chore(iac): remove spent R2 import block

The one-time import block from the previous change reconciled cloudflare_r2_bucket.arcodange_tf into state (run #29: "Import complete", "Apply complete! Resources: 1 imported"). It is now a no-op, so remove it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Merge pull request 'fix(iac): import existing EU R2 bucket into state' (#13 ) from arcodange/r2-state-import into main
2026-06-24 13:23:42 +02:00 · 2026-06-24 13:19:56 +02:00 · 2026-06-24 13:19:32 +02:00 · 2026-06-24 13:03:16 +02:00 · 2026-06-24 13:02:58 +02:00 · 2026-06-24 11:22:54 +02:00
2 changed files with 4 additions and 4 deletions
--- a/.gitea/workflows/iac.yaml
+++ b/.gitea/workflows/iac.yaml
@@ -36,7 +36,7 @@ concurrency:
 jobs:
  gitea_vault_auth:
    name: Auth with gitea for vault
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-ca
    outputs:
      gitea_vault_jwt: ${{steps.gitea_vault_jwt.outputs.id_token}}
    steps:
@@ -50,7 +50,7 @@ jobs:
    name: Tofu
    needs:
      - gitea_vault_auth
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-ca
    env:
      OPENTOFU_VERSION: 1.8.2
      TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
--- a/.gitea/workflows/postgres.yaml
+++ b/.gitea/workflows/postgres.yaml
@@ -33,7 +33,7 @@ concurrency:
 jobs:
  gitea_vault_auth:
    name: Auth with gitea for vault
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-ca
    outputs:
      gitea_vault_jwt: ${{steps.gitea_vault_jwt.outputs.id_token}}
    steps:
@@ -47,7 +47,7 @@ jobs:
    name: Tofu - Postgres
    needs:
      - gitea_vault_auth
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-ca
    env:
      OPENTOFU_VERSION: 1.8.2
      TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
Author	SHA1	Message	Date
Gabriel Radureau	7727b244ad	chore(iac): remove spent R2 import block The one-time import block from the previous change reconciled cloudflare_r2_bucket.arcodange_tf into state (run #29: "Import complete", "Apply complete! Resources: 1 imported"). It is now a no-op, so remove it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-24 13:23:42 +02:00
arcodange	e2a79a08a7	Merge pull request 'fix(iac): import existing EU R2 bucket into state' (#13 ) from arcodange/r2-state-import into main	2026-06-24 13:19:56 +02:00
Gabriel Radureau	a0fbe5c655	fix(iac): import existing EU R2 bucket into state Run #28 applied cleanly except cloudflare_r2_bucket.arcodange_tf: the bucket exists in the EU jurisdiction, but its prior state entry lacked the jurisdiction, so cloudflare provider >=5.20 read it as not-found, removed it from state, and then failed to recreate it ("already exists"). Add a config-driven import block with the jurisdiction-qualified id (<account_id>/<bucket_name>/<jurisdiction>) so the next apply adopts the real bucket. No-op once reconciled; removable after. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-24 13:19:32 +02:00
arcodange	fc28c52b85	Merge pull request 'fix(iac): pin cloudflare provider + lockfile, trust homelab CA in gitea provider' (#12 ) from arcodange/iac-provider-fixes into main	2026-06-24 13:03:16 +02:00
arcodange	bfa05ff633	Merge pull request 'fix(ci): run factory tofu workflows on the CA-trusting runner' (#11 ) from arcodange/focused-dirac-151213 into main	2026-06-24 13:02:58 +02:00
Gabriel Radureau	e5c537a967	fix(ci): run factory tofu workflows on the CA-trusting runner After the move to the self-signed internal DNS (gitea.arcodange.lab / vault.arcodange.lab), the default `ubuntu-latest` runner image does not trust the homelab CA, so the `uses:` clone of the vault-action over HTTPS fails TLS verification. webapp's workflows already moved to the `ubuntu-latest-ca` runner (whose image ships the homelab CA); apply the same to the factory `iac` and `postgres` tofu workflows. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-24 11:22:54 +02:00