fix: create secrets.auto.tfvars dynamically in workflow

- Generate secrets.auto.tfvars file during workflow run
- Terraform automatically loads *.auto.tfvars files
- This bypasses any issues with TF_VAR_ environment variables

.gitea/workflows/terraform-plan.yml

@@ -1,5 +1,4 @@
-name: Gitea Actions Demo
-run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
+name: Terraform Plan
 
 on:
   push:
@@ -12,20 +11,20 @@ jobs:
     name: "Terraform Plan"
     runs-on: ubuntu-latest
 
-    permissions:
-      contents: read
-      pull-requests: write
-
-    env:
-      TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
-      TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
-      TF_VAR_pm_api_token_id: ${{ secrets.PM_API_TOKEN_ID }}
-      TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Create secrets.tfvars
+        working-directory: terraform
+        run: |
+          cat > secrets.auto.tfvars << EOF
+          pm_api_token_id     = "${{ secrets.PM_API_TOKEN_ID }}"
+          pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
+          SSH_KEY_PUBLIC      = "${{ secrets.SSH_KEY_PUBLIC }}"
+          TS_AUTHKEY          = "${{ secrets.TS_AUTHKEY }}"
+          EOF
+
       - name: Set up Terraform
         uses: hashicorp/setup-terraform@v2
         with:
@@ -52,4 +51,3 @@ jobs:
         with:
           name: terraform-plan
           path: terraform/tfplan
-