Fix locking issue + validation improvement + bumps #11
Conversation
lechuk47
commented
Jan 15, 2025
lechuk47
commented
- Bump cdktf version
- Remove unused requirements.txt file
- Do not lock resources on plan runs
- Run validate_plan with Destroy action
| @@ -44,7 +44,7 @@ $TERRAFORM_CMD init | |||
|
|
|||
| if [[ $ACTION == "Apply" ]]; then | |||
| if [[ $DRY_RUN == "True" ]]; then | |||
| cdktf plan --skip-synth --output "$ER_OUTDIR" | |||
| $TERRAFORM_CMD plan -out=plan --lock=false | |||
There was a problem hiding this comment.
plan can write to state, we should use -refresh=false during plan to ensure no concurrent write, no sure if --lock=false still needed when no write, maybe need to add a terraform refresh part to detect drift separately.
There was a problem hiding this comment.
Are you sure a plan can write the state? Is that documented anywhere?
In my understanding, refresh-false won't get the current configuration from AWS, hence the plan shown to users won't be reliable.
There was a problem hiding this comment.
it used to write, because plan includes refresh by default, it seems 0.14+ version changed that to in memory, check https://discuss.hashicorp.com/t/why-does-a-plan-lock-the-state-file/3520 and https://developer.hashicorp.com/terraform/tutorials/state/refresh. Need to confirm with the version we are running by creating a drift then run terraform plan, see if remote state updated.
