From 72c8be1a56cbc052eb89525869759afa7d559516 Mon Sep 17 00:00:00 2001
From: Patrick de Ruiter <pderuiter@bsdserver.nl>
Date: Sun, 2 Nov 2025 00:48:17 +0100
Subject: [PATCH] Add Vault credentials to workflow secrets

- Added TF_VAR_role_id and TF_VAR_secret_id environment variables
- Added VAULT_ADDR environment variable
- Vault credentials now sourced from Gitea secrets instead of tfvars
- Required secrets: VAULT_ADDR, VAULT_ROLE_ID, VAULT_SECRET_ID
---
 .gitea/workflows/sonarqube.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitea/workflows/sonarqube.yaml b/.gitea/workflows/sonarqube.yaml
index 57014db..634d2fd 100644
--- a/.gitea/workflows/sonarqube.yaml
+++ b/.gitea/workflows/sonarqube.yaml
@@ -100,6 +100,9 @@ jobs:
         TF_BACKEND_BUCKET: ${{ secrets.MINIO_BUCKET }}
         TF_BACKEND_KEY: ${{ secrets.MINIO_STATE_KEY }}
         TF_BACKEND_REGION: "main"
+        TF_VAR_role_id: ${{ secrets.VAULT_ROLE_ID }}
+        TF_VAR_secret_id: ${{ secrets.VAULT_SECRET_ID }}
+        VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
       run: |
         terraform init \
           -backend-config="endpoints={s3=\"${TF_BACKEND_ENDPOINT}\"}" \