name: OpenCMMC Stack CI Pipeline

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  terraform-validate:
    name: Terraform Validate
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: terraform/
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3
        with:
          terraform_version: 1.6.6  # <- Pin version you're using

      - name: Initialize Terraform
        run: terraform init -backend=false

      - name: Validate Terraform
        run: terraform validate

  ansible-molecule:
    name: Ansible Molecule Test
    runs-on: ubuntu-latest
    strategy:
      matrix:
        role:
          - secure_ubuntu
          - podman_services
          - identity
          - monitoring
          - file_storage
    defaults:
      run:
        working-directory: ansible/roles/${{ matrix.role }}
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install Ansible + Molecule + Drivers
        run: |
          python -m pip install --upgrade pip
          pip install ansible ansible-lint molecule molecule-plugins[docker] docker

      - name: Run Molecule Tests
        run: |
          molecule test