We’re trying to lock down our deployment process for Genesys Cloud resources using the Terraform provider. The plan is to run terraform plan in the CI step on pull requests to catch drift early, then only run terraform apply when the PR merges into main. We’ve got the basic pipeline working, but state locking is causing headaches. We’re using remote state in S3 with DynamoDB for locking, but sometimes the plan fails because a previous apply hasn’t fully released the lock. The error is pretty generic about lock acquisition. I’ve tried adding a sleep before the plan, which feels hacky. Here’s the relevant GitHub Actions snippet:
plan:
run: |
terraform init
terraform plan -out=tfplan
Is there a better way to handle the state lock contention? We don’t want to skip locking entirely since that’s risky. The team is mostly using the CLI in the container. I’m wondering if we should be using workspaces or some other mechanism to isolate the plan state from the apply state. The current setup just feels fragile.