fix: Add backend configuration to all pipeline terraform init steps

Updated all terraform init commands in the pipeline to include backend configuration: - terraform-plan job: Added backend-config flags - terraform-apply job: Added backend-config flags - terraform-destroy job: Added backend-config flags Backend Configuration: - Uses secrets for all values (MINIO_ENDPOINT, MINIO_BUCKET) - State file key: docker/renovate/terraform.tfstate - Credentials from AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars - Region: main - S3-compatible settings for MinIO Required Secrets (should already be available): - MINIO_ACCESS_KEY, MINIO_SECRET_KEY - MINIO_ENDPOINT, MINIO_BUCKET - VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR - RENOVATE_ENDPOINT, RENOVATE_TOKEN - SONARQUBE_HOST, SONARQUBE_TOKEN Fixes pipeline error: Missing Required Value for bucket, key, and region
2025-11-18 02:57:09 +01:00 · 2025-11-18 02:57:09 +01:00 · 2a5fb1ebd0
commit 2a5fb1ebd0
parent 696bffd023
1 changed files with 31 additions and 4 deletions
--- a/.gitea/workflows/sonarqube.yaml
+++ b/.gitea/workflows/sonarqube.yaml
@ -132,14 +132,22 @@ jobs:
      env:
        AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_KEY }}
-        TF_BACKEND_ENDPOINT: ${{ secrets.MINIO_ENDPOINT }}
        TF_VAR_role_id: ${{ secrets.VAULT_ROLE_ID }}
        TF_VAR_secret_id: ${{ secrets.VAULT_SECRET_ID }}
        TF_VAR_renovate_endpoint: ${{ secrets.RENOVATE_ENDPOINT }}
        TF_VAR_renovate_token: ${{ secrets.RENOVATE_TOKEN }}
        VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
      run: |
-        terraform init -input=false
+        terraform init -input=false \
+          -backend-config="endpoints={s3=\"${{ secrets.MINIO_ENDPOINT }}\"}" \
+          -backend-config="bucket=${{ secrets.MINIO_BUCKET }}" \
+          -backend-config="key=docker/renovate/terraform.tfstate" \
+          -backend-config="region=main" \
+          -backend-config="skip_credentials_validation=true" \
+          -backend-config="skip_metadata_api_check=true" \
+          -backend-config="skip_requesting_account_id=true" \
+          -backend-config="skip_region_validation=true" \
+          -backend-config="use_path_style=true"

    - name: Terraform Plan
      env:
@ -208,7 +216,17 @@ jobs:
        TF_VAR_renovate_endpoint: ${{ secrets.RENOVATE_ENDPOINT }}
        TF_VAR_renovate_token: ${{ secrets.RENOVATE_TOKEN }}
        VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
-      run: terraform init
+      run: |
+        terraform init \
+          -backend-config="endpoints={s3=\"${{ secrets.MINIO_ENDPOINT }}\"}" \
+          -backend-config="bucket=${{ secrets.MINIO_BUCKET }}" \
+          -backend-config="key=docker/renovate/terraform.tfstate" \
+          -backend-config="region=main" \
+          -backend-config="skip_credentials_validation=true" \
+          -backend-config="skip_metadata_api_check=true" \
+          -backend-config="skip_requesting_account_id=true" \
+          -backend-config="skip_region_validation=true" \
+          -backend-config="use_path_style=true"

    - name: Download Terraform Plan from MinIO
      env:
@ -276,7 +294,16 @@ jobs:
        VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
      run: |
        echo "Performing fresh terraform init (no cache for safety)..."
-        terraform init
+        terraform init \
+          -backend-config="endpoints={s3=\"${{ secrets.MINIO_ENDPOINT }}\"}" \
+          -backend-config="bucket=${{ secrets.MINIO_BUCKET }}" \
+          -backend-config="key=docker/renovate/terraform.tfstate" \
+          -backend-config="region=main" \
+          -backend-config="skip_credentials_validation=true" \
+          -backend-config="skip_metadata_api_check=true" \
+          -backend-config="skip_requesting_account_id=true" \
+          -backend-config="skip_region_validation=true" \
+          -backend-config="use_path_style=true"

    - name: Terraform Destroy Plan
      env: