Because trunk based development, I would treat a failed build like the most important thing to tackle and all other work is put aside. So I would create a branch, start another PR, and see if it plans again. Then merge the PR and continue until the issue is solved.
Sometimes, the issue is just a timeout in which case you can retry the GitHub action without opening PRs.
The downside with applying after the PR is merged is that you end up 'polluting' the main branch with (possibly many) attempts to fix the problem.
With that in mind, I do like the atlantis approach where you don't merge unless the branch has been applied successfully.
Yes that is correct, but with terraform I like to have an approval step. Unfortunately, the only way to apply approval steps in Github Actions is via environment protection rules. And these are only available for private repositories with a Github Enterprise license.
Tobias Dehn I'm already using Github environments and protection rules.
The problem I have with the protection rules is that they prevent any job from running (any branch).
I need to be able to see the terraform plan, then approve the apply step.