From 2a5fb1ebd01a0f752a38ad4f0f0193092fbe137c Mon Sep 17 00:00:00 2001 From: Patrick de Ruiter Date: Tue, 18 Nov 2025 02:57:09 +0100 Subject: [PATCH] fix: Add backend configuration to all pipeline terraform init steps Updated all terraform init commands in the pipeline to include backend configuration: - terraform-plan job: Added backend-config flags - terraform-apply job: Added backend-config flags - terraform-destroy job: Added backend-config flags Backend Configuration: - Uses secrets for all values (MINIO_ENDPOINT, MINIO_BUCKET) - State file key: docker/renovate/terraform.tfstate - Credentials from AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars - Region: main - S3-compatible settings for MinIO Required Secrets (should already be available): - MINIO_ACCESS_KEY, MINIO_SECRET_KEY - MINIO_ENDPOINT, MINIO_BUCKET - VAULT_ROLE_ID, VAULT_SECRET_ID, VAULT_ADDR - RENOVATE_ENDPOINT, RENOVATE_TOKEN - SONARQUBE_HOST, SONARQUBE_TOKEN Fixes pipeline error: Missing Required Value for bucket, key, and region --- .gitea/workflows/sonarqube.yaml | 35 +++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/sonarqube.yaml b/.gitea/workflows/sonarqube.yaml index ff5cf6a..6f329e9 100644 --- a/.gitea/workflows/sonarqube.yaml +++ b/.gitea/workflows/sonarqube.yaml @@ -132,14 +132,22 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_KEY }} - TF_BACKEND_ENDPOINT: ${{ secrets.MINIO_ENDPOINT }} TF_VAR_role_id: ${{ secrets.VAULT_ROLE_ID }} TF_VAR_secret_id: ${{ secrets.VAULT_SECRET_ID }} TF_VAR_renovate_endpoint: ${{ secrets.RENOVATE_ENDPOINT }} TF_VAR_renovate_token: ${{ secrets.RENOVATE_TOKEN }} VAULT_ADDR: ${{ secrets.VAULT_ADDR }} run: | - terraform init -input=false + terraform init -input=false \ + -backend-config="endpoints={s3=\"${{ secrets.MINIO_ENDPOINT }}\"}" \ + -backend-config="bucket=${{ secrets.MINIO_BUCKET }}" \ + -backend-config="key=docker/renovate/terraform.tfstate" \ + -backend-config="region=main" \ + -backend-config="skip_credentials_validation=true" \ + -backend-config="skip_metadata_api_check=true" \ + -backend-config="skip_requesting_account_id=true" \ + -backend-config="skip_region_validation=true" \ + -backend-config="use_path_style=true" - name: Terraform Plan env: @@ -208,7 +216,17 @@ jobs: TF_VAR_renovate_endpoint: ${{ secrets.RENOVATE_ENDPOINT }} TF_VAR_renovate_token: ${{ secrets.RENOVATE_TOKEN }} VAULT_ADDR: ${{ secrets.VAULT_ADDR }} - run: terraform init + run: | + terraform init \ + -backend-config="endpoints={s3=\"${{ secrets.MINIO_ENDPOINT }}\"}" \ + -backend-config="bucket=${{ secrets.MINIO_BUCKET }}" \ + -backend-config="key=docker/renovate/terraform.tfstate" \ + -backend-config="region=main" \ + -backend-config="skip_credentials_validation=true" \ + -backend-config="skip_metadata_api_check=true" \ + -backend-config="skip_requesting_account_id=true" \ + -backend-config="skip_region_validation=true" \ + -backend-config="use_path_style=true" - name: Download Terraform Plan from MinIO env: @@ -276,7 +294,16 @@ jobs: VAULT_ADDR: ${{ secrets.VAULT_ADDR }} run: | echo "Performing fresh terraform init (no cache for safety)..." - terraform init + terraform init \ + -backend-config="endpoints={s3=\"${{ secrets.MINIO_ENDPOINT }}\"}" \ + -backend-config="bucket=${{ secrets.MINIO_BUCKET }}" \ + -backend-config="key=docker/renovate/terraform.tfstate" \ + -backend-config="region=main" \ + -backend-config="skip_credentials_validation=true" \ + -backend-config="skip_metadata_api_check=true" \ + -backend-config="skip_requesting_account_id=true" \ + -backend-config="skip_region_validation=true" \ + -backend-config="use_path_style=true" - name: Terraform Destroy Plan env: