diff --git a/.github/workflows/terraform-github-import.yml b/.github/workflows/terraform-github-import.yml index bdfa7b9f..ed7ee20b 100644 --- a/.github/workflows/terraform-github-import.yml +++ b/.github/workflows/terraform-github-import.yml @@ -10,6 +10,8 @@ on: default: true env: TF_VAR_GITHUB_APP_PEM_FILE: ${{ secrets.TF_VAR_GITHUB_APP_PEM_FILE }} + AWS_ACCESS_KEY_ID: ${{ secrets.TF_S3_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_S3_SECRET_ACCESS_KEY }} jobs: terraform-github-import: name: Terraform GitHub Import @@ -27,7 +29,6 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} terraform_wrapper: false - name: Terraform fmt id: fmt diff --git a/.github/workflows/terraform-github.yml b/.github/workflows/terraform-github.yml index 506148ab..76bf5620 100644 --- a/.github/workflows/terraform-github.yml +++ b/.github/workflows/terraform-github.yml @@ -14,6 +14,8 @@ name: Terraform GitHub workflow_dispatch: env: TF_VAR_GITHUB_APP_PEM_FILE: ${{ secrets.TF_VAR_GITHUB_APP_PEM_FILE }} + AWS_ACCESS_KEY_ID: ${{ secrets.TF_S3_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_S3_SECRET_ACCESS_KEY }} jobs: terraform: name: Terraform @@ -25,8 +27,6 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 - with: - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - name: Terraform fmt id: fmt @@ -111,8 +111,13 @@ jobs: body: output }) } + + - name: Terraform Format Status + if: steps.fmt.outcome == 'failure' + run: exit 1 + - name: Terraform Plan Status - if: steps.plan.outcome == 'failure' || steps.fmt.outcome == 'failure' + if: steps.plan.outcome == 'failure' run: exit 1 - name: Terraform Apply diff --git a/terraform/github/provider.tf b/terraform/github/provider.tf index 865b589e..a0d8a446 100644 --- a/terraform/github/provider.tf +++ b/terraform/github/provider.tf @@ -5,12 +5,23 @@ terraform { version = "6.11.1" } } - cloud { - organization = "stackhpc" - workspaces { - name = "github" + backend "s3" { + bucket = "github-terraform-backend" + key = "github/terraform.tfstate" + region = "auto" # Cloudflare R2 uses "auto" for the region + use_lockfile = true + + endpoints = { + s3 = "https://99e8d2e95b14ef888ce364a5ab310629.r2.cloudflarestorage.com" } + + # Bypasses strict AWS checks so the S3-compatible API works + skip_credentials_validation = true + skip_region_validation = true + skip_requesting_account_id = true + skip_metadata_api_check = true + skip_s3_checksum = true } } diff --git a/terraform/github/terraform.tfvars.json b/terraform/github/terraform.tfvars.json index a0016950..92b22827 100644 --- a/terraform/github/terraform.tfvars.json +++ b/terraform/github/terraform.tfvars.json @@ -115,7 +115,8 @@ "maintainers": [ "mnasiadka", "oneswig", - "priteau" + "priteau", + "sjpb" ], "members": [ "Alex-Welsh", @@ -129,7 +130,6 @@ "jovial", "m-bull", "motehue", - "sjpb", "stackhpc-ci" ] } @@ -138,13 +138,14 @@ "description": "Team responsible for Batch development", "privacy": "closed", "users": { - "maintainers": [], + "maintainers": [ + "sjpb" + ], "members": [ "elelaysh", "jovial", "m-bull", "mgrzybek", - "sjpb", "stackhpc-ci" ] } @@ -156,7 +157,8 @@ "maintainers": [ "mnasiadka", "oneswig", - "priteau" + "priteau", + "sjpb" ], "members": [ "Alex-Welsh", @@ -188,7 +190,6 @@ "motehue", "owenjones", "seunghun1ee", - "sjpb", "stackhpc-ci", "technowhizz", "wtripp180901", @@ -238,14 +239,14 @@ "privacy": "closed", "users": { "maintainers": [ - "priteau" + "priteau", + "sjpb" ], "members": [ "darmach", "GregWhiteyBialas", "m-bull", "mgrzybek", - "sjpb", "stackhpc-ci" ] }