# Terraform Template Repository

Template repository for Terraform projects with CI/CD pipeline.

## Pipeline Stages

1. **Lint & Validate** - Format check and syntax validation
2. **Security Scan** - Checkov and tfsec security scanning
3. **Plan** - Terraform init and plan with artifact upload
4. **Apply** - Apply with manual approval (production environment)
5. **Destroy** - Manual destroy with special approval (production-destroy environment)

## Setup

1. **Update workflow variables** (`.gitea/workflows/terraform.yml`):
   - Line 23: `TF_VERSION` - Your Terraform version
   - Line 24: `WORKING_DIR` - Path to your Terraform code

2. **Configure provider credentials** (lines 103-113):
   - Uncomment your cloud provider (AWS/Azure/GCP)
   - Add secrets to repository: Settings → Secrets → Actions

3. **Create environments** (Settings → Environments):
   - `production` - For apply operations (add reviewers)
   - `production-destroy` - For destroy operations (add senior reviewers)

4. **Add your Terraform code** to `./terraform/` directory

## Required Secrets

**AWS:**
- `AWS_ACCESS_KEY_ID`
- `AWS_SECRET_ACCESS_KEY`

**Azure:**
- `ARM_CLIENT_ID`
- `ARM_CLIENT_SECRET`
- `ARM_SUBSCRIPTION_ID`
- `ARM_TENANT_ID`

**Backend (optional):**
- `BACKEND_ACCESS_KEY`
- `BACKEND_SECRET_KEY`

## Usage

- **Push to main/develop** → Runs lint, security, plan
- **Create PR to main** → Runs full pipeline, posts plan as comment
- **Manual trigger** → Actions tab → Run workflow → Select action (plan/apply/destroy)