fix(cd): Remplacement workflow réutilisable par jobs CI inline

Forgejo ne supporte pas complètement les workflows réutilisables (uses:). Duplication job validation Terraform directement dans workflow CD pour éviter état bloquant.

.forgejo/workflows/deploy.yml

@@ -7,16 +7,71 @@ on:
   workflow_dispatch:  # Allow manual trigger
 
 jobs:
-  # Run CI first
+  # Run Terraform validation first
-  ci:
+  ci-terraform:
-    uses: ./.forgejo/workflows/ci.yml
+    name: Terraform Validation
-    secrets: inherit
+    runs-on: self-hosted
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup OpenTofu
+        run: |
+          if ! command -v tofu &> /dev/null; then
+            curl -fsSL https://get.opentofu.org/install-opentofu.sh | bash -s -- --install-method standalone --opentofu-version 1.10.7
+          fi
+
+      - name: Terraform Format Check
+        run: |
+          cd terraform
+          tofu fmt -check -recursive
+        continue-on-error: false
+
+      - name: Terraform Validate
+        run: |
+          for dir in terraform/pve*; do
+            if [ -d "$dir" ]; then
+              echo "--- Validating $dir ---"
+              (cd "$dir" && tofu init -backend=false && tofu validate)
+            fi
+          done
+
+      - name: Terraform Plan
+        run: |
+          for dir in terraform/pve*; do
+            if [ -d "$dir" ]; then
+              echo "--- Planning $dir ---"
+              (
+                cd "$dir" && \
+                tofu init && \
+                tofu plan || echo "WARNING: Plan failed for $(basename $dir) - node may be unavailable"
+              )
+            fi
+          done
+        env:
+          TF_VAR_proxmox_api_url: "https://192.168.100.10:8006/api2/json"
+          TF_VAR_proxmox_token_id: ${{ secrets.PROXMOX_TOKEN_ID }}
+          TF_VAR_proxmox_token_secret: ${{ secrets.PROXMOX_TOKEN_SECRET }}
+          TF_VAR_proxmox_tls_insecure: "true"
+          TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
+          TF_VAR_forgejo_token: ${{ secrets.GIT_TOKEN }}
+          TF_VAR_forgejo_repo_url: ${{ secrets.GIT_REPO_URL }}
+          TF_VAR_k3s_version: "v1.28.5+k3s1"
+          TF_VAR_ubuntu_template: "ubuntu-2404-cloudinit"
+          TF_VAR_storage_pool: "linstor_storage"
+          TF_VAR_snippets_storage: "local"
+          TF_VAR_k3s_network_bridge: "k3s"
+          TF_VAR_k3s_gateway: "10.100.20.1"
+          TF_VAR_k3s_dns: '["10.100.20.1", "1.1.1.1"]'
+          TF_VAR_k3s_server_1_config: '{ ip = "10.100.20.10/24", cores = 6, memory = 12288, disk_size = "100G" }'
+          TF_VAR_k3s_server_2_config: '{ ip = "10.100.20.20/24", cores = 6, memory = 12288, disk_size = "100G" }'
+          TF_VAR_etcd_witness_config: '{ ip = "10.100.20.30/24", cores = 2, memory = 2048, disk_size = "20G" }'
 
   # Deploy infrastructure in parallel
   deploy-pve1:
     name: Deploy on pve1
     runs-on: self-hosted
-    needs: ci
+    needs: ci-terraform
     continue-on-error: true
     steps:
       - name: Checkout code
@@ -45,7 +100,7 @@ jobs:
   deploy-pve2:
     name: Deploy on pve2
     runs-on: self-hosted
-    needs: ci
+    needs: ci-terraform
     continue-on-error: true
     steps:
       - name: Checkout code
@@ -74,7 +129,7 @@ jobs:
   deploy-pve3:
     name: Deploy on pve3
     runs-on: self-hosted
-    needs: ci
+    needs: ci-terraform
     continue-on-error: true
     steps:
       - name: Checkout code