From b0768db7a7bbc97af6cd380bf00e851a6339ab71 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Sat, 28 Feb 2026 00:52:40 +0000 Subject: [PATCH] feat: store Terraform state in Backblaze B2 Configure an s3 backend and initialize Terraform in CI with backend config from Gitea secrets so state persists across runs and apply operations stay consistent. --- .gitea/workflows/terraform-apply.yml | 15 ++++++++++++++- .gitea/workflows/terraform-plan.yml | 15 ++++++++++++++- terraform/main.tf | 2 ++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml index 3aa01c6..602b21b 100644 --- a/.gitea/workflows/terraform-apply.yml +++ b/.gitea/workflows/terraform-apply.yml @@ -20,6 +20,19 @@ jobs: cat > secrets.auto.tfvars << EOF pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}" EOF + cat > backend.hcl << EOF + bucket = "${{ secrets.B2_TF_BUCKET }}" + key = "terraform.tfstate" + region = "us-east-005" + endpoint = "${{ secrets.B2_TF_ENDPOINT }}" + access_key = "${{ secrets.B2_KEY_ID }}" + secret_key = "${{ secrets.B2_APPLICATION_KEY }}" + skip_credentials_validation = true + skip_metadata_api_check = true + skip_region_validation = true + skip_requesting_account_id = true + force_path_style = true + EOF - name: Set up Terraform uses: hashicorp/setup-terraform@v2 @@ -28,7 +41,7 @@ jobs: - name: Terraform Init working-directory: terraform - run: terraform init + run: terraform init -reconfigure -backend-config=backend.hcl - name: Terraform Plan working-directory: terraform diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml index 35637d1..34fb360 100644 --- a/.gitea/workflows/terraform-plan.yml +++ b/.gitea/workflows/terraform-plan.yml @@ -22,6 +22,19 @@ jobs: cat > secrets.auto.tfvars << EOF pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}" EOF + cat > backend.hcl << EOF + bucket = "${{ secrets.B2_TF_BUCKET }}" + key = "terraform.tfstate" + region = "us-east-005" + endpoint = "${{ secrets.B2_TF_ENDPOINT }}" + access_key = "${{ secrets.B2_KEY_ID }}" + secret_key = "${{ secrets.B2_APPLICATION_KEY }}" + skip_credentials_validation = true + skip_metadata_api_check = true + skip_region_validation = true + skip_requesting_account_id = true + force_path_style = true + EOF echo "Created secrets.auto.tfvars:" cat secrets.auto.tfvars | sed 's/=.*/=***/' echo "Using token ID from terraform.tfvars:" @@ -34,7 +47,7 @@ jobs: - name: Terraform Init working-directory: terraform - run: terraform init + run: terraform init -reconfigure -backend-config=backend.hcl - name: Terraform Format Check working-directory: terraform diff --git a/terraform/main.tf b/terraform/main.tf index 55e812f..8631a17 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,4 +1,6 @@ terraform { + backend "s3" {} + required_providers { proxmox = { source = "Telmate/proxmox"