https://www.runatlantis.io/ logo
Join Slack
Powered by
This message was deleted.
# atlantis-community
s
This message was deleted.
a
side question: is it possible to override the Terraform CLI version globally from the server side? I want to revert our CLI revert from using 1.4 at least for now. I know we can set the default CLI version on server side but it is lower precedence than the 
required_version
config in the folder. I know I can set the 
terraform_version
in 
atlantis.yaml
but that is only per project. There are no way AFAIK that we can override TF version centrally.
p
you can pass a tf env var to keep the old behaviour
nop I'm lying
a
yeah I found 
TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE
and set that in Helm. That fixed the issue but I had to 
rm -rf /atlantis-data/plugin-cache
first before it works properly again.
đź‘Ť 2
p
a
With this new breaking change from Terraform CLI, is it currently recommended to commit the Terraform lock file to git? I think I read somewhere before that I shouldn’t commit it when using Atlantis but I might’ve remembered wrong.
w
Hashicorp recommends it strongly
I don’t do it (I’m the one who made the request for them to add a method to configure the new config option via env var). There have been a lot of contentious threads about Hashicorp not supporting not using a lockfile, as well as some of the deficiencies with the current lockfile implementation.
They made it very clear in the discussions around that workaround for 1.4 that this workaround may not be continued / followed in future Terraform versions.
Terraform automatically creates or updates the dependency lock file each time you run the terraform init command. You should include this file in your version control repository so that you can discuss potential changes to your external dependencies via code review
https://developer.hashicorp.com/terraform/language/files/dependency-lock We don’t use it, because we pin almost all of our providers / modules to exact versions, and because we use Renovate to update our dependencies (it still doesn’t manage the lockfile as well as you might like). That said, I have never heard of any Atlantis specific reason that you shouldn’t check in the lockfile; you probably should check it in unless you have a good reason not to.
đź‘Ť 2
@Aiman Ismail you can set the default Terraform version as you mentioned, though Atlantis will still try to get another version if it’s requested in the version constraints
Copy code
ATLANTIS_DEFAULT_TF_VERSION: "1.3.9"
But if you have 
required_version: 1.4
in the config, that will always be a problem; presumably you could resolve that by reverting the code change that updated the required version, unless I’m misunderstanding your question?
a
I think I’ve misunderstood the 
required_version
config before. We have it set in all our repos to 
>= 1.0
which is the reason why it always updates to the latest one. This also made it hard for us to globally override it. Will be removing 
required_version
from all our Terraform files in the future unless only when we need to specifically use a Terraform version for that folder.
w
I think it is a good practice, if not required. for sure tools like 
tflint
will complain if you don’t have it set. I would suggest setting it, but just setting it either to an exact version, or to a range that makes sense for you
like you could do 
~> 1.3.0
or something. We use Renovate to manage all the deps, and just pin to exact version for both provider / module versions, and the terraform required versions, but it does create some extra noise / work to do it that way.
11 Views
Open in Slack
PreviousNext
Powered by