@@ -10,38 +10,64 @@ permissions:
1010 contents : read
1111
1212jobs :
13- terraform :
14- name : Terraform Apply
13+ terraform-plan :
14+ name : Terraform Plan
1515 runs-on : ubuntu-latest
1616
17- env :
18- ARM_CLIENT_ID : ${{ secrets.ARM_CLIENT_ID }}
19- ARM_CLIENT_SECRET : ${{ secrets.ARM_CLIENT_SECRET }}
20- ARM_SUBSCRIPTION_ID : ${{ secrets.ARM_SUBSCRIPTION_ID }}
21- ARM_TENANT_ID : ${{ secrets.ARM_TENANT_ID }}
22-
2317 steps :
24- - name : Checkout repository
18+ - name : Checkout code
2519 uses : actions/checkout@v4
2620
27- - name : Set up Terraform
28- uses : hashicorp/setup-terraform@v3
29- with :
30- terraform_version : 1.7.5
31-
3221 - name : Azure Login
3322 uses : azure/login@v2
3423 with :
3524 client-id : ${{ secrets.ARM_CLIENT_ID }}
3625 tenant-id : ${{ secrets.ARM_TENANT_ID }}
3726 subscription-id : ${{ secrets.ARM_SUBSCRIPTION_ID }}
3827
28+ - name : Set up Terraform
29+ uses : hashicorp/setup-terraform@v3
30+ with :
31+ terraform_version : 1.7.5
3932
4033 - name : Terraform Init
4134 run : terraform init
4235
4336 - name : Terraform Plan
4437 run : terraform plan -out=tfplan
4538
39+ - name : Upload plan for manual review
40+ uses : actions/upload-artifact@v4
41+ with :
42+ name : tfplan
43+ path : tfplan
44+
45+ terraform-apply :
46+ name : Terraform Apply
47+ runs-on : ubuntu-latest
48+ needs : terraform-plan
49+ environment : prod-approval
50+
51+ steps :
52+ - name : Checkout code
53+ uses : actions/checkout@v4
54+
55+ - name : Azure Login
56+ uses : azure/login@v2
57+ with :
58+ client-id : ${{ secrets.ARM_CLIENT_ID }}
59+ tenant-id : ${{ secrets.ARM_TENANT_ID }}
60+ subscription-id : ${{ secrets.ARM_SUBSCRIPTION_ID }}
61+
62+ - name : Set up Terraform
63+ uses : hashicorp/setup-terraform@v3
64+ with :
65+ terraform_version : 1.7.5
66+
67+ - name : Download approved plan
68+ uses : actions/download-artifact@v4
69+ with :
70+ name : tfplan
71+
4672 - name : Terraform Apply
4773 run : terraform apply -auto-approve tfplan
0 commit comments