From 2bde45e106797ffa79bb5210ef3e19e16a13af3c Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sun, 26 Apr 2026 22:01:39 +0000
Subject: [PATCH] fix: allow intentional destroy without backup

---
 .gitea/workflows/destroy.yml | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/destroy.yml b/.gitea/workflows/destroy.yml
index e2db654..22bf0b8 100644
--- a/.gitea/workflows/destroy.yml
+++ b/.gitea/workflows/destroy.yml
@@ -7,6 +7,14 @@ on:
         description: 'Type "destroy" to confirm'
         required: true
         default: ''
+      require_rancher_backup:
+        description: 'Require an existing Rancher B2 backup before destroy'
+        required: true
+        default: 'true'
+        type: choice
+        options:
+          - 'true'
+          - 'false'
 
 concurrency:
   group: prod-cluster
@@ -61,10 +69,19 @@ jobs:
             -backend-config="skip_requesting_account_id=true"
 
       - name: Verify Rancher backup exists
+        if: github.event.inputs.require_rancher_backup == 'true'
         run: |
           set -euo pipefail
+          if [ -z "${B2_ACCOUNT_ID}" ] || [ -z "${B2_APPLICATION_KEY}" ]; then
+            echo "B2 credentials are not available in this workflow/environment; cannot verify Rancher backups." >&2
+            exit 1
+          fi
+
           CREDS=$(printf '%s:%s' "${B2_ACCOUNT_ID}" "${B2_APPLICATION_KEY}" | base64 -w0)
-          AUTH_RESP=$(curl -fsS -H "Authorization: Basic ${CREDS}" https://api.backblazeb2.com/b2api/v2/b2_authorize_account)
+          AUTH_RESP=$(curl -fsS -H "Authorization: Basic ${CREDS}" https://api.backblazeb2.com/b2api/v2/b2_authorize_account) || {
+            echo "Failed to authorize with B2; check B2_ACCOUNT_ID/B2_APPLICATION_KEY in the destroy environment." >&2
+            exit 1
+          }
           API_URL=$(printf '%s' "${AUTH_RESP}" | python3 -c "import json,sys; print(json.load(sys.stdin)['apiUrl'])")
           AUTH_TOKEN=$(printf '%s' "${AUTH_RESP}" | python3 -c "import json,sys; print(json.load(sys.stdin)['authorizationToken'])")
           BUCKET_ID=$(printf '%s' "${AUTH_RESP}" | python3 -c "import json,sys; print(json.load(sys.stdin).get('allowed', {}).get('bucketId') or '')")
@@ -88,6 +105,11 @@ jobs:
 
           echo "Verified Rancher backup exists: ${LATEST}"
 
+      - name: Skip Rancher backup verification
+        if: github.event.inputs.require_rancher_backup == 'false'
+        run: |
+          echo "Rancher backup verification explicitly skipped for this destroy run."
+
       - name: Terraform Destroy
         id: destroy
         working-directory: terraform