feat: add portainer_deploy and portainer_check resources + update resources docs

feat: add portainer_deploy and portainer_check resources + update resources docs

- Added new resource `portainer_deploy` for automated stack/service updates
- Added new resource `portainer_check` for validation of deployed containers
- Updated README and resource documentation
- Improved examples for full CI/CD automation flow

Author: grulicht

.github/workflows/daily-e2e-test.yml

@@ -75,7 +75,7 @@ jobs:
 
       - name: 🧪 Run Terraform E2E tests
         run: |
-          APPLY_ONLY_DIRS=("stack_standalone_string" "webhook" "container_exec" "backup" "auth" "open_amt" "kubernetes_role" "kubernetes_delete_object" "endpoint_snapshot" "endpoint_settings" "kubernetes_namespace")
+          APPLY_ONLY_DIRS=("deployment" "stack_standalone_string" "webhook" "container_exec" "backup" "auth" "open_amt" "kubernetes_role" "kubernetes_delete_object" "endpoint_snapshot" "endpoint_settings" "kubernetes_namespace")
           FULL_CYCLE_DIRS=("edge_string" "edge_file" "edge_repository" "kubernetes_application" "kubernetes_clusterrole" "kubernetes_clusterrolebinding" "kubernetes_configmaps" "kubernetes_cronjob" "kubernetes_helm" "kubernetes_ingress" "kubernetes_ingresscontrollers" "kubernetes_job" "kubernetes_namespace_ingresscontrollers" "kubernetes_namespace_system" "kubernetes_role" "kubernetes_rolebinding" "kubernetes_secret" "kubernetes_service" "kubernetes_serviceaccounts" "kubernetes_storage" "kubernetes_volume"
           "custom_template_string" "custom_template_file" "custom_template_repository" "docker_image" "docker_network" "docker_plugin" "docker_volume" "stack_standalone_string" "stack_standalone_file" "stack_standalone_repository" "endpoint_group" "tag" "user-team-teammembership" "registry")
 

.github/workflows/pr-e2e-test.yml

@@ -83,7 +83,7 @@ jobs:
 
       - name: 🧪 Run Terraform E2E tests
         run: |
-          APPLY_ONLY_DIRS=("stack_standalone_string" "webhook" "container_exec" "backup" "auth" "open_amt" "kubernetes_role" "kubernetes_delete_object" "endpoint_snapshot" "endpoint_settings" "kubernetes_namespace")
+          APPLY_ONLY_DIRS=("deployment" "stack_standalone_string" "webhook" "container_exec" "backup" "auth" "open_amt" "kubernetes_role" "kubernetes_delete_object" "endpoint_snapshot" "endpoint_settings" "kubernetes_namespace")
           FULL_CYCLE_DIRS=("edge_string" "edge_file" "edge_repository" "kubernetes_application" "kubernetes_clusterrole" "kubernetes_clusterrolebinding" "kubernetes_configmaps" "kubernetes_cronjob" "kubernetes_helm" "kubernetes_ingress" "kubernetes_ingresscontrollers" "kubernetes_job" "kubernetes_namespace_ingresscontrollers" "kubernetes_namespace_system" "kubernetes_role" "kubernetes_rolebinding" "kubernetes_secret" "kubernetes_service" "kubernetes_serviceaccounts" "kubernetes_storage" "kubernetes_volume"
           "custom_template_string" "custom_template_file" "custom_template_repository" "docker_image" "docker_network" "docker_plugin" "docker_volume" "stack_standalone_string" "stack_standalone_file" "stack_standalone_repository" "endpoint_group" "tag" "user-team-teammembership" "registry")
 

README.md

@@ -144,6 +144,8 @@ See our [examples](./docs/resources/) per resources in docs.
 | `portainer_stack`                          | [stack.md](docs/resources/stack.md)                                                            | [example](examples/stack/)                           | ✅     | ✅ / ✅                             | ✅        |
 | `portainer_custom_template`                | [custom_template.md](docs/resources/custom_template.md)                                        | [example](examples/custom_template/)                 | ✅     | ✅ / ✅                             | ✅        |
 | `portainer_container_exec`                 | [container_exec.md](docs/resources/container_exec.md)                                          | [example](examples/container_exec/)                  | ✅     | ❌ / ❌                             | ✅        |
+| `portainer_deploy`                         | [deploy.md](docs/resources/deploy.md)                                                          | [example](examples/deployment/)                      | ✅     | ❌ / ❌                             | ✅        |
+| `portainer_check`                          | [check.md](docs/resources/check.md)                                                            | [example](examples/deployment/)                      | ✅     | ❌ / ❌                             | ✅        |
 | `portainer_docker_network`                 | [docker_network.md](docs/resources/docker_network.md)                                          | [example](examples/docker_network/)                  | ✅     | ✅ / ❌                             | ✅        |
 | `portainer_docker_plugin`                  | [docker_plugin.md](docs/resources/docker_plugin.md)                                            | [example](examples/docker_plugin/)                   | ✅     | ✅ / ❌                             | ✅        |
 | `portainer_docker_image`                   | [docker_image.md](docs/resources/docker_image.md)                                              | [example](examples/docker_image/)                    | ✅     | ❌ / ❌                             | ✅        |

docs/index.md

@@ -86,6 +86,8 @@ $ export PORTAINER_SKIP_SSL_VERIFY=true
 | `portainer_cloud_credentials`                  | ![Done](https://img.shields.io/badge/status-done-brightgreen)         |
 | `portainer_cloud_provider_provision`           | ![Done](https://img.shields.io/badge/status-done-brightgreen)         |
 | `portainer_compose_convert`                    | ![Done](https://img.shields.io/badge/status-done-brightgreen)         |
+| `portainer_deploy`                             | ![Done](https://img.shields.io/badge/status-done-brightgreen)         |
+| `portainer_check`                              | ![Done](https://img.shields.io/badge/status-done-brightgreen)         |
 | `portainer_container_exec`                     | ![Done](https://img.shields.io/badge/status-done-brightgreen)         |
 | `portainer_custom_template`                    | ![Done](https://img.shields.io/badge/status-done-brightgreen)         |
 | `portainer_docker_config`                      | ![Done](https://img.shields.io/badge/status-done-brightgreen)         |

docs/resources/auth.md

@@ -5,7 +5,7 @@ The `portainer_auth` resource allows you to authenticate to the Portainer API us
 It returns a JWT token that can be used for other API calls or debug purposes.
 
 ## Example Usage
-### Create Backup
+
 ```hcl
 resource "portainer_auth" "login" {
   username = "admin"
@@ -18,6 +18,7 @@ output "jwt_token" {
 }
 ```
 > ✅ Note: This resource does not persist anything in Portainer. It only returns a JWT token that can be used in subsequent API calls.
+- [Example on GitHub](https://github.com/portainer/terraform-provider-portainer/tree/main/examples/auth)
 
 ## Lifecycle & Behavior
 - This resource authenticates via the /auth API endpoint using username/password.

docs/resources/backup.md

@@ -6,14 +6,13 @@ The `portainer_backup` resource allows you to trigger a backup of your Portainer
 The backup is encrypted using the password.
 
 ## Example Usage
-### Create Backup
-
 ```hcl
-resource "portainer_backup" "your-backup" {
+resource "portainer_backup" "backup" {
   password    = "your-backup-password"
-  output_path = "your-backup-path-for-tar-gz-file"
+  output_path = "backup.tar.gz"
 }
 ```
+- [Example on GitHub](https://github.com/portainer/terraform-provider-portainer/tree/main/examples/backup)
 
 ## Lifecycle & Behavior
 This resource performs a one-time backup when applied. It does not manage state and will always re-trigger on each terraform apply.

docs/resources/backup_s3.md

@@ -4,15 +4,22 @@
 The `portainer_backup_s3` resource allows you to back up your Portainer instance to an AWS S3 bucket or compatible storage system.
 > ⚠️ Note: This resource performs a one-time backup upload on every terraform apply. It is not stateful and will always re-trigger.
 
+> Currently working only for Portainer BE edition
+
 ## Example Usage
-### Create Backup
 
 ```hcl
-resource "portainer_backup" "your-backup" {
-  password    = "your-backup-password"
-  output_path = "your-backup-path-for-tar-gz-file"
+resource "portainer_backup_s3" "s3_backup" {
+  access_key_id      = "s3_access_key"
+  secret_access_key  = "s3_secret_key"
+  bucket_name        = "s3_bucket"
+  region             = "s3_region"
+  s3_compatible_host = "s3_endpoint"
+  password           = "backup_password"
+  cron_rule          = var.backup_cron_rule   # optional
 }
 ```
+- [Example on GitHub](https://github.com/portainer/terraform-provider-portainer/tree/main/examples/backup_s3)
 
 ## Lifecycle & Behavior
 This resource does not track state — it performs a one-time backup to the specified S3 bucket every time terraform apply runs.

docs/resources/chat.md

@@ -3,6 +3,8 @@
 ## Overview
 The `portainer_chat` resource allows you to send a query to Portainer’s integrated OpenAI assistant (if enabled). It supports providing context and environment-specific prompts, and retrieves an AI-generated YAML or message.
 
+> Currently working only for Portainer BE edition
+
 ---
 
 ## 📘 Example Usage
@@ -46,7 +48,7 @@ Note: The resource ID is synthetic (`chat-{environment_id}`) and not persisted r
 | `context`         | string | ✅ yes   | Context of the query (e.g. `environment_aware`)                        |
 | `environment_id`  | number | ✅ yes   | ID of the Portainer environment                                        |
 | `message`         | string | ✅ yes   | The natural language prompt to send to OpenAI                          |
-| `model`           | string | 🚫 no    | The OpenAI model to use (e.g. `gpt-3.5-turbo`, `gpt-4`)                |
+| `model`           | string | 🚫 optional | The OpenAI model to use (e.g. `gpt-3.5-turbo`, `gpt-4`)                |
 
 ---
 

docs/resources/check.md

@@ -0,0 +1,115 @@
+# ✅ **Resource Documentation: `portainer_check`**
+
+# portainer_check
+
+The `portainer_check` resource validates that one or more containers (in standalone mode) or services (in swarm mode) are running with the **expected image revision (tag)** and **desired runtime state** in a Portainer-managed environment.
+
+> You can use it in both **Docker Standalone** and **Docker Swarm** deployments.
+> It’s especially useful for CI/CD pipelines to verify that a deployment or update has completed successfully before proceeding to the next step.
+
+---
+
+## 🚀 Example Usage
+- [Example on GitHub](https://github.com/portainer/terraform-provider-portainer/tree/main/examples/deployment)
+
+### ✅ Check service status in Docker Swarm
+
+```hcl
+resource "portainer_check" "swarm_check" {
+  endpoint_id     = 1
+  stack_name      = "my-swarm-stack"
+  services_list   = "web,api"
+  revision        = "1.29"
+  desired_state   = "running"
+  max_retries     = 3
+  wait            = 10
+  wait_between_checks = 5
+}
+```
+
+### ✅ Check container status in Docker Standalone
+
+```hcl
+resource "portainer_check" "standalone_check" {
+  endpoint_id     = 1
+  stack_name      = "nginx"
+  services_list   = "web"
+  revision        = "1.29"
+  desired_state   = "running"
+  wait            = 10
+  max_retries     = 3
+  wait_between_checks = 5
+}
+```
+
+---
+
+## ⚙️ Lifecycle & Behavior
+
+This resource is **stateless** — it performs runtime verification during `terraform apply` (or `tofu apply` for OpenTofu) and does **not** persist state in Portainer.
+
+When executed:
+
+1. It waits for the optional `wait` period before starting.
+2. It determines whether the target environment is **Swarm** or **Standalone**.
+3. It checks the matching services or containers for:
+
+   * Correct **image tag** (`revision`)
+   * Correct **state** (e.g., `running`)
+4. If all targets match → ✅ success.
+   Otherwise → ❌ fails after `max_retries`.
+
+> 💡 **Pro Tip:** Combine `portainer_check` after a `portainer_deploy` or `portainer_container_exec` to ensure deployment integrity.
+
+---
+
+## 📥 Arguments Reference
+
+| Name                  | Type   | Required                          | Description                                                                           |
+| --------------------- | ------ | --------------------------------- | ------------------------------------------------------------------------------------- |
+| `endpoint_id`         | int    | ✅ yes                             | ID of the Portainer environment (endpoint) where the stack or containers are located. |
+| `stack_name`          | string | ✅ yes                             | Name of the stack to which the containers or services belong.                         |
+| `revision`            | string | ✅ yes                             | Expected image tag (e.g., `"1.29"`) that should be currently running.                 |
+| `services_list`       | string | ✅ yes                             | Comma-separated list of service names (without stack prefix). Example: `"web,api"`.   |
+| `desired_state`       | string | 🚫 optional (default `"running"`) | Desired container/service state. Usually `"running"`.                                 |
+| `wait`                | int    | 🚫 optional (default `30`)        | Seconds to wait before performing the first check (useful after deploy).              |
+| `wait_between_checks` | int    | 🚫 optional (default `30`)        | Delay (in seconds) between each retry attempt.                                        |
+| `max_retries`         | int    | 🚫 optional (default `3`)         | Number of retry attempts before failing the check.                                    |
+
+---
+
+## 📤 Attributes Reference
+
+| Name     | Description                                                                                                     |
+| -------- | --------------------------------------------------------------------------------------------------------------- |
+| `id`     | Auto-generated ID of the check execution (stateless).                                                           |
+| `output` | The complete textual output of the verification process, including matched containers, retries, and debug info. |
+
+---
+
+## 🧩 Example with Outputs
+
+```hcl
+output "check_result" {
+  value = portainer_check.standalone_check.output
+}
+```
+
+This will show you a detailed report like:
+
+```
+Docker Standalone detected — using container check logic.
+DEBUG: checking container="nginx-web-1" (image="nginx:1.29", state="running")
+Container "nginx-web-1" OK — revision "1.29", state "running"
+```
+
+---
+
+## 🧠 Summary
+
+| Feature     | Description                                                          |
+| ----------- | -------------------------------------------------------------------- |
+| Mode        | Works in **Standalone** and **Swarm** environments                   |
+| Purpose     | Ensures containers/services run with the correct image tag and state |
+| Behavior    | Stateless verification (no Portainer state change)                   |
+| Typical Use | Post-deployment validation in CI/CD pipelines                        |

docs/resources/cloud_credentials.md

@@ -3,7 +3,11 @@
 # portainer_cloud_credentials
 The `portainer_cloud_credentials` resource allows you to provision cloud credentials in Portainer for use with providers like AWS, DigitalOcean, Civo, etc.
 
+> Currently working only for Portainer BE edition
+
 ## Example Usage
+- [Example on GitHub](https://github.com/portainer/terraform-provider-portainer/tree/main/examples/cloud_credentials)
+
 ```hcl
 resource "portainer_cloud_credentials" "example" {
   name     = "example-aws-creds"
@@ -39,7 +43,7 @@ terraform apply
 | **Name**      | **Type** | **Required** | **Description**                                                            |
 |---------------|----------|--------------|----------------------------------------------------------------------------|
 | `name`        | string   | ✅ yes       | Human-readable name for the cloud credentials                             |
-| `provider`    | string   | ✅ yes       | Provider name (`aws`, `digitalocean`, `civo`, `gcp`, etc.)                |
+| `cloud_provider`| string   | ✅ yes       | Provider name (`aws`, `digitalocean`, `civo`, `gcp`, etc.)                |
 | `credentials` | string   | ✅ yes       | JSON-encoded credentials payload (use `jsonencode({ ... })`)              |
 
 ## Attributes Reference