.terraform.lock.hcl 应该包含在 .gitignore 文件中吗?
Should .terraform.lock.hcl be included in the .gitignore file?
据我目前所知,没有理由 .terraform.lock.hcl 应该包含在 .gitignore 中。此文件没有任何内容是私人的,或者是否存在?
根据 Dependency Lock File 上的 Terraform 文档:
Terraform automatically creates or updates the dependency lock file
each time you run the terraform init command. You should include this
file in your version control repository so that you can discuss
potential changes to your external dependencies via code review, just
as you would discuss potential changes to your configuration itself.
理解为什么应该提交该文件的关键在于以下有关依赖项安装行为的部分:
When terraform init is working on installing all of the providers
needed for a configuration, Terraform considers both the version
constraints in the configuration and the version selections recorded
in the lock file.
If a particular provider has no existing recorded selection, Terraform
will select the newest available version that matches the given
version constraint, and then update the lock file to include that
selection.
If a particular provider already has a selection recorded in the lock
file, Terraform will always re-select that version for installation,
even if a newer version has become available. You can override that
behavior by adding the -upgrade option when you run terraform init, in
which case Terraform will disregard the existing selections and once
again select the newest available version matching the version
constraint.
本质上,这是为了让 Terraform 继续使用您添加时选择的提供程序版本。如果您不签入锁文件,您将始终自动升级到遵守代码约束的最新版本,这可能会导致意想不到的后果。
注意:您可以在执行初始化调用时通过传递 -upgrade 标志强制 Terraform 升级。
terraform init -upgrade
跨平台开发更新
来自 providers lock command 上的 Terraform 文档:
Specifying Target Platforms In your environment you may, for example,
have both developers who work with your Terraform configuration on
their Windows or macOS workstations and automated systems that apply
the configuration while running on Linux.
In that situation, you could choose to verify that all of your
providers support all of those platforms, and to pre-populate the lock
file with the necessary checksums, by running terraform providers lock
and specifying those three platforms:
terraform providers lock \
-platform=windows_amd64 \ # 64-bit Windows
-platform=darwin_amd64 \ # 64-bit macOS
-platform=linux_amd64 # 64-bit Linux Copy
(The above example uses Unix-style shell wrapping syntax for readability. If you are running
the command on Windows then you will need to put all of the arguments
on a single line, and remove the backslashes and comments.)
所以您仍然应该将锁定文件签入版本控制,但您应该确保锁定文件包含所有平台上提供程序的校验和。
我认为以上建议仅在您的源代码控制存储库由一组同质工程师 and/or 单个工程师使用时才有用。在大型异构组上,它将失败并出现以下错误:
│ Error: Failed to install provider
│
│ Error while installing hashicorp/null v3.1.1: the local package for registry.terraform.io/hashicorp/null 3.1.1 doesn't match any of the checksums previously recorded in the dependency lock file
│ (this might be because the available checksums are for packages targeting different platforms)
要解决该错误,请删除 .terraform.lock.hcl 文件和 re-initalise。它将为您自己的工作站重新生成文件。
我愿意承认我们做错了,但至少在我们的例子中,我们需要将它添加到 .gitignore,或者每次一个工程师提交时,所有工程师都使用不同的 OS 将收到此错误,必须再次 terraform init。
您还可以执行以下命令来建立您环境中存在的平台:
terraform providers lock -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64
据我目前所知,没有理由 .terraform.lock.hcl 应该包含在 .gitignore 中。此文件没有任何内容是私人的,或者是否存在?
根据 Dependency Lock File 上的 Terraform 文档:
Terraform automatically creates or updates the dependency lock file each time you run the terraform init command. You should include this file in your version control repository so that you can discuss potential changes to your external dependencies via code review, just as you would discuss potential changes to your configuration itself.
理解为什么应该提交该文件的关键在于以下有关依赖项安装行为的部分:
When terraform init is working on installing all of the providers needed for a configuration, Terraform considers both the version constraints in the configuration and the version selections recorded in the lock file.
If a particular provider has no existing recorded selection, Terraform will select the newest available version that matches the given version constraint, and then update the lock file to include that selection.
If a particular provider already has a selection recorded in the lock file, Terraform will always re-select that version for installation, even if a newer version has become available. You can override that behavior by adding the -upgrade option when you run terraform init, in which case Terraform will disregard the existing selections and once again select the newest available version matching the version constraint.
本质上,这是为了让 Terraform 继续使用您添加时选择的提供程序版本。如果您不签入锁文件,您将始终自动升级到遵守代码约束的最新版本,这可能会导致意想不到的后果。
注意:您可以在执行初始化调用时通过传递 -upgrade 标志强制 Terraform 升级。
terraform init -upgrade
跨平台开发更新
来自 providers lock command 上的 Terraform 文档:
Specifying Target Platforms In your environment you may, for example, have both developers who work with your Terraform configuration on their Windows or macOS workstations and automated systems that apply the configuration while running on Linux.
In that situation, you could choose to verify that all of your providers support all of those platforms, and to pre-populate the lock file with the necessary checksums, by running terraform providers lock and specifying those three platforms:
terraform providers lock \
-platform=windows_amd64 \ # 64-bit Windows
-platform=darwin_amd64 \ # 64-bit macOS
-platform=linux_amd64 # 64-bit Linux Copy
(The above example uses Unix-style shell wrapping syntax for readability. If you are running the command on Windows then you will need to put all of the arguments on a single line, and remove the backslashes and comments.)
所以您仍然应该将锁定文件签入版本控制,但您应该确保锁定文件包含所有平台上提供程序的校验和。
我认为以上建议仅在您的源代码控制存储库由一组同质工程师 and/or 单个工程师使用时才有用。在大型异构组上,它将失败并出现以下错误:
│ Error: Failed to install provider
│
│ Error while installing hashicorp/null v3.1.1: the local package for registry.terraform.io/hashicorp/null 3.1.1 doesn't match any of the checksums previously recorded in the dependency lock file
│ (this might be because the available checksums are for packages targeting different platforms)
要解决该错误,请删除 .terraform.lock.hcl 文件和 re-initalise。它将为您自己的工作站重新生成文件。
我愿意承认我们做错了,但至少在我们的例子中,我们需要将它添加到 .gitignore,或者每次一个工程师提交时,所有工程师都使用不同的 OS 将收到此错误,必须再次 terraform init。
您还可以执行以下命令来建立您环境中存在的平台:
terraform providers lock -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64