ci: drop use_lockfile — Backblaze B2 can't do native state locking

B2's S3 API returns 501 NotImplemented for the conditional PutObject that
use_lockfile relies on, so tofu plan/apply fails to acquire the lock.
Revert the lockfile and the 1.10 version bump it required; rely on the
concurrency guard to serialize applies instead. Left a note in the
backend block so this isn't re-attempted.
This commit is contained in:
Rasmus Wejlgaard 2026-06-02 19:37:21 +01:00
parent e69c96d25e
commit 063c733be0
3 changed files with 8 additions and 5 deletions

View file

@ -27,7 +27,7 @@ jobs:
- name: Install OpenTofu - name: Install OpenTofu
uses: opentofu/setup-opentofu@v2 uses: opentofu/setup-opentofu@v2
with: with:
tofu_version: 1.10.10 tofu_version: 1.9.0
- name: Install SOPS - name: Install SOPS
run: | run: |
@ -78,7 +78,7 @@ jobs:
- name: Install OpenTofu - name: Install OpenTofu
uses: opentofu/setup-opentofu@v2 uses: opentofu/setup-opentofu@v2
with: with:
tofu_version: 1.10.10 tofu_version: 1.9.0
- name: Install SOPS - name: Install SOPS
run: | run: |

View file

@ -23,7 +23,7 @@ jobs:
- name: Install OpenTofu - name: Install OpenTofu
uses: opentofu/setup-opentofu@v2 uses: opentofu/setup-opentofu@v2
with: with:
tofu_version: 1.10.10 tofu_version: 1.9.0
- name: Install SOPS - name: Install SOPS
run: | run: |

View file

@ -1,5 +1,5 @@
terraform { terraform {
required_version = ">= 1.10.0" required_version = ">= 1.6.0"
required_providers { required_providers {
hcloud = { hcloud = {
@ -24,7 +24,10 @@ terraform {
region = "eu-central-003" region = "eu-central-003"
skip_credentials_validation = true skip_credentials_validation = true
skip_region_validation = true skip_region_validation = true
use_lockfile = true # NOTE: no state locking Backblaze B2's S3 API doesn't implement the
# conditional PutObject that OpenTofu's use_lockfile needs (returns 501
# NotImplemented). Concurrent applies are instead prevented by the
# `concurrency` guard in .github/workflows/terraform.yml.
# Credentials read from AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY env vars # Credentials read from AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY env vars
} }
} }