Lutz Finsterle
3bf5960302
Some checks failed
Deploy / Update K8s Apps / Detect changed K8s tfvars (push) Failing after 13s
Deploy / Update Apps / Detect changed tfvars files (push) Failing after 13s
Test / Static Analysis (push) Failing after 11s
Test / Unit Tests — Docker Stack (push) Has been skipped
Test / Unit Tests — K8s Stack (push) Has been skipped
Deploy / Update K8s Apps / Deploy ${{ matrix.tfvars }} (push) Has been skipped
Deploy / Update K8s Apps / Destroy ${{ matrix.tfvars }} (push) Has been skipped
Deploy / Update Apps / Deploy ${{ matrix.tfvars }} (push) Has been skipped
Deploy / Update Apps / Destroy ${{ matrix.tfvars }} (push) Has been skipped
Test / Integration Test — K8s (k3d) (push) Has been skipped
51 lines
2.6 KiB
HCL
51 lines
2.6 KiB
HCL
# ─── State Backend ────────────────────────────────────────────────────────────
|
|
#
|
|
# Each app deployment uses its own Tofu workspace so state is isolated.
|
|
# The CI/CD pipeline selects (or creates) the workspace named after the app
|
|
# before running plan/apply.
|
|
#
|
|
# OPTION A — SeaweedFS S3 API (recommended for self-hosted Gitea CI/CD)
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
# SeaweedFS exposes an S3-compatible API (default port 8333).
|
|
# Create the state bucket once: `weed shell` → `s3.bucket.create -name tofu-state`
|
|
#
|
|
# Configure via environment variables in the Gitea runner (no secrets in code):
|
|
#
|
|
# AWS_ACCESS_KEY_ID = <seaweedfs-access-key>
|
|
# AWS_SECRET_ACCESS_KEY = <seaweedfs-secret-key>
|
|
#
|
|
# Then initialise with:
|
|
# tofu init \
|
|
# -backend-config="bucket=tofu-state" \
|
|
# -backend-config="key=apps/${APP_NAME}.tfstate" \
|
|
# -backend-config="endpoint=http://seaweedfs.example.com:8333" \
|
|
# -backend-config="region=us-east-1" \
|
|
# -backend-config="force_path_style=true"
|
|
#
|
|
# Uncomment to enable:
|
|
#
|
|
# terraform {
|
|
# backend "s3" {}
|
|
# }
|
|
|
|
# OPTION B — HTTP backend (e.g., a custom state server or Gitlab-compatible endpoint)
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
# tofu init \
|
|
# -backend-config="address=https://state.example.com/apps/${APP_NAME}" \
|
|
# -backend-config="lock_address=https://state.example.com/apps/${APP_NAME}/lock" \
|
|
# -backend-config="unlock_address=https://state.example.com/apps/${APP_NAME}/lock" \
|
|
# -backend-config="username=${TF_HTTP_USERNAME}" \
|
|
# -backend-config="password=${TF_HTTP_PASSWORD}"
|
|
#
|
|
# Uncomment to enable:
|
|
#
|
|
# terraform {
|
|
# backend "http" {}
|
|
# }
|
|
|
|
# OPTION C — Local backend (default, useful for local development)
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
# State is stored in terraform.tfstate.d/<workspace>/terraform.tfstate
|
|
# Commit .gitignore entries for *.tfstate and *.tfstate.backup.
|
|
# Not suitable for concurrent CI/CD runs.
|