Description
When multiple docker-devcontainer workspaces are running, deleting one of them will trigger the following issue:
Terraform 1.9.8
coder_agent.main: Plan to delete
docker_volume.workspaces: Plan to delete
docker_image.devcontainer_builder_image: Plan to delete
coder_agent.main: Destroying... [id=d87332f6-93ab-420d-bf3d-5818bc0fc18c]
coder_agent.main: Destruction complete after 0s
docker_volume.workspaces: Destroying... [id=coder-aee29e12-d241-40e5-a075-f617b500a947]
docker_image.devcontainer_builder_image: Destroying... [id=sha256:0043aade3996c429a302de5f79050c63bf2a56a7286c5aef2cd65387bc870db5ghcr.io/coder/envbuilder:latest]
docker_image.devcontainer_builder_image: Destruction errored after 1s
docker_volume.workspaces: Destruction complete after 3s
Error: Unable to remove Docker image: Error response from daemon: conflict: unable to remove repository reference "ghcr.io/coder/envbuilder:latest" (must force) - container 7e439682639e is using its referenced image 0043aade3996
This is due to the fact that deleting a workspace will try to delete all of its resources, except the envbuilder image is shared between all the workspaces of that same template, which will make any workspace deletion fail.
Possible workaround
This could be fixed by adding the lifecycle.prevent_destroy attribute to the docker_image resource:
resource "docker_image" "devcontainer_builder_image" {
name = local.devcontainer_builder_image
+ lifecycle {
+ prevent_destroy = true
+ }
}But then you'll run into this issue when deleting the workspace:
Error: Instance cannot be destroyed
on main.tf line 156:
156: resource "docker_image" "devcontainer_builder_image" {
Resource docker_image.devcontainer_builder_image has lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To avoid this error and continue with the plan, either disable lifecycle.prevent_destroy or reduce the scope of the plan using the -target option.