name: infrastructure-deploy
version: "1.0.0"
description: Deploy infrastructure with plan review and verification

metadata:
  author: system
  tags:
    - infrastructure
    - terraform
    - production

inputs:
  target_environment:
    type: string
    required: true
    description: Target environment (sandbox, staging, prod)
  resource_type:
    type: string
    required: true
    description: Type of resource to deploy

stages:
  - name: plan
    type: agent
    agent:
      template: terraform
      tier: 1
      config:
        action: plan
        auto_approve: false
    artifacts:
      outputs:
        - terraform-plan
    timeout: 10m

  - name: security-review
    type: agent
    agent:
      template: code-review
      tier: 0
      config:
        review_focus:
          - security
          - governance_compliance
    requires:
      - plan
    artifacts:
      inputs:
        - terraform-plan
      outputs:
        - security-review-report
    timeout: 5m

  - name: approval
    type: gate
    gate:
      approval: human
      timeout: 30m
      approvers:
        - infrastructure-team
    requires:
      - security-review

  - name: apply
    type: agent
    agent:
      template: terraform
      tier: 2
      config:
        action: apply
        plan_id: "${stages.plan.artifacts.terraform-plan}"
    requires:
      - approval
    artifacts:
      inputs:
        - terraform-plan
      outputs:
        - apply-log
        - state-diff
    timeout: 15m
    on_failure:
      action: rollback
      retries: 0

  - name: verify
    type: agent
    agent:
      template: default
      tier: 0
      config:
        action: verify_deployment
    requires:
      - apply
    timeout: 5m

on_failure:
  action: notify
  notify:
    - infrastructure-team
    - security-team

timeout: 1h