micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b0768db7a7bbc97af6cd380bf00e851a6339ab71
TerraHome/.gitea/workflows/terraform-apply.yml
MichaelFisher1997 b0768db7a7
Some checks failed
Terraform Plan / Terraform Plan (push) Failing after 9s
Details
feat: store Terraform state in Backblaze B2 
Configure an s3 backend and initialize Terraform in CI with backend config from Gitea secrets so state persists across runs and apply operations stay consistent.
2026-02-28 00:52:40 +00:00

74 lines
2.6 KiB
YAML
Raw Blame History

name: Terraform Apply
on:
push:
branches:
- master
jobs:
terraform:
name: "Terraform Apply"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Create secrets.tfvars
working-directory: terraform
run: |
cat > secrets.auto.tfvars << EOF
pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
EOF
cat > backend.hcl << EOF
bucket = "${{ secrets.B2_TF_BUCKET }}"
key = "terraform.tfstate"
region = "us-east-005"
endpoint = "${{ secrets.B2_TF_ENDPOINT }}"
access_key = "${{ secrets.B2_KEY_ID }}"
secret_key = "${{ secrets.B2_APPLICATION_KEY }}"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
force_path_style = true
EOF
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.6
- name: Terraform Init
working-directory: terraform
run: terraform init -reconfigure -backend-config=backend.hcl
- name: Terraform Plan
working-directory: terraform
run: terraform plan
- name: Terraform Apply
working-directory: terraform
run: terraform apply -auto-approve
- name: Enroll VMs in Tailscale
env:
TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
TAILSCALE_ENROLL_HOSTS: ${{ secrets.TAILSCALE_ENROLL_HOSTS }}
VM_SSH_PRIVATE_KEY: ${{ secrets.VM_SSH_PRIVATE_KEY }}
run: |
if [ -z "$TS_AUTHKEY" ] || [ -z "$TAILSCALE_ENROLL_HOSTS" ] || [ -z "$VM_SSH_PRIVATE_KEY" ]; then
echo "Skipping Tailscale enrollment (missing TS_AUTHKEY, TAILSCALE_ENROLL_HOSTS, or VM_SSH_PRIVATE_KEY)."
exit 0
fi
install -m 700 -d ~/.ssh
printf '%s\n' "$VM_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
for host in $(printf '%s' "$TAILSCALE_ENROLL_HOSTS" | tr ',' ' '); do
echo "Enrolling $host into Tailscale"
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa "micqdf@$host" \
"echo '$TS_AUTHKEY' | sudo tee /etc/tailscale/authkey >/dev/null && sudo chmod 600 /etc/tailscale/authkey && sudo systemctl start tailscale-firstboot.service"
done
Reference in New Issue View Git Blame Copy Permalink