From 74940bdc2954f0023b4a9d832334d70564d7b1a4 Mon Sep 17 00:00:00 2001
From: Patrick de Ruiter <pderuiter@bsdserver.nl>
Date: Sun, 9 Nov 2025 09:59:47 +0100
Subject: [PATCH] Use actual Vault credentials for terraform tests

- Changed from mock credentials to actual Vault AppRole secrets
- Added VAULT_ADDR environment variable for Vault connection
- Uses same credentials as terraform-init job (read-only access)
- Fixes: Vault authentication failures in test execution
---
 .gitea/workflows/sonarqube.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.gitea/workflows/sonarqube.yaml b/.gitea/workflows/sonarqube.yaml
index 97f8c0e..87d897b 100644
--- a/.gitea/workflows/sonarqube.yaml
+++ b/.gitea/workflows/sonarqube.yaml
@@ -82,14 +82,16 @@ jobs:
     - name: Terraform Init (for testing)
       run: terraform init -backend=false
       env:
-        TF_VAR_role_id: "test-role-id"
-        TF_VAR_secret_id: "test-secret-id"
+        TF_VAR_role_id: ${{ secrets.VAULT_ROLE_ID }}
+        TF_VAR_secret_id: ${{ secrets.VAULT_SECRET_ID }}
+        VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
 
     - name: Run Terraform Tests
       run: terraform test -verbose
       env:
-        TF_VAR_role_id: "test-role-id"
-        TF_VAR_secret_id: "test-secret-id"
+        TF_VAR_role_id: ${{ secrets.VAULT_ROLE_ID }}
+        TF_VAR_secret_id: ${{ secrets.VAULT_SECRET_ID }}
+        VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
 
     - name: Generate Test Report
       if: always()