From 1f6970c32181ecfb0b75d466868faff1c1580614 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 15:34:52 +0100 Subject: [PATCH 01/25] chore: Add tofu plan workflow --- .forgejo/workflows/tofu-plan.yaml | 35 +++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .forgejo/workflows/tofu-plan.yaml diff --git a/.forgejo/workflows/tofu-plan.yaml b/.forgejo/workflows/tofu-plan.yaml new file mode 100644 index 0000000..e7fa644 --- /dev/null +++ b/.forgejo/workflows/tofu-plan.yaml @@ -0,0 +1,35 @@ +--- +name: tofu plan +on: + workflow_dispatch: + workflow_call: + pull_request: + branches: + - main + # paths: + # - pve01.wheatley.in/k8s-whealtey/** + +jobs: + opentofu: + runs-on: docker + steps: + - uses: actions/checkout@v4 + - uses: opentofu/setup-opentofu@v1 + + - name: OpenTofu fmt + id: fmt + run: tofu fmt -check + continue-on-error: true + + - name: OpenTofu Init + id: init + run: tofu init + + - name: OpenTofu Validate + id: validate + run: tofu validate -no-color + + - name: OpenTofu Plan + id: plan + run: tofu plan -no-color + continue-on-error: true -- 2.39.5 From 5d8d471dcd0ec70c5cb2e3ae1d4e3c1979c407a9 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 20:53:52 +0100 Subject: [PATCH 02/25] feat: Set up wireguard connection --- ...u-plan.yaml => tofu-plan-k8s-wheatley.yaml} | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) rename .forgejo/workflows/{tofu-plan.yaml => tofu-plan-k8s-wheatley.yaml} (53%) diff --git a/.forgejo/workflows/tofu-plan.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml similarity index 53% rename from .forgejo/workflows/tofu-plan.yaml rename to .forgejo/workflows/tofu-plan-k8s-wheatley.yaml index e7fa644..63c40b3 100644 --- a/.forgejo/workflows/tofu-plan.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -1,5 +1,5 @@ --- -name: tofu plan +name: tofu plan k8s-wheatley on: workflow_dispatch: workflow_call: @@ -10,12 +10,26 @@ on: # - pve01.wheatley.in/k8s-whealtey/** jobs: - opentofu: + tofu-plan-k8s-wheatley: runs-on: docker steps: - uses: actions/checkout@v4 - uses: opentofu/setup-opentofu@v1 + - name: Setup Wireguard + run: | + echo "Installing Wireguard..." + sudo apt install resolvconf + sudo apt install wireguard + echo "Installing Wireguard ✅" + echo "Configuring Wireguard..." + echo "${{ secrets.WG_CONFIG }}" > /tmp/wg0.conf + sudo chmod 600 wg0.conf + echo "Configuring Wireguard ✅" + echo "Starting Wireguard..." + sudo wg-quick up /tmp/wg0.conf + echo "Started Wireguard ✅" + - name: OpenTofu fmt id: fmt run: tofu fmt -check -- 2.39.5 From 1b864a209cfdcf1472e77c3d465706302353e81f Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 20:55:14 +0100 Subject: [PATCH 03/25] fix: Don't use sudo --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 63c40b3..da36d6a 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -19,15 +19,15 @@ jobs: - name: Setup Wireguard run: | echo "Installing Wireguard..." - sudo apt install resolvconf - sudo apt install wireguard + apt install resolvconf + apt install wireguard echo "Installing Wireguard ✅" echo "Configuring Wireguard..." echo "${{ secrets.WG_CONFIG }}" > /tmp/wg0.conf - sudo chmod 600 wg0.conf + chmod 600 wg0.conf echo "Configuring Wireguard ✅" echo "Starting Wireguard..." - sudo wg-quick up /tmp/wg0.conf + wg-quick up /tmp/wg0.conf echo "Started Wireguard ✅" - name: OpenTofu fmt -- 2.39.5 From ae0b2e91f2c35def747c624b7ffb6d576d996ef1 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 20:57:20 +0100 Subject: [PATCH 04/25] fix: Renove resolvconf installation --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index da36d6a..583f2d9 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -19,7 +19,6 @@ jobs: - name: Setup Wireguard run: | echo "Installing Wireguard..." - apt install resolvconf apt install wireguard echo "Installing Wireguard ✅" echo "Configuring Wireguard..." -- 2.39.5 From 7bd2e066fdeb9f63615fe98f8e81f0530f5cd3a7 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 21:06:20 +0100 Subject: [PATCH 05/25] debug: List apt repositories --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 583f2d9..d9f3682 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -18,7 +18,9 @@ jobs: - name: Setup Wireguard run: | + apt-cache policy echo "Installing Wireguard..." + apt install resolvconf apt install wireguard echo "Installing Wireguard ✅" echo "Configuring Wireguard..." -- 2.39.5 From 9da7f3f54db187b5a6b6dc7e030b58136196f9d6 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 21:13:42 +0100 Subject: [PATCH 06/25] chore: Add missing apt repository --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index d9f3682..4599422 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -16,6 +16,11 @@ jobs: - uses: actions/checkout@v4 - uses: opentofu/setup-opentofu@v1 + - name: Setup apt repository + run: | + echo "deb http://deb.debian.org/debian $(lsb_release -cs) main contrib non-free non-free-firmware" | tee -a /etc/apt/sources.list + apt update + - name: Setup Wireguard run: | apt-cache policy -- 2.39.5 From a660769001dc0844b484db6338017d1f57dcf6e8 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 21:14:20 +0100 Subject: [PATCH 07/25] chore: Hardcode lsb_release --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 4599422..c90f0f1 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -18,7 +18,7 @@ jobs: - name: Setup apt repository run: | - echo "deb http://deb.debian.org/debian $(lsb_release -cs) main contrib non-free non-free-firmware" | tee -a /etc/apt/sources.list + echo "deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware" | tee -a /etc/apt/sources.list apt update - name: Setup Wireguard -- 2.39.5 From 530b5dae10c2d6031b67bc355d0bae7a99b6199f Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 21:16:03 +0100 Subject: [PATCH 08/25] fix: Remove resolvconf install --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index c90f0f1..a995ed5 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -25,7 +25,6 @@ jobs: run: | apt-cache policy echo "Installing Wireguard..." - apt install resolvconf apt install wireguard echo "Installing Wireguard ✅" echo "Configuring Wireguard..." -- 2.39.5 From 5cb946a1b29e7dd368be24d80881691f95ca552b Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 21:17:20 +0100 Subject: [PATCH 09/25] fix: Confirm installation --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index a995ed5..5af2dd4 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -25,7 +25,7 @@ jobs: run: | apt-cache policy echo "Installing Wireguard..." - apt install wireguard + apt install wireguard -y echo "Installing Wireguard ✅" echo "Configuring Wireguard..." echo "${{ secrets.WG_CONFIG }}" > /tmp/wg0.conf -- 2.39.5 From b77a24f50ce24000e559a4da5b747f0a6fecfcf1 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 21:19:36 +0100 Subject: [PATCH 10/25] fix: Update file location --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 5af2dd4..6da6f2b 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -29,7 +29,7 @@ jobs: echo "Installing Wireguard ✅" echo "Configuring Wireguard..." echo "${{ secrets.WG_CONFIG }}" > /tmp/wg0.conf - chmod 600 wg0.conf + chmod 600 /tmp/wg0.conf echo "Configuring Wireguard ✅" echo "Starting Wireguard..." wg-quick up /tmp/wg0.conf -- 2.39.5 From 95b8634b0067b4dc4c1b2325e079afc1f7fc0014 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 28 Nov 2025 21:26:32 +0100 Subject: [PATCH 11/25] chore: Install dependency --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 6da6f2b..284b098 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -25,7 +25,7 @@ jobs: run: | apt-cache policy echo "Installing Wireguard..." - apt install wireguard -y + apt install iproute2 wireguard -y echo "Installing Wireguard ✅" echo "Configuring Wireguard..." echo "${{ secrets.WG_CONFIG }}" > /tmp/wg0.conf -- 2.39.5 From 40fcbe34865485d854545a758c8f467fd58aa75c Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 10:11:44 +0100 Subject: [PATCH 12/25] fix: Connect to wireguard on host --- .../workflows/tofu-plan-k8s-wheatley.yaml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 284b098..144e17b 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -16,25 +16,6 @@ jobs: - uses: actions/checkout@v4 - uses: opentofu/setup-opentofu@v1 - - name: Setup apt repository - run: | - echo "deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware" | tee -a /etc/apt/sources.list - apt update - - - name: Setup Wireguard - run: | - apt-cache policy - echo "Installing Wireguard..." - apt install iproute2 wireguard -y - echo "Installing Wireguard ✅" - echo "Configuring Wireguard..." - echo "${{ secrets.WG_CONFIG }}" > /tmp/wg0.conf - chmod 600 /tmp/wg0.conf - echo "Configuring Wireguard ✅" - echo "Starting Wireguard..." - wg-quick up /tmp/wg0.conf - echo "Started Wireguard ✅" - - name: OpenTofu fmt id: fmt run: tofu fmt -check -- 2.39.5 From 470b6dcb8e35a20d6ab2e99395669ca7fb965f4a Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 11:15:28 +0100 Subject: [PATCH 13/25] chore: Set working directory --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 144e17b..568373c 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -7,7 +7,10 @@ on: branches: - main # paths: - # - pve01.wheatley.in/k8s-whealtey/** + # - pve01.wheatley.in/k8s-wheatley/** + +env: + TOFU_DIR: pve01.wheatley.in/k8s-wheatley jobs: tofu-plan-k8s-wheatley: @@ -19,17 +22,21 @@ jobs: - name: OpenTofu fmt id: fmt run: tofu fmt -check + working-directory: ${{ env.TOFU_DIR }} continue-on-error: true - name: OpenTofu Init id: init run: tofu init + working-directory: ${{ env.TOFU_DIR }} - name: OpenTofu Validate id: validate run: tofu validate -no-color + working-directory: ${{ env.TOFU_DIR }} - name: OpenTofu Plan id: plan run: tofu plan -no-color + working-directory: ${{ env.TOFU_DIR }} continue-on-error: true -- 2.39.5 From 20968206f69b6a133ffcec34347897834e6e04fb Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 11:22:33 +0100 Subject: [PATCH 14/25] chore: Parse secrets in env vars --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 568373c..9577197 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -11,6 +11,11 @@ on: env: TOFU_DIR: pve01.wheatley.in/k8s-wheatley + AWS_S3_ENDPOINT: ${{ secrets.AWS_S3_ENDPOINT }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + TF_VAR_PROXMOX_API_TOKEN: ${{ secrets.PROXMOX_API_TOKEN }} + TF_VAR_PROXMOX_ENDPOINT: ${{ secrets.PROXMOX_ENDPOINT }} jobs: tofu-plan-k8s-wheatley: -- 2.39.5 From 4a98acc7681e6c8192ff61809a882b642c030c96 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 11:47:07 +0100 Subject: [PATCH 15/25] chore: Use opentofu container image --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 9577197..91eb7a9 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -20,9 +20,10 @@ env: jobs: tofu-plan-k8s-wheatley: runs-on: docker + container: + image: ghcr.io/opentofu/opentofu:1.10.7 steps: - uses: actions/checkout@v4 - - uses: opentofu/setup-opentofu@v1 - name: OpenTofu fmt id: fmt -- 2.39.5 From d7bf58060e1ea6d8b248267c746ece37ac21707d Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 12:15:12 +0100 Subject: [PATCH 16/25] chore: Manually install OpenTofu --- .../workflows/tofu-plan-k8s-wheatley.yaml | 32 +++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 91eb7a9..cc8dad7 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -10,6 +10,8 @@ on: # - pve01.wheatley.in/k8s-wheatley/** env: + TOFU_VERSION: 1.10.7 + TOFU_CHECKSUM: 765a7374aeafcad15fe8da5359de76ce11ba0fd3cb6c2dc85d3b390e6362cae5 TOFU_DIR: pve01.wheatley.in/k8s-wheatley AWS_S3_ENDPOINT: ${{ secrets.AWS_S3_ENDPOINT }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -20,11 +22,37 @@ env: jobs: tofu-plan-k8s-wheatley: runs-on: docker - container: - image: ghcr.io/opentofu/opentofu:1.10.7 steps: - uses: actions/checkout@v4 + - name: Download OpenTofu + id: download + run: | + set -eo pipefail + echo "Downloading OpenTofu..." + curl -L https://github.com/opentofu/opentofu/releases/download/v{{ env.TOFU_VERSION }}/tofu_{{ env.TOFU_VERSION }}_linux_amd64.tar.gz + echo "Downloaded OpenTofu ✅" + echo "Verifying checksum..." + if echo "{{ env.TOFU_CHECKSUM }} tofu_{{ env.TOFU_VERSION }}_linux_amd64.tar.gz" | sha256sum --check --status; then + echo "Checksum OK ✅" + else + echo "Checksum mismatch! ❌" + exit 1 + working-directory: /tmp/tofu + + + - name: Install OpenTofu + run: | + echo "Untarring..." + tar -xzf tofu_{{ env.TOFU_VERSION }}_linux_amd64.tar.gz + echo "Untarring ✅" + echo "Installing OpenTofu Binary..." + mv tofu /usr/local/bin/tofu + chmod +x /usr/local/bin/tofu + echo "Installed Open Tofu ✅ Installed version:" + tofu version + working-directory: /tmp/tofu + - name: OpenTofu fmt id: fmt run: tofu fmt -check -- 2.39.5 From fd171f42d0b35accf2c22e04837a930bf1d6c9ed Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 12:15:55 +0100 Subject: [PATCH 17/25] fix: Use existing workingdir --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index cc8dad7..ebd8053 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -38,7 +38,7 @@ jobs: else echo "Checksum mismatch! ❌" exit 1 - working-directory: /tmp/tofu + working-directory: /tmp - name: Install OpenTofu @@ -51,7 +51,7 @@ jobs: chmod +x /usr/local/bin/tofu echo "Installed Open Tofu ✅ Installed version:" tofu version - working-directory: /tmp/tofu + working-directory: /tmp - name: OpenTofu fmt id: fmt -- 2.39.5 From 4bcf2a32e533f21c56ffa9ea9e01eb937a15f725 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 12:16:53 +0100 Subject: [PATCH 18/25] fix: Correctly parse variables --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index ebd8053..bb31f80 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -30,10 +30,10 @@ jobs: run: | set -eo pipefail echo "Downloading OpenTofu..." - curl -L https://github.com/opentofu/opentofu/releases/download/v{{ env.TOFU_VERSION }}/tofu_{{ env.TOFU_VERSION }}_linux_amd64.tar.gz + curl -L https://github.com/opentofu/opentofu/releases/download/v${{ env.TOFU_VERSION }}/tofu_${{ env.TOFU_VERSION }}_linux_amd64.tar.gz echo "Downloaded OpenTofu ✅" echo "Verifying checksum..." - if echo "{{ env.TOFU_CHECKSUM }} tofu_{{ env.TOFU_VERSION }}_linux_amd64.tar.gz" | sha256sum --check --status; then + if echo "${{ env.TOFU_CHECKSUM }} tofu_${{ env.TOFU_VERSION }}_linux_amd64.tar.gz" | sha256sum --check --status; then echo "Checksum OK ✅" else echo "Checksum mismatch! ❌" @@ -44,7 +44,7 @@ jobs: - name: Install OpenTofu run: | echo "Untarring..." - tar -xzf tofu_{{ env.TOFU_VERSION }}_linux_amd64.tar.gz + tar -xzf tofu_${{ env.TOFU_VERSION }}_linux_amd64.tar.gz echo "Untarring ✅" echo "Installing OpenTofu Binary..." mv tofu /usr/local/bin/tofu -- 2.39.5 From 735b51637c57b027aaf87f17e1bd09f7ab3688c2 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 12:20:13 +0100 Subject: [PATCH 19/25] fix: Output download to file --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index bb31f80..1ec2039 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -12,6 +12,7 @@ on: env: TOFU_VERSION: 1.10.7 TOFU_CHECKSUM: 765a7374aeafcad15fe8da5359de76ce11ba0fd3cb6c2dc85d3b390e6362cae5 + TOFU_ARCHIVE: tofu_${{ env.TOFU_VERSION }}_linux_amd64.tar.gz TOFU_DIR: pve01.wheatley.in/k8s-wheatley AWS_S3_ENDPOINT: ${{ secrets.AWS_S3_ENDPOINT }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -30,10 +31,10 @@ jobs: run: | set -eo pipefail echo "Downloading OpenTofu..." - curl -L https://github.com/opentofu/opentofu/releases/download/v${{ env.TOFU_VERSION }}/tofu_${{ env.TOFU_VERSION }}_linux_amd64.tar.gz + curl -L https://github.com/opentofu/opentofu/releases/download/v${{ env.TOFU_VERSION }}/${{ env.TOFU_ARCHIVE }} -o ${{ env.TOFU_ARCHIVE }} echo "Downloaded OpenTofu ✅" echo "Verifying checksum..." - if echo "${{ env.TOFU_CHECKSUM }} tofu_${{ env.TOFU_VERSION }}_linux_amd64.tar.gz" | sha256sum --check --status; then + if echo "${{ env.TOFU_CHECKSUM }} ${{ env.TOFU_ARCHIVE }}" | sha256sum --check --status; then echo "Checksum OK ✅" else echo "Checksum mismatch! ❌" @@ -44,7 +45,7 @@ jobs: - name: Install OpenTofu run: | echo "Untarring..." - tar -xzf tofu_${{ env.TOFU_VERSION }}_linux_amd64.tar.gz + tar -xzf ${{ env.TOFU_ARCHIVE }} echo "Untarring ✅" echo "Installing OpenTofu Binary..." mv tofu /usr/local/bin/tofu -- 2.39.5 From 9ae4963476c8fdec7ab9ec35d161868a193cd832 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 12:22:26 +0100 Subject: [PATCH 20/25] fix: Unquote pipe command --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 1ec2039..93cefdb 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -34,7 +34,7 @@ jobs: curl -L https://github.com/opentofu/opentofu/releases/download/v${{ env.TOFU_VERSION }}/${{ env.TOFU_ARCHIVE }} -o ${{ env.TOFU_ARCHIVE }} echo "Downloaded OpenTofu ✅" echo "Verifying checksum..." - if echo "${{ env.TOFU_CHECKSUM }} ${{ env.TOFU_ARCHIVE }}" | sha256sum --check --status; then + if echo ${{ env.TOFU_CHECKSUM }} ${{ env.TOFU_ARCHIVE }} | sha256sum --check --status; then echo "Checksum OK ✅" else echo "Checksum mismatch! ❌" -- 2.39.5 From d44e242de395e614dd07a585070bbd5222a65fab Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 12:25:24 +0100 Subject: [PATCH 21/25] fix: Use printf --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 93cefdb..bbaf631 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -34,11 +34,7 @@ jobs: curl -L https://github.com/opentofu/opentofu/releases/download/v${{ env.TOFU_VERSION }}/${{ env.TOFU_ARCHIVE }} -o ${{ env.TOFU_ARCHIVE }} echo "Downloaded OpenTofu ✅" echo "Verifying checksum..." - if echo ${{ env.TOFU_CHECKSUM }} ${{ env.TOFU_ARCHIVE }} | sha256sum --check --status; then - echo "Checksum OK ✅" - else - echo "Checksum mismatch! ❌" - exit 1 + printf "%s %s" "${{ env.TOFU_CHECKSUM }}" "${{ env.TOFU_ARCHIVE }}" | sha256sum --check --status; then working-directory: /tmp -- 2.39.5 From 696e4e6a92acca061fba8c5bc7e38fcdae655e02 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 12:25:45 +0100 Subject: [PATCH 22/25] chore: Remove then statement --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index bbaf631..baed17c 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -34,7 +34,7 @@ jobs: curl -L https://github.com/opentofu/opentofu/releases/download/v${{ env.TOFU_VERSION }}/${{ env.TOFU_ARCHIVE }} -o ${{ env.TOFU_ARCHIVE }} echo "Downloaded OpenTofu ✅" echo "Verifying checksum..." - printf "%s %s" "${{ env.TOFU_CHECKSUM }}" "${{ env.TOFU_ARCHIVE }}" | sha256sum --check --status; then + printf "%s %s" "${{ env.TOFU_CHECKSUM }}" "${{ env.TOFU_ARCHIVE }}" | sha256sum --check --status working-directory: /tmp -- 2.39.5 From cadba057d261f20cea2b9644023150918ab13d6a Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 12:29:13 +0100 Subject: [PATCH 23/25] chore: Return checksum result --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index baed17c..0537361 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -35,6 +35,7 @@ jobs: echo "Downloaded OpenTofu ✅" echo "Verifying checksum..." printf "%s %s" "${{ env.TOFU_CHECKSUM }}" "${{ env.TOFU_ARCHIVE }}" | sha256sum --check --status + echo "Checksum ok ✅" working-directory: /tmp -- 2.39.5 From 0af3b3a26a749328bf236b4d443daba04b4de89a Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 12:29:30 +0100 Subject: [PATCH 24/25] fix: Parse tofu env vars in step instead of job --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 0537361..3cfe3e1 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -17,8 +17,6 @@ env: AWS_S3_ENDPOINT: ${{ secrets.AWS_S3_ENDPOINT }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - TF_VAR_PROXMOX_API_TOKEN: ${{ secrets.PROXMOX_API_TOKEN }} - TF_VAR_PROXMOX_ENDPOINT: ${{ secrets.PROXMOX_ENDPOINT }} jobs: tofu-plan-k8s-wheatley: @@ -69,6 +67,9 @@ jobs: - name: OpenTofu Plan id: plan + env: + TF_VAR_PROXMOX_API_TOKEN: ${{ secrets.PROXMOX_API_TOKEN }} + TF_VAR_PROXMOX_ENDPOINT: ${{ secrets.PROXMOX_ENDPOINT }} run: tofu plan -no-color working-directory: ${{ env.TOFU_DIR }} continue-on-error: true -- 2.39.5 From f3d0f3c7e56d2e14e7789cdac8645c13e9baf421 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 29 Nov 2025 15:42:26 +0100 Subject: [PATCH 25/25] debug: Print proxmox endpoint var --- .forgejo/workflows/tofu-plan-k8s-wheatley.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml index 3cfe3e1..f867ac5 100644 --- a/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml +++ b/.forgejo/workflows/tofu-plan-k8s-wheatley.yaml @@ -70,6 +70,8 @@ jobs: env: TF_VAR_PROXMOX_API_TOKEN: ${{ secrets.PROXMOX_API_TOKEN }} TF_VAR_PROXMOX_ENDPOINT: ${{ secrets.PROXMOX_ENDPOINT }} - run: tofu plan -no-color + run: | + echo "Proxmox endpoint: ${{ env.TF_VAR_PROXMOX_ENDPOINT}}" + tofu plan -no-color working-directory: ${{ env.TOFU_DIR }} continue-on-error: true -- 2.39.5