From ea78c4e96c4718377bbecac88e6216dd7f4ae789 Mon Sep 17 00:00:00 2001
From: Hubert Cornet <hcornet@noreply@tips-of-mine.fr>
Date: Wed, 5 Nov 2025 14:59:53 +0100
Subject: [PATCH] Update .gitea/workflows/validate.yml

---
 .gitea/workflows/validate.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/validate.yml b/.gitea/workflows/validate.yml
index a4513ed..46c6570 100644
--- a/.gitea/workflows/validate.yml
+++ b/.gitea/workflows/validate.yml
@@ -39,17 +39,18 @@ jobs:
 
       - name: Terraform Validate
         id: validate
-        run: terraform validate
+        run: terraform validate -var="vault_token=${{ secrets.VAULT_TOKEN }}"
 
       - name: Terraform Plan
         id: plan
-        run: terraform plan -var="cloudflare_api_token=${{ secrets.CLOUDFLARE_API_TOKEN }}" -var="vault_token=${{ secrets.VAULT_TOKEN }}"
+        run: terraform plan -var="vault_token=${{ secrets.VAULT_TOKEN }}"
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         
       - name: Terraform Apply
-        run: terraform apply -var="cloudflare_api_token=${{ secrets.CLOUDFLARE_API_TOKEN }}" -var="vault_token=${{ secrets.VAULT_TOKEN }}" --auto-approve --input=false
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform apply -var="vault_token=${{ secrets.VAULT_TOKEN }}" --auto-approve --input=false
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}