Skip to content

Commit

Permalink
Merge pull request #6221 from ministryofjustice/update-runbooks
Browse files Browse the repository at this point in the history
Update runbooks
  • Loading branch information
FolarinOyenuga authored Oct 3, 2024
2 parents c2d6e99 + 18f5618 commit 4015d62
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion runbooks/source/add-a-new-runbook.html.md.erb
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Add a new runbook
weight: 9999
last_reviewed_on: 2024-04-03
last_reviewed_on: 2024-10-03
review_in: 6 months
---

Expand Down
14 changes: 7 additions & 7 deletions runbooks/source/working-with-tflock.html.md.erb
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
---
title: Working with .terraform.lock.hcl files
weight: 60
last_reviewed_on: 2024-04-03
last_reviewed_on: 2024-10-03
review_in: 6 months
---

# What is `.terraform.lock.hcl`?

In the [cloud-platform-infrastructure repo](https://github.com/ministryofjustice/cloud-platform-infrastructure) each layer has a `.terraform.lock.hcl` file [for example](https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/main/terraform/aws-accounts/cloud-platform-aws/vpc/eks/.terraform.lock.hcl).
In the [cloud-platform-infrastructure repo](https://github.com/ministryofjustice/cloud-platform-infrastructure), each layer has a `.terraform.lock.hcl` file, [for example](https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/main/terraform/aws-accounts/cloud-platform-aws/vpc/eks/.terraform.lock.hcl).

**The lock file is concerned with pinning provider versions**. Terraform providers manage resources by communicating between Terraform and the target APIs eg. the kubectl provider allows terraform to take hcl code and run kubectl commands.

The lock file ensures that every user is using the same providers. This is important because different providers can deploy resources differently, resulting in inconsistent applies each machine.
The lock file ensures that every user is using the same providers. This is important because different providers can deploy resources differently, resulting in inconsistent applies on each machine.

Everytime you run the `terraform init` command terraform _creates or updates_ the `.terraform.lock.hcl` file.
Everytime you run the `terraform init` command, terraform _creates or updates_ the `.terraform.lock.hcl` file.

There are 2 aspects to pinning providers:

Expand All @@ -22,16 +22,16 @@ There are 2 aspects to pinning providers:

## <%= current_page.data.title %>

Due to the architecture difference between our mac m* chips and the pipeline every time a user runs a `terraform init` it will make changes to the `.terraform.lock.hcl` file. This diff is sometimes misleading.
Due to the architecture difference between our mac m* chips and the pipeline, every time a user runs a `terraform init`, it will make changes to the `.terraform.lock.hcl` file. This diff is sometimes misleading.

### Rules

- Do not commit the lock file if you have not changed any provider versions
- If you make changes to _any_ provider versions then you should use the command below to add a platform compatible lock file
- If you make changes to _any_ provider versions, then you should use the command below to add a platform-compatible lock file

### Commiting changes to the lock file

Because the team is mainly on mac m* chips we are generally running a different architecture (arm64) to the terraform that will run in the pipeline (amd64). Therefore if we want to commit a compatible lock file you must run before adding it to git:
Because the team is mainly on mac m* chips, we are generally running a different architecture (arm64) to the terraform that will run in the pipeline (amd64). Therefore if you want to commit a compatible lock file, you must run the following before adding it to git:

```
terraform providers lock -platform=linux_amd64
Expand Down

0 comments on commit 4015d62

Please sign in to comment.