fix: harden destroy workflow and recover state push

.gitea/workflows/terraform-destroy.yml

@@ -36,7 +36,7 @@ jobs:
           fi
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: https://gitea.com/actions/checkout@v4
 
       - name: Create Terraform secret files
         working-directory: terraform
@@ -65,6 +65,7 @@ jobs:
         uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: 1.6.6
+          terraform_wrapper: false
 
       - name: Terraform Init
         working-directory: terraform
@@ -91,4 +92,20 @@ jobs:
 
       - name: Terraform Destroy Apply
         working-directory: terraform
-        run: terraform apply -auto-approve tfdestroy
+        run: |
+          set +e
+          terraform apply -auto-approve tfdestroy 2>&1 | tee destroy-apply.log
+          APPLY_EXIT=${PIPESTATUS[0]}
+
+          if [ "$APPLY_EXIT" -ne 0 ] && [ -f errored.tfstate ] && grep -q "Failed to persist state to backend" destroy-apply.log; then
+            echo "Detected backend state write failure after destroy; attempting recovery push..."
+            terraform state push errored.tfstate
+            PUSH_EXIT=$?
+
+            if [ "$PUSH_EXIT" -eq 0 ]; then
+              echo "Recovered by pushing errored.tfstate to backend."
+              exit 0
+            fi
+          fi
+
+          exit "$APPLY_EXIT"