fix(ci): 改用 Jinja2 渲染 backend.tf + 更新 force_path_style → use_path_style

- 将 Configure remote backend 步骤从 shell heredoc 改为 Python Jinja2 渲染，避免 shell 引号/转义问题，与 generate.py 保持一致的渲染风格 - force_path_style 已在 Terraform 1.9 废弃，改为 use_path_style Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-25 11:37:25 +08:00 · 2026-06-25 11:37:25 +08:00 · 4a6057d58b
commit 4a6057d58b
parent b4c051e6c0
1 changed files with 21 additions and 14 deletions
--- a/.github/workflows/deploy-ai-workspace-iac.yaml
+++ b/.github/workflows/deploy-ai-workspace-iac.yaml
@ -186,20 +186,27 @@ jobs:
        run: |
          set -euo pipefail
          # endpoints 块只能在 HCL 里配置，无法通过 -backend-config flag 传递。
-          # 用非引号 heredoc 将 endpoint URL 直接写入 backend.tf。
-          cat > backend.tf <<EOF
-          terraform {
+          # 用 Jinja2 渲染 backend.tf，避免 shell heredoc 的引号/转义问题。
+          python3 - <<'PYEOF'
+import os, jinja2
+tmpl = jinja2.Template("""\
+terraform {
  backend "s3" {
-              endpoints = { s3 = "${TF_STATE_ENDPOINT}" }
+    endpoints                   = { s3 = "{{ endpoint }}" }
    skip_credentials_validation = true
    skip_region_validation      = true
    skip_requesting_account_id  = true
    skip_metadata_api_check     = true
    skip_s3_checksum            = true
-              force_path_style            = true
+    use_path_style              = true
  }
-          }
-          EOF
+}
+""")
+out = tmpl.render(endpoint=os.environ["TF_STATE_ENDPOINT"])
+with open("backend.tf", "w") as f:
+    f.write(out)
+print("backend.tf rendered, endpoint=" + os.environ["TF_STATE_ENDPOINT"][:30] + "...")
+PYEOF

      - name: generate.py render (YAML -> 显式 HCL + tfvars)
        working-directory: ${{ env.VPS_ROOT }}