Woodpecker CI: use built-in clone, fix CoreDNS DNS resolution [CI SKIP]

- Switch from custom clone override to woodpeckerci/plugin-git built-in clone (handles auth automatically via netrc from GitHub OAuth token) - Add 8.8.8.8 and 1.1.1.1 as CoreDNS upstream resolvers alongside pfSense (fixes intermittent DNS timeouts causing clone failures) - Fix missing comma after heredoc in audit-policy.tf (syntax error)
2026-02-23 00:08:42 +00:00 · 2026-02-23 00:08:42 +00:00 · ebecaaee5c
commit ebecaaee5c
parent ddb293b2b7
5 changed files with 21 additions and 13 deletions
--- a/stacks/platform/modules/rbac/audit-policy.tf
+++ b/stacks/platform/modules/rbac/audit-policy.tf
@ -120,6 +120,7 @@ with open(path, 'w') as f:
 print('Audit config applied (idempotent)')
 "
      SCRIPT
+      ,

      # Wait for API server to restart
      "echo 'Waiting for API server to restart with audit logging...'",
@ -130,7 +131,7 @@ print('Audit config applied (idempotent)')

  triggers = {
    policy_version = "v1" # Bump to force re-apply of manifest flags
-    policy_hash    = sha256(yamlencode({
+    policy_hash = sha256(yamlencode({
      apiVersion = "audit.k8s.io/v1"
      kind       = "Policy"
      rules = [
--- a/stacks/platform/modules/technitium/main.tf
+++ b/stacks/platform/modules/technitium/main.tf
@ -50,9 +50,7 @@ resource "kubernetes_config_map" "coredns" {
              ttl 30
          }
          prometheus :9153
-          #forward . 1.1.1.1
-          forward . 10.0.20.1
-          #forward . /etc/resolv.conf
+          forward . 8.8.8.8 1.1.1.1 10.0.20.1
          cache {
            success 10000 300 6
            denial 10000 300 60