Our use case
In our system anybody can start a pipeline and approve a deployment. A deployment to production can be manually approved after a series of robust tests and build phases across multiple branches.
We have a continuous deployment system running in Bitbucket Pipelines, and the last step is performed by Terraform. Terraform provisions our infrastructure as it is defined in code across our repositories, and programmatically makes changes to our infrastructure if there are any differences in configuration.
Terraform, along with many other deployment systems, can only operate one instance/session per environment at a time. This is facilitated by a remote locking mechanism which is read/written to by all deployers and pipelines.
If a Bitbucket Pipelines pipeline step is "stopped", it does not gracefully shut-down. Ordinarily Terraform will be gracefully stopped (for example if Ctrl+C is hit in terminal) and the remote lock is released.
With Bitbucket Pipelines, anybody can force immediate termination of the pipeline script which results in our infrastructure half-updated and the state remains locked.
This problem is not limited to Terraform, it applies to any deployment system which relies on a locking mechanism. Below are my suggestions for resolving this problem:
If anybody else is experiencing a similar issue, has a workaround, or otherwise has any feedback, then please contribute to this discussion :)
Hi everyone, We are looking to learn more about development teams’ workflows and pain points, especially around DevOps, integrations, administration, scale, security, and the related challeng...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events