From e7e15a8283cc109aa78e6a0a93a53436b87a0ae4 Mon Sep 17 00:00:00 2001
From: Abbas-Lexis <abbas.khan@lexisnexisrisk.com>
Date: Fri, 7 Nov 2025 15:42:38 +0530
Subject: [PATCH] added file2

---
 .github/workflows/terraform-ci.yml | 87 ++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 .github/workflows/terraform-ci.yml

diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml
new file mode 100644
index 0000000..c3281c2
--- /dev/null
+++ b/.github/workflows/terraform-ci.yml
@@ -0,0 +1,87 @@
+name: Terraform CI
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  plan:
+    name: Terragrunt Plan
+    runs-on: ubuntu-latest
+    outputs:
+      plan_status: ${{ steps.plan-status.outputs.status }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_wrapper: false
+
+      - name: Terragrunt Plan
+        id: plan-status
+        run: |
+          mkdir -p logs
+          terragrunt plan-all | tee logs/plan.log
+          echo "status=success" >> $GITHUB_OUTPUT
+
+      - name: Upload Plan Logs
+        uses: actions/upload-artifact@v4
+        with:
+          name: terragrunt-plan-logs
+          path: logs/
+
+  verify-artifacts:
+    name: Verify Plan and Artifact Integrity
+    runs-on: ubuntu-latest
+    needs: [plan]
+    if: always()
+    outputs:
+      status: ${{ steps.validate.outputs.status }}
+    steps:
+      - name: Download Plan Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: terragrunt-plan-logs
+          path: ./logs
+
+      - name: Validate Plan Output
+        id: validate
+        run: |
+          echo "нґЌ Validating Terragrunt Plan Output..."
+          mkdir -p output
+          if find ./logs -type f -name '*.log' -print0 | xargs -0 grep -iE "Error:|Failed|Denied|Permission|Authentication|Timeout|issue|Unauthenticated|Unauthorized|Forbidden|Connection refused|Service unavailable|Rate limit|Access denied"; then
+            echo "::error::Detected error(s) in plan logs. Failing verification."
+            find ./logs -type f -name '*.log' -exec grep -iE "Error:|Failed|Denied|Permission" {} \; > output/error_summary.txt
+            echo "status=failed" >> $GITHUB_OUTPUT
+            exit 1
+          else
+            echo "вњ… Plan verification passed successfully."
+            echo "status=success" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Upload Error Summary (if failed)
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: plan-error-summary
+          path: output/error_summary.txt
+
+  apply:
+    name: Terraform Apply
+    runs-on: ubuntu-latest
+    needs: [verify-artifacts]
+    if: needs.verify-artifacts.result == 'success'
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_wrapper: false
+
+      - name: Terraform Apply
+        run: terragrunt apply-all