The renovate_endpoint and renovate_token values are retrieved from
Vault (secret/renovate) via data sources in the Terraform code, not
passed as Terraform variables.
Changes:
- Commented out TF_VAR_renovate_endpoint in all pipeline stages
- Commented out TF_VAR_renovate_token in all pipeline stages
- These values are properly sourced from Vault data sources
This fixes the container restart issue where Renovate couldn't find
the Gitea personal access token because the environment variable
wasn't being set correctly from Vault data.
Affected stages:
- terraform-validate (init and validate steps)
- terraform-plan (init and plan steps)
- terraform-apply (init and apply steps)
- terraform-destroy (init, plan, and execute steps)
Added working pipeline based on terraform-docker-eda module:
- Added pipeline.yaml with complete CI/CD workflow including Vault CLI setup
- Added setup-ssh.sh for Docker provider SSH key authentication
- Added .tflint.hcl for Terraform linting configuration
- Removed old sonarqube.yaml pipeline file
Pipeline now includes:
- Vault CLI installation and SSH key setup via script
- Proper backend configuration with -backend-config flags
- All security scans: TFLint, Tfsec, Checkov
- SonarQube integration
- Terraform plan/apply with MinIO artifact storage
- Terraform destroy workflow with manual approval
This pipeline configuration has been proven to work with Vault, MinIO,
and Docker providers using self-signed certificates.
