fix: create secrets.auto.tfvars dynamically in workflow

- Generate secrets.auto.tfvars file during workflow run - Terraform automatically loads *.auto.tfvars files - This bypasses any issues with TF_VAR_ environment variables
2026-02-27 20:48:41 +00:00
parent 364dc6b35b
commit 841abb8fe3
2 changed files with 22 additions and 26 deletions
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -1,5 +1,4 @@
-name: Gitea Actions Demo
-run-name: ${{ gitea.actor }} is deploying with Terraform 🚀
+name: Terraform Apply

 on:
  push:
@@ -11,20 +10,20 @@ jobs:
    name: "Terraform Apply"
    runs-on: ubuntu-latest

-    permissions:
-      contents: read
-      pull-requests: write
-
-    env:
-      TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
-      TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
-      TF_VAR_pm_api_token_id: ${{ secrets.PM_API_TOKEN_ID }}
-      TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}
-
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

+      - name: Create secrets.tfvars
+        working-directory: terraform
+        run: |
+          cat > secrets.auto.tfvars << EOF
+          pm_api_token_id     = "${{ secrets.PM_API_TOKEN_ID }}"
+          pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
+          SSH_KEY_PUBLIC      = "${{ secrets.SSH_KEY_PUBLIC }}"
+          TS_AUTHKEY          = "${{ secrets.TS_AUTHKEY }}"
+          EOF
+
      - name: Set up Terraform
        uses: hashicorp/setup-terraform@v2
        with:
@@ -41,4 +40,3 @@ jobs:
      - name: Terraform Apply
        working-directory: terraform
        run: terraform apply -auto-approve
-