on:
  push:

jobs:
  terraform:
    runs-on: ubuntu-latest
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    steps:
      - uses: actions/checkout@v4
      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3
      - uses: taiki-e/install-action@just
      - name: Init
        run: just terraform init
      - name: Lint
        run: just terraform-lint
      - name: Plan
        run: just terraform plan -out=tf.plan
      - name: Apply
        if: ${{ github.ref == 'refs/heads/master' }}
        run: just terraform apply -auto-approve tf.plan