name: CI

on: [push]

jobs:
  license-check:
    name: Check License Header
    runs-on: docker
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Verify license header in Terraform files
        run: |
          set -e
          # Only checks for the presence of the word "Copyright" in the first line.
          KEYWORD="Copyright"
          for file in $(find . -maxdepth 1 -name "*.tf"); do
            if ! head -n 1 "$file" | grep -q "$KEYWORD"; then
              echo "::error file=$file,line=1::A copyright header is missing or incorrect in the first line."
              exit 1
            fi
          done
          echo "✔ Copyright header check passed for all .tf files."

  secrets-scan:
    name: TruffleHog Secrets Scan
    runs-on: docker
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: trufflehog-actions-scan
        uses: https://github.com/edplato/trufflehog-actions-scan@master

  terraform:
    name: Terraform CI
    runs-on: docker
    needs: license-check
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Terraform
      - uses: https://github.com/hashicorp/setup-terraform@v3
        with:
          terraform_version: "1.5.7"

      - name: Terraform Init
        run: terraform init

      - name: Terraform Format Check
        run: terraform fmt -recursive -check

      - name: Terraform Validate
        run: terraform validate