From 063c733be0b1573ea53e09b9aa39e5e0cb514fa2 Mon Sep 17 00:00:00 2001 From: Rasmus Wejlgaard Date: Tue, 2 Jun 2026 19:37:21 +0100 Subject: [PATCH] =?UTF-8?q?ci:=20drop=20use=5Flockfile=20=E2=80=94=20Backb?= =?UTF-8?q?laze=20B2=20can't=20do=20native=20state=20locking?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit B2's S3 API returns 501 NotImplemented for the conditional PutObject that use_lockfile relies on, so tofu plan/apply fails to acquire the lock. Revert the lockfile and the 1.10 version bump it required; rely on the concurrency guard to serialize applies instead. Left a note in the backend block so this isn't re-attempted. --- .github/workflows/terraform.yml | 4 ++-- .github/workflows/validate-terraform.yml | 2 +- terraform/providers.tf | 7 +++++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 8b2168c..1e3071f 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -27,7 +27,7 @@ jobs: - name: Install OpenTofu uses: opentofu/setup-opentofu@v2 with: - tofu_version: 1.10.10 + tofu_version: 1.9.0 - name: Install SOPS run: | @@ -78,7 +78,7 @@ jobs: - name: Install OpenTofu uses: opentofu/setup-opentofu@v2 with: - tofu_version: 1.10.10 + tofu_version: 1.9.0 - name: Install SOPS run: | diff --git a/.github/workflows/validate-terraform.yml b/.github/workflows/validate-terraform.yml index a99f3fa..ac00e40 100644 --- a/.github/workflows/validate-terraform.yml +++ b/.github/workflows/validate-terraform.yml @@ -23,7 +23,7 @@ jobs: - name: Install OpenTofu uses: opentofu/setup-opentofu@v2 with: - tofu_version: 1.10.10 + tofu_version: 1.9.0 - name: Install SOPS run: | diff --git a/terraform/providers.tf b/terraform/providers.tf index 516865f..3260ffe 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.10.0" + required_version = ">= 1.6.0" required_providers { hcloud = { @@ -24,7 +24,10 @@ terraform { region = "eu-central-003" skip_credentials_validation = true skip_region_validation = true - use_lockfile = true + # NOTE: no state locking — Backblaze B2's S3 API doesn't implement the + # conditional PutObject that OpenTofu's use_lockfile needs (returns 501 + # NotImplemented). Concurrent applies are instead prevented by the + # `concurrency` guard in .github/workflows/terraform.yml. # Credentials read from AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY env vars } }