From 9d2f12a8ef425e622538ebd50300872c7dda32f6 Mon Sep 17 00:00:00 2001
From: Sebastian Serfling <serfling@itdata-gera.de>
Date: Fri, 8 May 2026 14:31:30 +0200
Subject: [PATCH] fix: terraform refresh vor destroy + lifecycle rules

---
 .gitea/workflows/staging.yml | 13 +++++++++++++
 terraform/main.tf            |  5 +++++
 2 files changed, 18 insertions(+)

diff --git a/.gitea/workflows/staging.yml b/.gitea/workflows/staging.yml
index 44bb527..da74ff2 100644
--- a/.gitea/workflows/staging.yml
+++ b/.gitea/workflows/staging.yml
@@ -18,6 +18,19 @@ jobs:
         working-directory: terraform
         run: |
           terraform init
+
+          # State neu laden (falls alte VM in Proxmox existiert)
+          terraform refresh \
+            -var="proxmox_host=${{ secrets.PROXMOX_HOST }}" \
+            -var="proxmox_token_id=${{ secrets.PROXMOX_TOKEN_ID }}" \
+            -var="proxmox_token_secret=${{ secrets.PROXMOX_TOKEN_SECRET }}" \
+            -var="proxmox_node=${{ secrets.PROXMOX_NODE }}" \
+            -var="lxc_bridge=vmbr2" \
+            -var="staging_ip=${{ secrets.STAGING_IP }}" \
+            -var="staging_gw=${{ secrets.STAGING_GW }}" \
+            -var="ssh_public_key=${{ secrets.DEPLOY_SSH_PUBKEY }}" \
+            -var="ssh_private_key=${{ secrets.DEPLOY_SSH_KEY }}" || true
+
           # Alte Staging VM zerstören (falls existiert)
           terraform destroy -auto-approve \
             -var="proxmox_host=${{ secrets.PROXMOX_HOST }}" \
diff --git a/terraform/main.tf b/terraform/main.tf
index 6dc3d98..c4703f2 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -41,6 +41,11 @@ resource "proxmox_lxc" "staging" {
 
   ssh_public_keys = var.ssh_public_key
 
+  # Lifecycle: Erlaubt Destroy von geschützten Ressourcen
+  lifecycle {
+    create_before_destroy = false
+  }
+
   provisioner "remote-exec" {
     inline = [
       "apt-get update -qq",