ci: add terraform workflow

Author: bruzina

.github/workflows/terraform.yaml

@@ -0,0 +1,43 @@
+---
+name: Terraform
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  # S3 backend configuration
+  AWS_ENDPOINT_URL_S3: ${{ vars.AWS_ENDPOINT_URL_S3 }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  # GitHub App configuration
+  GITHUB_OWNER: ${{ vars.GH_OWNER }}
+  GITHUB_APP_ID: ${{ vars.GH_APP_ID }}
+  GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }}
+  GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE }}
+  # Terraform configuration
+  TF_WORKSPACE: ${{ github.repository_owner }}
+  TF_VAR_config: test.yaml
+  TF_IN_AUTOMATION: true
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  terraform:
+    name: Terraform Apply
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v6
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v4
+        with:
+          terraform_version: 1.14.7
+      - name: Terraform init
+        id: init
+        run: terraform -chdir=terraform init -input=false
+      - name: Terraform Apply
+        run: terraform -chdir=terraform apply -auto-approve -input=false

README.md

@@ -54,6 +54,24 @@ repositories:
   - name: .github
 ```
 
+### GitHub Workflow
+
+Set up GitHub actions, variables and secrets:
+
+- GitHub / *Repository* / Settings
+  - Secrets and variables / Actions / Actions secrets and variables
+    - Secrets
+      - **New repository secret**
+        - `GH_APP_PEM_FILE` (`GITHUB_APP_PEM_FILE_PATH` contents)
+        - `AWS_ACCESS_KEY_ID`
+        - `AWS_SECRET_ACCESS_KEY`
+    - Variables
+      - **New repository variable**
+        - `GH_OWNER` (`GITHUB_OWNER`)
+        - `GH_APP_ID` (`GITHUB_APP_ID`)
+        - `GH_APP_INSTALLATION_ID` (`GITHUB_APP_INSTALLATION_ID`)
+        - `AWS_ENDPOINT_URL_S3`
+
 ## Usage
 
 ### GitHub Organization Configuration YAML