Setting up a CI/CD pipeline for our CXone resources using the nice_cxone provider. The goal is simple: terraform plan on pull requests and terraform apply only on merge to main. We’re using GitHub Actions with a remote state backend (S3).
The problem is the state lock. When a PR opens, the workflow runs and acquires the lock. If another PR opens or the first one is updated, the second run fails with Error acquiring the state lock. The lock timeout is set to 20 minutes, but our plans take longer during peak dev hours.
Here’s the relevant part of the workflow:
name: Terraform Plan
on:
pull_request:
branches: [ main ]
jobs:
plan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
- run: terraform init
- run: terraform plan -out=tfplan
We’ve tried adding -lock=false but that’s a bad idea for shared state. Is there a way to use workspace-specific locks or pass a custom lock ID based on the PR number? Or should we be using a different state backend strategy for this workflow? The current setup is blocking our dev team from running concurrent plans.