From a4f147069514b1f025b982011838374e817402fc Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Mon, 3 Feb 2025 18:02:05 -0500
Subject: [PATCH 01/13] Add GH action

---
 .github/workflows/plan.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/workflows/plan.yml

diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
new file mode 100644
index 0000000..820ffb4
--- /dev/null
+++ b/.github/workflows/plan.yml
@@ -0,0 +1,21 @@
+name: Plan Terraform
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  terraform-plan:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Terraform Plan
+      run: terraform plan -no-color 2>&1 | tee ${{ github.workspace }}/plan_output.txt
+    - name: Comment Terraform Plan on PR
+      uses: blinqas/tf-plan-pr-comment@v1
+      with:
+        output_file: '${{ github.workspace }}/plan_output.txt'
+        headline: Terraform Plan"
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file

From b6c26d1629528667ff9edc3eabccb38993326224 Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Mon, 3 Feb 2025 18:03:13 -0500
Subject: [PATCH 02/13] Fix typo in Terraform Plan headline in workflow
 configuration

---
 .github/workflows/plan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
index 820ffb4..82e2beb 100644
--- a/.github/workflows/plan.yml
+++ b/.github/workflows/plan.yml
@@ -16,6 +16,6 @@ jobs:
       uses: blinqas/tf-plan-pr-comment@v1
       with:
         output_file: '${{ github.workspace }}/plan_output.txt'
-        headline: Terraform Plan"
+        headline: "Terraform Plan"
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file

From bf703d227b2d6bbfeebe9b19c76e505d91b7b4b0 Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Mon, 3 Feb 2025 18:05:24 -0500
Subject: [PATCH 03/13] Update Terraform Plan action to use
 dflook/terraform-plan@v1.46.1

---
 .github/workflows/plan.yml | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
index 82e2beb..e07aa33 100644
--- a/.github/workflows/plan.yml
+++ b/.github/workflows/plan.yml
@@ -11,11 +11,4 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Terraform Plan
-      run: terraform plan -no-color 2>&1 | tee ${{ github.workspace }}/plan_output.txt
-    - name: Comment Terraform Plan on PR
-      uses: blinqas/tf-plan-pr-comment@v1
-      with:
-        output_file: '${{ github.workspace }}/plan_output.txt'
-        headline: "Terraform Plan"
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
+      uses: dflook/terraform-plan@v1.46.1
\ No newline at end of file

From 2d6359ae6575ceaeb8dd31ec4b262d824ca5d8b3 Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Mon, 3 Feb 2025 18:07:37 -0500
Subject: [PATCH 04/13] Add GITHUB_TOKEN environment variable to Terraform Plan
 action

---
 .github/workflows/plan.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
index e07aa33..d11f9ce 100644
--- a/.github/workflows/plan.yml
+++ b/.github/workflows/plan.yml
@@ -11,4 +11,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Terraform Plan
-      uses: dflook/terraform-plan@v1.46.1
\ No newline at end of file
+      uses: dflook/terraform-plan@v1.46.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        
\ No newline at end of file

From 661cd1481e4844eb37b2bca8f4065531bc3e3516 Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Mon, 3 Feb 2025 18:10:21 -0500
Subject: [PATCH 05/13] Add AWS and Cloudflare secrets to Terraform Plan action

---
 .github/workflows/plan.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
index d11f9ce..81f5416 100644
--- a/.github/workflows/plan.yml
+++ b/.github/workflows/plan.yml
@@ -14,4 +14,6 @@ jobs:
       uses: dflook/terraform-plan@v1.46.1
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        
\ No newline at end of file
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
\ No newline at end of file

From e48c979c4f5e34ebc40aacf54139521881205065 Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Mon, 3 Feb 2025 18:12:18 -0500
Subject: [PATCH 06/13] Add permissions for contents and pull-requests in
 Terraform Plan action

---
 .github/workflows/plan.yml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
index 81f5416..f1605be 100644
--- a/.github/workflows/plan.yml
+++ b/.github/workflows/plan.yml
@@ -8,12 +8,15 @@ on:
 jobs:
   terraform-plan:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
-    - uses: actions/checkout@v2
-    - name: Terraform Plan
-      uses: dflook/terraform-plan@v1.46.1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
\ No newline at end of file
+      - uses: actions/checkout@v2
+      - name: Terraform Plan
+        uses: dflook/terraform-plan@v1.46.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}

From b232e47d4752924b1763df8afb63da43318e4c8e Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Mon, 3 Feb 2025 18:16:38 -0500
Subject: [PATCH 07/13] Update status CNAME

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index bcc8d5c..220013a 100644
--- a/main.tf
+++ b/main.tf
@@ -315,7 +315,7 @@ resource "cloudflare_dns_record" "www-cname" {
 resource "cloudflare_dns_record" "status-cname" {
   zone_id = var.cloudflare-zone-id
   name    = "status"
-  content = aws_lb.gearbox-load-balancer.dns_name
+  content = "app.pulsetic.com"
   type    = "CNAME"
   ttl     = 1
 }

From d641085004f5295bdfc810c7fd83513a58ccbfb2 Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Tue, 4 Feb 2025 15:45:21 -0500
Subject: [PATCH 08/13] Add code owners

---
 CODEOWNERS | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 CODEOWNERS

diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 0000000..4c761e3
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1 @@
+*.* @renatodellosso
\ No newline at end of file

From 651ca8d82629ed00701999f396df39df410a18a3 Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Tue, 4 Feb 2025 15:48:05 -0500
Subject: [PATCH 09/13] Add PR triggers

---
 .github/workflows/plan.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
index f1605be..0cf7c67 100644
--- a/.github/workflows/plan.yml
+++ b/.github/workflows/plan.yml
@@ -2,6 +2,7 @@ name: Plan Terraform
 
 on:
   pull_request:
+    types: [opened, synchronize, reopened]
     branches:
       - main
 

From 27c13a2f89cba03b14cb72617cb2b78ff80930cb Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Tue, 4 Feb 2025 15:54:36 -0500
Subject: [PATCH 10/13] Add CD for main

---
 .github/workflows/apply.yml    | 22 ++++++++++++++++++++++
 .github/workflows/validate.yml | 10 ++++------
 2 files changed, 26 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/apply.yml

diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml
new file mode 100644
index 0000000..cfd93c3
--- /dev/null
+++ b/.github/workflows/apply.yml
@@ -0,0 +1,22 @@
+name: Apply Terraform
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  terraform-validate:
+    uses: ./.github/workflows/validate.yml
+  terraform-apply:
+    runs-on: ubuntu-latest
+    needs: terraform-validate
+    steps:
+      - uses: actions/checkout@v2
+      - name: Terraform Apply
+        uses: dflook/terraform-apply@v1.46.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index a33387e..7493f5d 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -1,9 +1,7 @@
 name: Validate Terraform
 
 on:
-  push:
-    branches:
-      - main
+  workflow_call:
   pull_request:
     branches:
       - main
@@ -12,6 +10,6 @@ jobs:
   terraform-validate:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: terraform-validate
-      uses: dflook/terraform-validate@v1.46.1
\ No newline at end of file
+      - uses: actions/checkout@v2
+      - name: terraform-validate
+        uses: dflook/terraform-validate@v1.46.1

From 9c4bc3e8c3a5da2ef0bd48a1296e3397a168275c Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Tue, 4 Feb 2025 15:58:04 -0500
Subject: [PATCH 11/13] Add read permissions for contents in Terraform apply
 workflow

---
 .github/workflows/apply.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml
index cfd93c3..b5f43fd 100644
--- a/.github/workflows/apply.yml
+++ b/.github/workflows/apply.yml
@@ -11,6 +11,8 @@ jobs:
   terraform-apply:
     runs-on: ubuntu-latest
     needs: terraform-validate
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@v2
       - name: Terraform Apply

From 9642f221e5f1320ba6a70169a35779850e9d2515 Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Tue, 4 Feb 2025 16:00:27 -0500
Subject: [PATCH 12/13] Update Terraform actions to specific commit versions

---
 .github/workflows/apply.yml    | 2 +-
 .github/workflows/plan.yml     | 2 +-
 .github/workflows/validate.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml
index b5f43fd..1b209f1 100644
--- a/.github/workflows/apply.yml
+++ b/.github/workflows/apply.yml
@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Terraform Apply
-        uses: dflook/terraform-apply@v1.46.1
+        uses: dflook/terraform-apply@61432ffb5b94226bdfc9cd68a1702a2c40e0db8b
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
index 0cf7c67..e91f516 100644
--- a/.github/workflows/plan.yml
+++ b/.github/workflows/plan.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Terraform Plan
-        uses: dflook/terraform-plan@v1.46.1
+        uses: dflook/terraform-plan@a6967bcc161f0df654b5df2f1f00eca83a4cbad9
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 7493f5d..d1ff10c 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -12,4 +12,4 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: terraform-validate
-        uses: dflook/terraform-validate@v1.46.1
+        uses: dflook/terraform-validate@5e22e449923d40905db0b3ca67ebc5787e8b2dee

From 7929da7a1ac505b7c88375fa04ad7dd38e5f00c4 Mon Sep 17 00:00:00 2001
From: renatodellosso <rddellosso4@gmail.com>
Date: Tue, 4 Feb 2025 16:02:03 -0500
Subject: [PATCH 13/13] Remove unnecessary pull request event types from
 Terraform plan workflow

---
 .github/workflows/plan.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
index e91f516..4de91aa 100644
--- a/.github/workflows/plan.yml
+++ b/.github/workflows/plan.yml
@@ -2,7 +2,6 @@ name: Plan Terraform
 
 on:
   pull_request:
-    types: [opened, synchronize, reopened]
     branches:
       - main