From 3717ea9a23dbcd6f4ad32c2b7db183c3343a5d6b Mon Sep 17 00:00:00 2001
From: BushraS-Protean <BushraS@proteantech.in>
Date: Mon, 2 Jun 2025 11:28:58 +0530
Subject: [PATCH] Update Terraform Deploy to GCP.yaml

Fixed errors
---
 .../workflows/Terraform Deploy to GCP.yaml    | 59 +++++++++++--------
 1 file changed, 36 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/Terraform Deploy to GCP.yaml b/.github/workflows/Terraform Deploy to GCP.yaml
index 86a5080..8b524a5 100644
--- a/.github/workflows/Terraform Deploy to GCP.yaml	
+++ b/.github/workflows/Terraform Deploy to GCP.yaml	
@@ -1,41 +1,54 @@
 name: Terraform Deploy to GCP
-
+ 
 on:
-  push:
-    branches:
-      - main
-
+  workflow_dispatch:  # Manual trigger
+ 
 jobs:
   terraform:
-    name: Deploy with Terraform on GCP
+    name: Deploy GCP Infrastructure
     runs-on: ubuntu-latest
     env:
       GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcp-key.json
-
+ 
     steps:
-      - name: Checkout repository
+      - name: Checkout this repository
         uses: actions/checkout@v3
+ 
+      - name: Clone Terraform repo from Gerrit
+        run: |
+          git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo
 
+ 
       - name: Set up Terraform
         uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.5.0
-
+ 
       - name: Authenticate to Google Cloud
-        run: echo "${{ secrets.GCP_CREDENTIALS }}" > gcp-key.json
-        shell: bash
-
-      - name: Terraform Init
-        run: terraform init -var="credentials_file=gcp-key.json"
-
-      - name: Terraform Validate
-        run: terraform validate
-
+        run: echo "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}" > gcp-key.json
+ 
+      - name: Terraform Init with backend
+        working-directory: ./onix-dev/Terraform
+        run: |
+          terraform init \
+            -backend-config="bucket=your-backend-bucket-name" \
+            -backend-config="prefix=terraform/state" \
+            -backend-config="credentials=${{ github.workspace }}/gcp-key.json"
+ 
+ 
       - name: Terraform Plan
-        run: terraform plan -var="credentials_file=gcp-key.json" -out=tfplan
-
+        working-directory: ./onix-dev/Terraform
+        run: terraform plan -out=tfplan -var="credentials_file=${{ github.workspace }}/gcp-key.json"
+ 
+      - name: Wait for Manual Approval
+        uses: hmarr/auto-approve-action@v2
+        if: false  # prevents automatic approval
+        with:
+          github-token: ${{ secrets.PAT_GITHUB }}
+ 
       - name: Terraform Apply
-        run: terraform apply -auto-approve tfplan
-
-      - name: Clean up credentials file
+        working-directory: ./onix-dev/Terraform
+        run: terraform apply tfplan
+ 
+      - name: Clean up credentials
         run: rm -f gcp-key.json