Add Terraform init step with secure MinIO backend

- Removed hardcoded MinIO credentials from backend.tf
- Added terraform-init job after SonarQube step
- Uses organization secrets for MinIO credentials:
  - MINIO_ACCESS_KEY
  - MINIO_SECRET_KEY
- Credentials passed via AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY env vars
- Initializes Terraform with S3-compatible MinIO backend

.gitea/workflows/sonarqube.yaml

@@ -76,3 +76,24 @@ jobs:
       env:
         SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
         SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+
+  terraform-init:
+    name: Terraform Init
+    runs-on: ubuntu-latest
+    needs: sonarqube
+    steps:
+    - name: Checking out
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: latest
+
+    - name: Terraform Init
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_KEY }}
+      run: terraform init

backend.tf

@@ -7,9 +7,6 @@ terraform {
     bucket   = "home-terraform"
     key      = "home/vsphere/network/vsphere-resourcegroup-config.tfstate"
 
-    access_key = "R9lCycfEO8qJ2dxlQT1S"
-    secret_key = "6rtVLjDIjx7U9ecNRkdbS3idSBNWsfNhN6wB20sJ"
-
     region                      = "main"
     skip_credentials_validation = true
     skip_metadata_api_check     = true