diff --git a/runbooks/source/add-a-new-runbook.html.md.erb b/runbooks/source/add-a-new-runbook.html.md.erb index 2ad8e59e..ea7fd937 100644 --- a/runbooks/source/add-a-new-runbook.html.md.erb +++ b/runbooks/source/add-a-new-runbook.html.md.erb @@ -1,7 +1,7 @@ --- title: Add a new runbook weight: 9999 -last_reviewed_on: 2024-04-03 +last_reviewed_on: 2024-10-03 review_in: 6 months --- diff --git a/runbooks/source/working-with-tflock.html.md.erb b/runbooks/source/working-with-tflock.html.md.erb index eabd106a..2d473d3d 100644 --- a/runbooks/source/working-with-tflock.html.md.erb +++ b/runbooks/source/working-with-tflock.html.md.erb @@ -1,19 +1,19 @@ --- title: Working with .terraform.lock.hcl files weight: 60 -last_reviewed_on: 2024-04-03 +last_reviewed_on: 2024-10-03 review_in: 6 months --- # What is `.terraform.lock.hcl`? -In the [cloud-platform-infrastructure repo](https://github.com/ministryofjustice/cloud-platform-infrastructure) each layer has a `.terraform.lock.hcl` file [for example](https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/main/terraform/aws-accounts/cloud-platform-aws/vpc/eks/.terraform.lock.hcl). +In the [cloud-platform-infrastructure repo](https://github.com/ministryofjustice/cloud-platform-infrastructure), each layer has a `.terraform.lock.hcl` file, [for example](https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/main/terraform/aws-accounts/cloud-platform-aws/vpc/eks/.terraform.lock.hcl). **The lock file is concerned with pinning provider versions**. Terraform providers manage resources by communicating between Terraform and the target APIs eg. the kubectl provider allows terraform to take hcl code and run kubectl commands. -The lock file ensures that every user is using the same providers. This is important because different providers can deploy resources differently, resulting in inconsistent applies each machine. +The lock file ensures that every user is using the same providers. This is important because different providers can deploy resources differently, resulting in inconsistent applies on each machine. -Everytime you run the `terraform init` command terraform _creates or updates_ the `.terraform.lock.hcl` file. +Everytime you run the `terraform init` command, terraform _creates or updates_ the `.terraform.lock.hcl` file. There are 2 aspects to pinning providers: @@ -22,16 +22,16 @@ There are 2 aspects to pinning providers: ## <%= current_page.data.title %> -Due to the architecture difference between our mac m* chips and the pipeline every time a user runs a `terraform init` it will make changes to the `.terraform.lock.hcl` file. This diff is sometimes misleading. +Due to the architecture difference between our mac m* chips and the pipeline, every time a user runs a `terraform init`, it will make changes to the `.terraform.lock.hcl` file. This diff is sometimes misleading. ### Rules - Do not commit the lock file if you have not changed any provider versions -- If you make changes to _any_ provider versions then you should use the command below to add a platform compatible lock file +- If you make changes to _any_ provider versions, then you should use the command below to add a platform-compatible lock file ### Commiting changes to the lock file -Because the team is mainly on mac m* chips we are generally running a different architecture (arm64) to the terraform that will run in the pipeline (amd64). Therefore if we want to commit a compatible lock file you must run before adding it to git: +Because the team is mainly on mac m* chips, we are generally running a different architecture (arm64) to the terraform that will run in the pipeline (amd64). Therefore if you want to commit a compatible lock file, you must run the following before adding it to git: ``` terraform providers lock -platform=linux_amd64