We use Amazon s3 to store state lock files, and also store .terraform.lock.hcl in repository with code. Our kubernetes builds on Jenkins can fail if the lock file references darwin_amd64 providers; is there a way to build the lock file on M1 Mac so it includes both architectures?
Terraform’s default behavior is to save all of the checksums that were signed by the provider maintainer when publishing a release, and those checksums are sufficient when installing packages directly from the origin registry that can therefore also provide the archives that match those checksums.
Things are trickier if you are using customized provider installation settings, such as installing from a local mirror or local cache directory. In that case, Terraform must rely more on locally-calculated checksums because a mirror or cache cannot provide authoritative signed checksums.
If you have configured things so that the origin registry is not the installation source then you can ask Terraform to locally calculate additional checksums using the
terraform providers lock subcommand:
terraform providers lock -platform=linux_amd64 -platform=darwin_arm64
This command will download the packages from their origin registry, locally calculate additional checksums based on those packages, and then save all of the checksums together (the author’s signed ones plus the locally-calculated ones) in the dependency lock file.