Update README with setup instructions

README.md

@@ -1,3 +1,49 @@
-# terraform-template-repo
+# Terraform Template Repository
 
-Template repository for Terraform CI/CD pipelines with Gitea Actions
+Template repository for Terraform projects with CI/CD pipeline.
+
+## Pipeline Stages
+
+1. **Lint & Validate** - Format check and syntax validation
+2. **Security Scan** - Checkov and tfsec security scanning
+3. **Plan** - Terraform init and plan with artifact upload
+4. **Apply** - Apply with manual approval (production environment)
+5. **Destroy** - Manual destroy with special approval (production-destroy environment)
+
+## Setup
+
+1. **Update workflow variables** (`.gitea/workflows/terraform.yml`):
+   - Line 23: `TF_VERSION` - Your Terraform version
+   - Line 24: `WORKING_DIR` - Path to your Terraform code
+
+2. **Configure provider credentials** (lines 103-113):
+   - Uncomment your cloud provider (AWS/Azure/GCP)
+   - Add secrets to repository: Settings → Secrets → Actions
+
+3. **Create environments** (Settings → Environments):
+   - `production` - For apply operations (add reviewers)
+   - `production-destroy` - For destroy operations (add senior reviewers)
+
+4. **Add your Terraform code** to `./terraform/` directory
+
+## Required Secrets
+
+**AWS:**
+- `AWS_ACCESS_KEY_ID`
+- `AWS_SECRET_ACCESS_KEY`
+
+**Azure:**
+- `ARM_CLIENT_ID`
+- `ARM_CLIENT_SECRET`
+- `ARM_SUBSCRIPTION_ID`
+- `ARM_TENANT_ID`
+
+**Backend (optional):**
+- `BACKEND_ACCESS_KEY`
+- `BACKEND_SECRET_KEY`
+
+## Usage
+
+- **Push to main/develop** → Runs lint, security, plan
+- **Create PR to main** → Runs full pipeline, posts plan as comment
+- **Manual trigger** → Actions tab → Run workflow → Select action (plan/apply/destroy)