- Added terraform plan step that outputs plan to tfplan file
- Plan includes all required environment variables for Vault and MinIO
- Plan artifact uploaded with 30-day retention for later apply step
- Plan file can be downloaded and used for terraform apply
- Updated backend.tf to use partial configuration
- Modified workflow to pass backend settings via -backend-config flags
- Follows Azure-style pattern with environment variables
- Improves flexibility and keeps configuration out of version control
- Required secrets: MINIO_ENDPOINT, MINIO_BUCKET, MINIO_STATE_KEY
- Enabled Terraform recommended preset
- Added rules for documentation, naming conventions, and unused declarations
- Note: No TFLint plugins available for vsphere or vault providers
- Core Terraform ruleset will still catch syntax errors and best practices
- Added TFLint job to catch Terraform errors and best practices
- TFLint runs before Checkov for early error detection
- Uses latest TFLint version with automatic initialization
- Pipeline flow: TFLint -> Checkov -> SonarQube
- Added Checkov security scan job that runs before SonarQube
- Configured for Terraform-specific IaC compliance checks
- Outputs results in CLI and SARIF formats
- Uploads scan results as artifacts for review
- SonarQube job now depends on Checkov passing
- Renamed workflow to reflect both quality and security scanning
- Updated SonarQube action from kitabisa/sonarqube-action@v1.2.0 to sonarsource/sonarqube-scan-action@v4
- Official action uses Java 17, compatible with SonarQube 25.10
- Added sonar-project.properties with Terraform-specific exclusions
- Fixes: java.lang.UnsupportedClassVersionError (class file version 61.0 vs 55.0)
- Add vSphere resource pool management
- Configure CPU and memory allocation controls
- Implement tagging system for organization
- Add comprehensive documentation
