fix(provision): merge terragrunt-apply into single shell block for env persistence

2026-03-18 00:11:14 +00:00 · 2026-03-18 00:11:14 +00:00 · de6a5caecc
commit de6a5caecc
parent 7a24ff6702
1 changed files with 15 additions and 17 deletions
--- a/.woodpecker/provision-user.yml
+++ b/.woodpecker/provision-user.yml
@ -134,31 +134,29 @@ steps:
          limits:
            memory: 6Gi
    commands:
-      - "apk update && apk add curl unzip git openssh-client python3 py3-pip py3-yaml"
-      # Install sops
-      - "wget -qO /usr/local/bin/sops https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.linux.amd64"
-      - "chmod 755 /usr/local/bin/sops"
-      # Install Terraform
-      - "wget -qO /tmp/terraform.zip https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip"
-      - "unzip -o /tmp/terraform.zip -d /usr/local/bin/ && chmod 755 /usr/local/bin/terraform"
-      # Install Terragrunt
-      - "wget -qO /usr/local/bin/terragrunt https://github.com/gruntwork-io/terragrunt/releases/download/v0.99.4/terragrunt_linux_amd64"
-      - "chmod 755 /usr/local/bin/terragrunt"
-      # Source Vault token
-      - "source .vault-env"
-      # Apply stacks sequentially: vault → rbac → cloudflared → woodpecker
      - |
-        source .vault-env
+        set -e
+        apk update && apk add curl unzip git openssh-client python3 py3-pip py3-yaml
+        # Install sops
+        wget -qO /usr/local/bin/sops https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.linux.amd64
+        chmod 755 /usr/local/bin/sops
+        # Install Terraform
+        wget -qO /tmp/terraform.zip https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip
+        unzip -o /tmp/terraform.zip -d /usr/local/bin/ && chmod 755 /usr/local/bin/terraform
+        # Install Terragrunt
+        wget -qO /usr/local/bin/terragrunt https://github.com/gruntwork-io/terragrunt/releases/download/v0.99.4/terragrunt_linux_amd64
+        chmod 755 /usr/local/bin/terragrunt
+        # Source Vault token (must be in same shell block)
+        . .vault-env
        export VAULT_ADDR
        export VAULT_TOKEN
+        echo "Vault token acquired, applying stacks..."
+        # Apply stacks sequentially: vault → rbac → cloudflared → woodpecker
        for stack in vault rbac cloudflared woodpecker; do
          echo "=== Applying stack: $stack ==="
          cd "stacks/$stack"
-          # Decrypt state
          ../../scripts/state-sync decrypt "$stack" || true
-          # Apply
          terragrunt apply --non-interactive -auto-approve -backup=-
-          # Encrypt state
          ../../scripts/state-sync encrypt "$stack" || true
          cd ../..
          echo "=== Done: $stack ==="