fix: dynamodb terraform lock table (#101)

Author: soerenmartius

.github/workflows/deploy.yml

@@ -65,22 +65,22 @@ jobs:
         if: steps.list.outputs.stdout
         id: init
         run: |
-          terramate run --changed -- terraform init
+          terramate run -C stacks --changed -- terraform init
 
       - name: Create Terraform plan on changed stacks
         if: steps.list.outputs.stdout
         id: plan
-        run: terramate run --changed -- terraform plan -lock-timeout=5m -out out.tfplan
+        run: terramate run -C stacks --changed -- terraform plan -lock-timeout=5m -out out.tfplan
 
       - name: Apply planned changes on changed stacks
         id: apply
         if: steps.list.outputs.stdout
-        run: terramate run --changed --cloud-sync-deployment --cloud-sync-terraform-plan-file=out.tfplan -- terraform apply -input=false -auto-approve -lock-timeout=5m out.tfplan
+        run: terramate run -C stacks --changed --cloud-sync-deployment --cloud-sync-terraform-plan-file=out.tfplan -- terraform apply -input=false -auto-approve -lock-timeout=5m out.tfplan
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
       - name: Run drift detection
         if: steps.list.outputs.stdout && ! cancelled() && steps.apply.outcome != 'skipped'
-        run: terramate run --changed --cloud-sync-drift-status --cloud-sync-terraform-plan-file=drift.tfplan -- terraform plan -out drift.tfplan -detailed-exitcode
+        run: terramate run -C stacks --changed --cloud-sync-drift-status --cloud-sync-terraform-plan-file=drift.tfplan -- terraform plan -out drift.tfplan -detailed-exitcode
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/drift-detection.yml

@@ -56,10 +56,10 @@ jobs:
 
       - name: Run Terraform init on all stacks
         id: init
-        run: terramate run -- terraform init
+        run: terramate run -C stacks -- terraform init
 
       - name: Run drift detection
         id: drift
-        run: terramate run --cloud-sync-drift-status --cloud-sync-terraform-plan-file=drift.tfplan --continue-on-error -- terraform plan -out drift.tfplan -detailed-exitcode -lock=false
+        run: terramate run -C stacks --cloud-sync-drift-status --cloud-sync-terraform-plan-file=drift.tfplan --continue-on-error -- terraform plan -out drift.tfplan -detailed-exitcode -lock=false
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/preview.yml

@@ -87,16 +87,16 @@ jobs:
 
       - name: Initialize Terraform in changed stacks
         if: steps.list.outputs.stdout
-        run: terramate run --parallel 1 --changed -- terraform init -lock-timeout=5m
+        run: terramate run -C stacks --parallel 1 --changed -- terraform init -lock-timeout=5m
 
       - name: Validate Terraform configuration in changed stacks
         if: steps.list.outputs.stdout
-        run: terramate run --parallel 5  --changed -- terraform validate
+        run: terramate run -C stacks --parallel 5  --changed -- terraform validate
 
       - name: Plan Terraform changes in changed stacks
         if: steps.list.outputs.stdout
         run: |
-          terramate run --parallel 5 --changed --cloud-sync-preview --cloud-sync-terraform-plan-file=out.tfplan --debug-preview-url preview_url.txt --continue-on-error -- terraform plan -out out.tfplan -detailed-exitcode -lock=false
+          terramate run -C stacks --parallel 5 --changed --cloud-sync-preview --cloud-sync-terraform-plan-file=out.tfplan --debug-preview-url preview_url.txt --continue-on-error -- terraform plan -out out.tfplan -detailed-exitcode -lock=false
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
@@ -119,7 +119,7 @@ jobs:
           echo >>pr-comment.txt "#### Terraform Plan"
           echo >>pr-comment.txt
           echo >>pr-comment.txt '```terraform'
-          terramate run --changed -- terraform show -no-color out.tfplan |& dd bs=1024 count=248 >>pr-comment.txt
+          terramate run -C stacks --changed -- terraform show -no-color out.tfplan |& dd bs=1024 count=248 >>pr-comment.txt
           [ "${PIPESTATUS[0]}" == "141" ] && sed -i 's/#### Terraform Plan/#### :warning: Terraform Plan truncated: please check console output :warning:/' pr-comment.txt
           echo >>pr-comment.txt '```'
           cat pr-comment.txt >>$GITHUB_STEP_SUMMARY

_bootstrap/oidc-aws-github/stack.tm.hcl

@@ -2,6 +2,5 @@ stack {
   name        = "oidc-aws-github"
   description = "Configure GitHub Actions as an IAM OIDC identity provider in AWS."
   id          = "7d22b8e6-0e02-4815-995b-1cd34c826c95"
-
-  tags = ["no-backend"]
+  tags        = ["no-backend"]
 }

_bootstrap/terraform-state-bucket/_main.tf

@@ -28,7 +28,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "state-bucket" {
 }
 resource "aws_dynamodb_table" "terraform-lock" {
   hash_key      = "LockID"
-  name          = "terraform_state"
+  name          = "terraform-lock"
   read_capacity = 5
   tags = {
     "Name" = "DynamoDB Terraform State Lock Table"

_bootstrap/terraform-state-bucket/config.tm.hcl

@@ -35,7 +35,7 @@ generate_hcl "_main.tf" {
     }
 
     resource "aws_dynamodb_table" "terraform-lock" {
-      name           = "terraform_state"
+      name           = tm_try(global.terraform.backend.dyanmodb_table, "terraform_state")
       read_capacity  = 5
       write_capacity = 5
       hash_key       = "LockID"

config.tm.hcl

@@ -3,8 +3,9 @@ globals "terraform" {
 }
 
 globals "terraform" "backend" {
-  bucket = "terramate-example-terraform-state-backend"
-  region = "us-east-1"
+  bucket         = "terramate-example-terraform-state-backend"
+  dyanmodb_table = "terraform-lock"
+  region         = "us-east-1"
 }
 
 globals "aws" "oidc" {

imports/backend.tm.hcl

@@ -8,7 +8,7 @@ generate_hcl "_backend.tf" {
         bucket         = global.terraform.backend.bucket
         key            = "terraform/stacks/by-id/${terramate.stack.id}/terraform.tfstate"
         encrypt        = true
-        dynamodb_table = tm_try(global.terraform.backend.dynamo_table, "terraform-lock")
+        dynamodb_table = tm_try(global.terraform.backend.dyanmodb_table, "terraform-lock")
       }
     }
   }

terramate.tm.hcl

@@ -1,9 +1,7 @@
 terramate {
   config {
-    experiments = [
-      "scripts", # Enable Terramate Scripts
-    ]
 
+    # Configure the namespace of your Terramate Cloud organization
     cloud {
       organization = "terramate-demo"
     }
@@ -14,18 +12,24 @@ terramate {
 
       # Optionally disable git safe guards
       # Learn more: https://terramate.io/docs/cli/orchestration/safeguards
-      check_remote      = false
-      check_untracked   = false
-      check_uncommitted = false
+      # check_remote      = false
+      # check_untracked   = false
+      # check_uncommitted = false
     }
 
     run {
       env {
         TF_PLUGIN_CACHE_DIR = "${terramate.root.path.fs.absolute}/.tf_plugin_cache_dir"
       }
+
       # Optionally disable code generation safe guard
       # Learn more: https://terramate.io/docs/cli/orchestration/safeguards
       # check_gen_code = true
     }
+
+    # Enable Terramate Scripts
+    experiments = [
+      "scripts",
+    ]
   }
 }