forked from devops-infra/docker-terragrunt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
181 lines (168 loc) · 6.16 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
FROM alpine:3.13
# Install prerequisits
SHELL ["/bin/sh", "-euxo", "pipefail", "-c"]
# hadolint ignore=DL3018
RUN apk update --no-cache ;\
apk add --no-cache \
bash \
bc \
ca-certificates \
curl \
docker \
git \
jq \
make \
ncurses \
openssh \
openssl \
python3 \
py3-pip \
unzip \
zip ;\
apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing hub
# Python packages
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
# hadolint ignore=DL3013
RUN pip3 install --no-cache-dir \
cloudflare \
PyGithub \
python-hcl2 \
requests \
slack_sdk
# Get Terraform by a specific version or search for the latest one
ARG TF_VERSION=latest
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
RUN if [ "${TF_VERSION}" = "latest" ]; then \
VERSION="$( curl -LsS https://releases.hashicorp.com/terraform/ \
| grep -Eo '/[.0-9]+/' | grep -Eo '[.0-9]+' \
| sort -V | tail -1 )" ;\
else \
VERSION="${TF_VERSION}" ;\
fi ;\
curl -LsS \
https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip \
-o ./terraform.zip ;\
unzip ./terraform.zip ;\
rm -f ./terraform.zip ;\
chmod +x ./terraform ;\
mv ./terraform /usr/bin/terraform
# Get Terragrunt by a specific version or search for the latest one
ARG TG_VERSION=latest
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
RUN if [ "${TG_VERSION}" = "latest" ]; then \
VERSION="$( curl -LsS https://api.github.com/repos/gruntwork-io/terragrunt/releases/latest \
| jq -r .name | sed 's|v||' )" ;\
else \
VERSION="v${TG_VERSION}" ;\
fi ;\
curl -LsS \
https://github.com/gruntwork-io/terragrunt/releases/download/${VERSION}/terragrunt_linux_amd64 \
-o /usr/bin/terragrunt ;\
chmod +x /usr/bin/terragrunt
# Get latest TFLint
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
RUN curl -LsS "$( curl -LsS https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip" )" \
-o tflint.zip ;\
unzip tflint.zip ;\
rm -f tflint.zip ;\
chmod +x tflint ;\
mv tflint /usr/bin/tflint
# Get latest hcledit
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
# hadolint ignore=SC2046
RUN curl -LsS "$( curl -LsS https://api.github.com/repos/minamijoyo/hcledit/releases/latest | grep -o -E "https://.+?_linux_amd64.tar.gz" )" \
-o hcledit.tar.gz ;\
tar -xf hcledit.tar.gz ;\
rm -f hcledit.tar.gz ;\
chmod +x hcledit ;\
chown $(id -u):$(id -g) hcledit ;\
mv hcledit /usr/bin/hcledit
# Get latest sops
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
RUN curl -LsS "$( curl -LsS https://api.github.com/repos/mozilla/sops/releases/latest | grep -o -E "https://.+?\.linux" )" \
-o /usr/bin/sops ;\
chmod +x /usr/bin/sops
# Cloud CLIs
ARG AWS=no
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
# hadolint ignore=DL3013
RUN if [ "${AWS}" = "yes" ]; then \
pip3 install --no-cache-dir awscli boto3 ;\
fi
ARG GCP=no
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
# hadolint ignore=DL3018,SC1091
RUN if [ "${GCP}" = "yes" ]; then \
apk --no-cache add \
py3-crcmod \
py3-openssl \
libc6-compat \
gnupg ;\
curl https://sdk.cloud.google.com > /tmp/install.sh ;\
bash /tmp/install.sh --disable-prompts --install-dir=/ ;\
echo ". /google-cloud-sdk/completion.bash.inc" >> /root/.profile ;\
echo ". /google-cloud-sdk/path.bash.inc" >> /root/.profile ;\
source /root/.profile ;\
gcloud config set core/disable_usage_reporting true ;\
gcloud config set component_manager/disable_update_check true ;\
gcloud config set metrics/environment github_docker_image ;\
git config --system credential.'https://source.developers.google.com'.helper gcloud.sh ;\
rm -f /tmp/install.sh ;\
fi
ARG AZURE=no
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
# hadolint ignore=DL3013,DL3018
RUN if [ "${AZURE}" = "yes" ]; then \
apk add --no-cache --virtual .build-deps gcc python3-dev libffi-dev musl-dev openssl-dev ;\
pip install --no-cache-dir azure-cli ;\
apk del .build-deps; \
fi
# Scripts, configs and cleanup
COPY fmt/format-hcl fmt/fmt.sh fmt/terragrunt-fmt.sh show-versions.sh /usr/bin/
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
RUN chmod +x \
/usr/bin/format-hcl \
/usr/bin/fmt.sh \
/usr/bin/terragrunt-fmt.sh \
/usr/bin/show-versions.sh ;\
# Cleanup
rm -rf /var/cache/* ;\
rm -rf /root/.cache/* ;\
rm -rf /tmp/*
# Labels for http://label-schema.org/rc1/#build-time-labels
# And for https://github.com/opencontainers/image-spec/blob/master/annotations.md
# And for https://help.github.com/en/actions/building-actions/metadata-syntax-for-github-actions
ARG NAME="IaaC dockerized framework for Terraform/Terragrunt"
ARG DESCRIPTION="Docker image with Terraform v${TF_VERSION}, Terragrunt v${TG_VERSION} and all needed components to easily manage cloud infrastructure."
ARG REPO_URL="https://github.com/devops-infra/docker-terragrunt"
ARG AUTHOR="Krzysztof Szyper <[email protected]>"
ARG HOMEPAGE="https://christophshyper.github.io/"
ARG BUILD_DATE=2020-04-01T00:00:00Z
ARG VCS_REF=abcdef1
ARG VERSION="tf-${TF_VERSION}-tg-${TG_VERSION}"
LABEL \
org.label-schema.build-date="${BUILD_DATE}" \
org.label-schema.name="${NAME}" \
org.label-schema.description="${DESCRIPTION}" \
org.label-schema.usage="README.md" \
org.label-schema.url="${HOMEPAGE}" \
org.label-schema.vcs-url="${REPO_URL}" \
org.label-schema.vcs-ref="${VCS_REF}" \
org.label-schema.vendor="${AUTHOR}" \
org.label-schema.version="${VERSION}" \
org.label-schema.schema-version="1.0" \
org.opencontainers.image.created="${BUILD_DATE}" \
org.opencontainers.image.authors="${AUTHOR}" \
org.opencontainers.image.url="${HOMEPAGE}" \
org.opencontainers.image.documentation="${REPO_URL}/blob/master/README.md" \
org.opencontainers.image.source="${REPO_URL}" \
org.opencontainers.image.version="${VERSION}" \
org.opencontainers.image.revision="${VCS_REF}" \
org.opencontainers.image.vendor="${AUTHOR}" \
org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.title="${NAME}" \
org.opencontainers.image.description="${DESCRIPTION}" \
maintainer="${AUTHOR}" \
repository="${REPO_URL}"
WORKDIR /data
CMD ["show-versions.sh"]