My pipeline runs terraform plan on pull requests but fails with “Error acquiring the state lock.” I’ve tried adding -lock=false to the command arguments in the GitHub Actions workflow, but it still complains about the remote backend. Here is the relevant step:
- name: Terraform Plan
run: terraform plan -lock=false -out=tfplan
Is there a specific backend configuration I’m missing for read-only access during the plan phase?
You probably aren’t configuring the backend correctly for the plan step. The -lock=false flag works for local state, but if you’re using S3 or similar remote backends, Terraform still tries to acquire the lock unless you explicitly disable it in the backend config or use specific flags. Also, check if another job is running apply or plan in the same workspace.
Here is how I handle it in my Azure DevOps pipelines, which should translate to GitHub Actions easily:
- name: Terraform Plan
run: |
terraform init -backend-config="lock=false"
terraform plan -lock=false -out=tfplan
If you are using a custom backend, ensure your backend block in main.tf allows for this. Sometimes the issue is just concurrent jobs. Check your workspace lock status in the UI or via API:
GET /api/v2/integration/granularpermissions
Wait, that’s permissions. For locks, you’d check the backend logs. If it’s S3, check DynamoDB table for stale locks.