvars
+      rgname:       ritkargv
+      saname:       ritkasav
+      scname:       ritkascv
+      key:          test.tfstate
+
+      # Run toggles
+      runInit:     ${{ github.event_name == 'push' || inputs.do_init == true }}
+      runPlan:     ${{ github.event_name == 'push' || inputs.do_plan == true }}
+      
+      # ❌ Push par apply nahi chalega  
+      # ✔ Apply sirf manual dispatch ke through chalega
+      runApply:    ${{ github.event_name == 'workflow_dispatch' && inputs.do_apply == true }}
+
+      # Destroy only manual
+      runDestroy:  ${{ github.event_name == 'workflow_dispatch' && inputs.do_destroy == true }}
+
+      # Approval toggles
+      useEnvironmentInit:    ${{ github.event_name == 'workflow_dispatch' && inputs.use_environment_init == true }}
+      useEnvironmentPlan:    ${{ github.event_name == 'workflow_dispatch' && inputs.use_environment_plan == true }}
+
+      # ✔ Apply approval only during manual trigger
+      useEnvironmentApply:   ${{ github.event_name == 'workflow_dispatch' && inputs.use_environment_apply == true }}
+      useEnvironmentDestroy: ${{ github.event_name == 'workflow_dispatch' && inputs.use_environment_destroy == true }}
+
+    secrets:
+      AZURE_CLIENT_ID:       ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID:       ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

.github/workflows/uat.yaml

@@ -37,9 +37,9 @@ jobs:
       tfvars_file:  environments/uat.tfvars
 
       # Storage backend for UAT (change names as per your setup)
-      rgname:       ritkargvuat
-      saname:       ritkasavuat
-      scname:       ritkascvuat
+      rgname:       ritkargv
+      saname:       ritkasav
+      scname:       ritkascv
       key:          uat.tfstate
 
       # Run toggles

environments/dev.tfvars

@@ -3,14 +3,12 @@ resource_groups = {
     name     = "rit-hrutviatri"
     location = "North Europe"
   }
+}
 
 
-}
 
 ######
-
 ######
-
 ######
 
 

environments/test.tfvars

@@ -5,6 +5,7 @@ resource_groups = {
   }
 }
 
+
 vnets = {
   vnet1 = {
     vnet_name     = "pahelavnet-test"

environments/uat.tfvars

@@ -5,6 +5,8 @@ resource_groups = {
   }
 }
 
+
+
 vnets = {
   vnet1 = {
     vnet_name     = "pahelavnet-uat"
@@ -20,6 +22,8 @@ vnets = {
   }
 }
 
+
+
 nsg = {
   web_nsg = {
     nsg_name = "pahelansg-uat"