Merge pull request #56 from appvia/s3-statelock

feat: version bumps, switch to s3 state locking instead of dynamodb

Author: KashifSaadat

.github/workflows/terraform-destroy.yml

@@ -145,7 +145,7 @@ on:
         type: string
 
       terraform-version:
-        default: "1.7.1"
+        default: "1.11.2"
         description: "The version of terraform to use"
         required: false
         type: string
@@ -249,7 +249,7 @@ jobs:
           -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" \
           -backend-config="key=${{ steps.state-key.outputs.name }}" \
           -backend-config="encrypt=true" \
-          -backend-config="dynamodb_table=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tflock" \
+          -backend-config="use_lockfile=true" \
           -backend-config="region=${{ inputs.aws-region }}" \
           ${{ inputs.terraform-init-extra-args }}
       - name: Terraform Validate
@@ -377,7 +377,7 @@ jobs:
           -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" \
           -backend-config="key=${{ steps.state-key.outputs.name }}" \
           -backend-config="encrypt=true" \
-          -backend-config="dynamodb_table=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tflock" \
+          -backend-config="use_lockfile=true" \
           -backend-config="region=${{ inputs.aws-region }}" \
           ${{ inputs.terraform-init-extra-args }}
       - name: Download tfplan

.github/workflows/terraform-drift.yml

@@ -79,7 +79,7 @@ on:
         type: string
 
       terraform-version:
-        default: "1.7.1"
+        default: "1.11.2"
         description: "The version of terraform to use"
         required: false
         type: string
@@ -161,7 +161,13 @@ jobs:
           fi
       - name: Terraform Init
         id: init
-        run: terraform -chdir=${{ inputs.terraform-dir }} init -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" -backend-config="key=${{ steps.state-key.outputs.name }}" -backend-config="encrypt=true" -backend-config="dynamodb_table=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tflock" -backend-config="region=${{ inputs.aws-region }}"
+        run: |
+          terraform -chdir=${{ inputs.terraform-dir }} init \
+          -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" \
+          -backend-config="key=${{ steps.state-key.outputs.name }}" \
+          -backend-config="encrypt=true" \
+          -backend-config="use_lockfile=true" \
+          -backend-config="region=${{ inputs.aws-region }}"
       - name: Terraform Validate
         id: validate
         run: terraform -chdir=${{ inputs.terraform-dir }} validate -no-color

.github/workflows/terraform-module-validation.yml

@@ -75,7 +75,7 @@ on:
         type: string
 
       terraform-version:
-        default: "1.9.0"
+        default: "1.11.2"
         description: "The version of terraform to use"
         required: false
         type: string

.github/workflows/terraform-plan-and-apply-aws.yml

@@ -179,13 +179,13 @@ on:
         type: number
 
       terraform-version:
-        default: "1.9.0"
+        default: "1.11.2"
         description: "The version of terraform to use"
         required: false
         type: string
 
       trivy-version:
-        default: "v0.56.2"
+        default: "v0.60.0"
         description: "The version of trivy to use"
         required: false
         type: string
@@ -452,7 +452,13 @@ jobs:
           git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
       - name: Terraform Init
         id: init
-        run: terraform -chdir=${{ inputs.terraform-dir }} init -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" -backend-config="key=${{ steps.state-key.outputs.name }}" -backend-config="encrypt=true" -backend-config="dynamodb_table=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tflock" -backend-config="region=${{ inputs.aws-region }}"
+        run: |
+          terraform -chdir=${{ inputs.terraform-dir }} init \
+          -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" \
+          -backend-config="key=${{ steps.state-key.outputs.name }}" \
+          -backend-config="encrypt=true" \
+          -backend-config="use_lockfile=true" \
+          -backend-config="region=${{ inputs.aws-region }}"
       - name: Terraform Validate
         id: validate
         run: terraform -chdir=${{ inputs.terraform-dir }} validate -no-color
@@ -805,7 +811,13 @@ jobs:
           git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
       - name: Terraform Init
         id: init
-        run: terraform -chdir=${{ inputs.terraform-dir }} init -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" -backend-config="key=${{ steps.state-key.outputs.name }}" -backend-config="encrypt=true" -backend-config="dynamodb_table=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tflock" -backend-config="region=${{ inputs.aws-region }}"
+        run: |
+          terraform -chdir=${{ inputs.terraform-dir }} init \
+          -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" \
+          -backend-config="key=${{ steps.state-key.outputs.name }}" \
+          -backend-config="encrypt=true" \
+          -backend-config="use_lockfile=true" \
+          -backend-config="region=${{ inputs.aws-region }}"
       - name: Download tfplan
         uses: actions/download-artifact@v4
         with:

docs/terraform-drift.md

@@ -55,7 +55,7 @@ OPTIONAL INPUTS:
 - `terraform-lock-timeout` - Default: "30s"
 - `terraform-state-key` - Default: <repo-name>.tfstate
 - `terraform-values-file` - Default: <environment>.tfvars
-- `terraform-version` - Default: "1.7.1"
+- `terraform-version` - Default: "1.11.2"
 - `working-directory` - Default: "."
 
 **Note:** This template may change over time, so it is recommended that you point to a tagged version rather than the main branch.