github mattrobinsonsre/terrapod v0.23.3
on GitHub

3 hours ago

Fix release. The headline bug shipped silently in earlier v0.23.x and could cause terraform apply tfplan to refuse with a recorded-plan mismatch when a newer matching provider version was published between plan and apply.

Bug Fixes

  • Carry .terraform.lock.hcl from plan to apply (#306). A run is two separate K8s Jobs, each with its own clean working directory. Today each Job runs its own terraform init, resolving the version constraint independently — so if a newer matching provider version is published between plan and apply, the apply phase pins a different version than the plan was made with, and apply tfplan errors out. Fix:
    • Plan-phase: upload .terraform.lock.hcl to the new /api/terrapod/v1/runs/{id}/artifacts/lock-file endpoint after a successful init
    • Apply-phase: download the plan-phase lock file before init so both phases use the same versions
    • The runner stops deleting any .terraform.lock.hcl the user committed
    • Forward / backward compatible: lock-file IO is best-effort, so a new runner against an old API (or vice versa) just falls back to today's behaviour rather than failing
  • Binary cache: swallow the unique-constraint race when two runners miss together. Two runners hitting an empty cache at the same instant both fetched the same binary, both wrote it to object storage (idempotent), and both tried to INSERT the cached_binaries row — the loser hit uq_cached_binaries and the API surfaced it to the runner as a 502. Now the loser falls through to serving from the row the winner just inserted, same pattern state-version uploads already use for the dup-serial race.

Local Dev

  • Postgres in the Tilt stack now mounts a PVC + Recreate strategy. Previously the DB lived in the container's writable layer, so any pod recreation (e.g. a tilt down/tilt up cycle, an image rebuild that bumped the spec) wiped the entire DB. Verified by killing the pod and confirming seeded rows survived.
  • Drop the SSO/auth0 OIDC config from values-local.yaml. The local tenant is no longer valid; local username/password is the supported login path for Tilt.

Status

Beta — no API contract changes. Drop-in upgrade from v0.23.x.

Full Changelog: v0.23.2...v0.23.3

Check out latest releases or
releases around mattrobinsonsre/terrapod v0.23.3

Don't miss a new terrapod release

NewReleases is sending notifications on new releases.

Get notifications