fix(ci): pin aws tfstate region for s3 backend

2026-06-26 18:07:52 +08:00 · 2026-06-26 18:07:52 +08:00 · 3b270f4959
commit 3b270f4959
parent 8f8e925706
1 changed files with 2 additions and 5 deletions
--- a/.github/workflows/deploy-ai-workspace-iac.yaml
+++ b/.github/workflows/deploy-ai-workspace-iac.yaml
@ -153,7 +153,6 @@ jobs:
          TF_STATE_BUCKET: ${{ steps.vault.outputs.TF_STATE_BUCKET }}
          TF_STATE_ACCESS_KEY: ${{ steps.vault.outputs.TF_STATE_ACCESS_KEY }}
          TF_STATE_SECRET_KEY: ${{ steps.vault.outputs.TF_STATE_SECRET_KEY }}
-          TF_STATE_REGION: ${{ steps.vault.outputs.TF_STATE_REGION }}
        run: |
          set -euo pipefail
          # 校验 REQUIRED 机密非空（不打印任何值，仅判空）。
@ -163,7 +162,7 @@ jobs:
            echo "::error::缺少必需机密 VULTR_API_KEY (Vault: ${VAULT_KV}/VULTR_API_KEY)"
            missing=1
          fi
-          for k in TF_STATE_ENDPOINT TF_STATE_BUCKET TF_STATE_ACCESS_KEY TF_STATE_SECRET_KEY TF_STATE_REGION; do
+          for k in TF_STATE_ENDPOINT TF_STATE_BUCKET TF_STATE_ACCESS_KEY TF_STATE_SECRET_KEY; do
            if [ -z "$(eval echo \"\${$k:-}\")" ]; then
              echo "::error::缺少必需机密 $k (Vault: ${VAULT_KV}/$k) —— 远端 S3 state 后端为强制要求"
              missing=1
@ -200,7 +199,6 @@ jobs:
        working-directory: ${{ env.ENV_DIR }}
        env:
          TF_STATE_ENDPOINT: ${{ steps.vault.outputs.TF_STATE_ENDPOINT }}
-          TF_STATE_REGION: ${{ steps.vault.outputs.TF_STATE_REGION }}
        run: python3 $GITHUB_WORKSPACE/${{ env.VPS_ROOT }}/scripts/render_backend_tf.py backend.tf

      - name: generate.py render (YAML -> 显式 HCL + tfvars)
@ -214,7 +212,6 @@ jobs:
          AWS_SECRET_ACCESS_KEY: ${{ steps.vault.outputs.TF_STATE_SECRET_KEY }}
          TF_STATE_ENDPOINT: ${{ steps.vault.outputs.TF_STATE_ENDPOINT }}
          TF_STATE_BUCKET: ${{ steps.vault.outputs.TF_STATE_BUCKET }}
-          TF_STATE_REGION: ${{ steps.vault.outputs.TF_STATE_REGION }}
        run: |
          set -euo pipefail
          # 远端 S3 兼容 state 后端强制启用（backend.tf 已由上一步渲染）；
@ -226,7 +223,7 @@ jobs:
          terraform init -input=false \
            -backend-config="bucket=${TF_STATE_BUCKET}" \
            -backend-config="key=ai-workspace/terraform.tfstate" \
-            -backend-config="region=${TF_STATE_REGION}"
+            -backend-config="region=us-east-1"

      - name: Terraform ${{ github.event.inputs.terraform_action || 'apply' }}
        working-directory: ${{ env.ENV_DIR }}