Give every CI step explicit resource requests/limits and the default service
account (matching the pre-commit step), so the k8s woodpecker backend schedules
them with bounded resources.
- build/test/lint/package steps: 512Mi/1cpu requests, 2Gi/2cpu limits
- upload step: lighter 128Mi/100m requests, 512Mi/500m limits
Point the on-tag upload at artifactapi.k8s.syd1.au.unkin.net instead of the
unresolvable artifactapi3 name, matching the host used elsewhere (rpmbuilder,
terragrunt env).
Publish the provider so it can be consumed from terraform-vault: on a tag,
package the linux_amd64 build into a versioned zip and PUT it to the artifactapi
terraform registry, mirroring terraform-provider-artifactapi's release flow.
- Add .woodpecker/release.yml (event: tag) running make package + curl upload to
remotes/terraform-unkin/files/unkin/litellmvaultsecret/
Use the shorter, cleaner litellm_ resource prefix instead of
litellmvaultsecret_. The provider source stays git.unkin.net/unkin/
litellmvaultsecret; only the resource prefix (provider Metadata TypeName)
changes to litellm, declared under the local name litellm in
required_providers — the same pattern google-beta uses to ship google_*.
- Provider TypeName litellmvaultsecret -> litellm
- Resources: litellm_secret_backend, litellm_secret_backend_role
- Update examples (dirs + contents), README, and the e2e terraform config
Populate the repo with the Terraform/OpenTofu provider that manages the LiteLLM
dynamic secrets engine on Vault/OpenBao via the Vault API.
- Provider (VAULT_ADDR/VAULT_TOKEN) with resources litellmvaultsecret_secret_backend
(mount + config) and litellmvaultsecret_secret_backend_role (models, max_budget,
ttl/max_ttl in seconds, metadata)
- Unit tests against a mock Vault API
- End-to-end test: builds the sibling plugin, boots Vault + LiteLLM + Postgres,
and runs a real terraform apply/destroy asserting key generation works
- Makefile, woodpecker CI (build/test/pre-commit), examples, README