From bb75d8af539d81ecc2b045aa8bfb455e97f7228c Mon Sep 17 00:00:00 2001
From: jaskaransarkaria <jaskaran.sarkaria@digital.justice.gov.uk>
Date: Wed, 3 Apr 2024 08:43:03 +0100
Subject: [PATCH 1/2] =?UTF-8?q?docs:=20=E2=9C=8F=EF=B8=8F=20add=20tf=20loc?=
 =?UTF-8?q?k=20runbook?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 runbooks/source/add-a-new-runbook.html.md.erb |  4 +-
 .../source/working-with-tflock.html.md.erb    | 44 +++++++++++++++++++
 2 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 runbooks/source/working-with-tflock.html.md.erb

diff --git a/runbooks/source/add-a-new-runbook.html.md.erb b/runbooks/source/add-a-new-runbook.html.md.erb
index 428f7f63..2ad8e59e 100644
--- a/runbooks/source/add-a-new-runbook.html.md.erb
+++ b/runbooks/source/add-a-new-runbook.html.md.erb
@@ -1,7 +1,7 @@
 ---
 title: Add a new runbook
 weight: 9999
-last_reviewed_on: 2023-11-20
+last_reviewed_on: 2024-04-03
 review_in: 6 months
 ---
 
@@ -23,7 +23,7 @@ To add a new runbook, you will create a file in the `runbooks/source` directory
 title: Add a new runbook
 weight: 9999
 last_reviewed_on: 2020-04-21
-review_in: 3 months
+review_in: 6 months
 ---
 ```
 
diff --git a/runbooks/source/working-with-tflock.html.md.erb b/runbooks/source/working-with-tflock.html.md.erb
new file mode 100644
index 00000000..4238ea46
--- /dev/null
+++ b/runbooks/source/working-with-tflock.html.md.erb
@@ -0,0 +1,44 @@
+---
+title: Working with .terraform.lock.hcl files
+weight: 60
+last_reviewed_on: 2024-04-03
+review_in: 6 months
+---
+
+# What is `.terraform.lock.hcl`?
+
+In the [cloud-platform-infrastructure repo](https://github.com/ministryofjustice/cloud-platform-infrastructure) each layer has a `.terraform.lock.hcl` file [for example](https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/main/terraform/aws-accounts/cloud-platform-aws/vpc/eks/.terraform.lock.hcl).
+
+**The lock file is concerned with pinning provider versions**. Terraform providers manage resources by communicating between Terraform and the target APIs eg. the kubectl provider allows terraform to take hcl code and run kubectl commands.
+
+The lock file ensures that every user is using the same providers. This is important because different providers can deploy resources differently, resulting in inconsistent applies each machine.
+
+Everytime you run the `terraform init` command terraform _creates or updates_ the `.terraform.lock.hcl` file.
+
+There are 2 aspects to pinning providers:
+
+1. terraform that specifies version constraints [for example](https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/main/terraform/aws-accounts/cloud-platform-aws/vpc/eks/versions.tf)
+2. the `.terraform.lock.hcl` dependency lock file which contains the specific hashes for the version to be used
+
+## <%= current_page.data.title %>
+
+Due to the architecture difference between our mac m* chips and the pipeline every time a user runs a `terraform init` it will make changes to the `.terraform.lock.hcl` file. This diff is sometimes misleading.
+
+### Rules
+
+- Do not commit the lock file if you have not changed any provider versions
+- If you make changes to _any_ provider versions then you should use the command below to add a platform compatible lock file
+
+### Commiting changes to the lock file
+
+Because the team is mainly on mac m* chips we are generally running a different architecture (arm64) to the terraform that will run in the pipeline (amd64). Therefore if we want to commit a compatible lock file you must run before adding it to git:
+
+```
+terraform providers lock -platform=amd64
+```
+
+#### Further reading
+
+- [terraform lock docs](https://developer.hashicorp.com/terraform/language/files/dependency-lock)
+- [terraform lock tutorial](https://developer.hashicorp.com/terraform/tutorials/configuration-language/provider-versioning?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
+

From 662288184542ed52d40166204c73094269f1ae25 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 3 Apr 2024 08:23:21 +0000
Subject: [PATCH 2/2] Commit changes made by code formatters

---
 runbooks/source/working-with-tflock.html.md.erb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/runbooks/source/working-with-tflock.html.md.erb b/runbooks/source/working-with-tflock.html.md.erb
index 4238ea46..eea5984e 100644
--- a/runbooks/source/working-with-tflock.html.md.erb
+++ b/runbooks/source/working-with-tflock.html.md.erb
@@ -41,4 +41,3 @@ terraform providers lock -platform=amd64
 
 - [terraform lock docs](https://developer.hashicorp.com/terraform/language/files/dependency-lock)
 - [terraform lock tutorial](https://developer.hashicorp.com/terraform/tutorials/configuration-language/provider-versioning?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
-