PLT-338 Security group for internet access #26

	name: github-actions-role plan terraform

	on:
	pull_request:
	paths:
	- .github/workflows/github-actions-role-plan.yml
	- terraform/services/github-actions-role/**
	workflow_dispatch: # Allow manual trigger

	jobs:
	check-terraform-fmt:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: ./actions/setup-tfenv-terraform
	- run: terraform fmt -check -diff -recursive terraform/services/github-actions-role

	terraform-plan:
	needs: check-terraform-fmt
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: ./terraform/services/github-actions-role
	strategy:
	fail-fast: false
	matrix:
	app: [ab2d, bcda, dpc]
	env: [dev, test, sbx, prod, mgmt]
	steps:
	- uses: actions/checkout@v4
	- uses: ./actions/setup-tfenv-terraform
	- uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: arn:aws:iam::${{ matrix.app == 'ab2d' && secrets[format('{0}_{1}_ACCOUNT', matrix.app, matrix.env)] \|\| secrets.BCDA_ACCOUNT }}:role/delegatedadmin/developer/${{ matrix.app }}-${{ matrix.env }}-github-actions
	aws-region: ${{ vars.AWS_REGION }}
	- run: terraform init -backend-config=../../backends/${{ matrix.app }}-${{ matrix.env }}.s3.tfbackend
	- run: terraform plan
	env:
	TF_VAR_app: ${{ matrix.app }}
	TF_VAR_env: ${{ matrix.env }}

Provide feedback