From 269c9b48d7136f41afeb3f0383d0751e934d1c2a Mon Sep 17 00:00:00 2001
From: Patrick de Ruiter <pderuiter@bsdserver.nl>
Date: Sun, 2 Nov 2025 00:48:46 +0100
Subject: [PATCH] Add Terraform plan step with artifact upload

- Added terraform plan step that outputs plan to tfplan file
- Plan includes all required environment variables for Vault and MinIO
- Plan artifact uploaded with 30-day retention for later apply step
- Plan file can be downloaded and used for terraform apply
---
 .gitea/workflows/sonarqube.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.gitea/workflows/sonarqube.yaml b/.gitea/workflows/sonarqube.yaml
index 634d2fd..684c75f 100644
--- a/.gitea/workflows/sonarqube.yaml
+++ b/.gitea/workflows/sonarqube.yaml
@@ -114,3 +114,19 @@ jobs:
           -backend-config="skip_requesting_account_id=true" \
           -backend-config="skip_region_validation=true" \
           -backend-config="use_path_style=true"
+
+    - name: Terraform Plan
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_KEY }}
+        TF_VAR_role_id: ${{ secrets.VAULT_ROLE_ID }}
+        TF_VAR_secret_id: ${{ secrets.VAULT_SECRET_ID }}
+        VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+      run: terraform plan -out=tfplan
+
+    - name: Upload Terraform Plan
+      uses: actions/upload-artifact@v4
+      with:
+        name: terraform-plan
+        path: tfplan
+        retention-days: 30