From 1304afd79399f26077e6c1d426c9a5699be89abf Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 28 Feb 2026 15:17:42 +0000
Subject: [PATCH] fix: harden destroy workflow and recover state push

---
 .gitea/workflows/terraform-destroy.yml | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/terraform-destroy.yml b/.gitea/workflows/terraform-destroy.yml
index 1c3cb56..5a57a71 100644
--- a/.gitea/workflows/terraform-destroy.yml
+++ b/.gitea/workflows/terraform-destroy.yml
@@ -36,7 +36,7 @@ jobs:
           fi
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: https://gitea.com/actions/checkout@v4
 
       - name: Create Terraform secret files
         working-directory: terraform
@@ -65,6 +65,7 @@ jobs:
         uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: 1.6.6
+          terraform_wrapper: false
 
       - name: Terraform Init
         working-directory: terraform
@@ -91,4 +92,20 @@ jobs:
 
       - name: Terraform Destroy Apply
         working-directory: terraform
-        run: terraform apply -auto-approve tfdestroy
+        run: |
+          set +e
+          terraform apply -auto-approve tfdestroy 2>&1 | tee destroy-apply.log
+          APPLY_EXIT=${PIPESTATUS[0]}
+
+          if [ "$APPLY_EXIT" -ne 0 ] && [ -f errored.tfstate ] && grep -q "Failed to persist state to backend" destroy-apply.log; then
+            echo "Detected backend state write failure after destroy; attempting recovery push..."
+            terraform state push errored.tfstate
+            PUSH_EXIT=$?
+
+            if [ "$PUSH_EXIT" -eq 0 ]; then
+              echo "Recovered by pushing errored.tfstate to backend."
+              exit 0
+            fi
+          fi
+
+          exit "$APPLY_EXIT"