Hey everyone,
Trying to get a proper CI/CD pipeline going for our Genesys Cloud infrastructure. We’re using the genesyscloud Terraform provider and want to run terraform plan automatically whenever a PR is opened, then terraform apply on merge.
The tricky part is the state locking. We’re storing state in an S3 backend with DynamoDB for locking. When the plan job runs in GitHub Actions, it acquires the lock. If I have another job running in parallel or if the plan takes a bit long, the subsequent apply job fails because the lock isn’t released quickly enough or the jobs are stepping on each other’s toes.
Here’s the relevant snippet from my github-actions.yml:
plan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
- run: terraform init
- run: terraform plan -out=tfplan
apply:
needs: plan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
- run: terraform init
- run: terraform apply -auto-approve tfplan
The error I’m seeing in the logs is:
Error acquiring the state lock. Lock Info: ID: abc-123, Path: gen-cc-state/terraform.tfstate
I tried adding a terraform force-unlock step, but that feels hacky and risky. Is there a better pattern for handling this? Should I be using a workspace per branch or just sticking to a single state file?
Also, the apply step seems to fail if the tfplan file from the plan step isn’t passed correctly via artifacts. I’m uploading it as an artifact, but when the apply job downloads it, terraform apply tfplan complains about the plan file being out of sync with the current state.
Anyone got a clean setup for this? Feeling like I’m fighting the tool more than using it. Just want to merge a PR and have the changes live without manual intervention or locking headaches.
Thanks for any pointers. Using Terraform v1.5.5 and provider v1.4.0.