Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: bump dependencies #27

Merged
merged 32 commits into from
Apr 29, 2024
Merged
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
85495d9
chore: bump dependencies
PiotrSierkin-Ki Mar 11, 2024
a7aef6a
chore: revert bump on checkov
PiotrSierkin-Ki Mar 11, 2024
fa3df83
fix: version format for conftest
PiotrSierkin-Ki Mar 11, 2024
bc99be5
chore: test new versions
PiotrSierkin-Ki Mar 11, 2024
14fdc35
chore: test
PiotrSierkin-Ki Mar 11, 2024
db05c90
chore: replace checkov test
PiotrSierkin-Ki Mar 12, 2024
109be1c
chore: bump tflint
PiotrSierkin-Ki Mar 12, 2024
5fe5fd4
chore: test with new image
PiotrSierkin-Ki Mar 12, 2024
0ddabec
chore: add root to install packages
PiotrSierkin-Ki Mar 12, 2024
7129246
chore: test
PiotrSierkin-Ki Mar 12, 2024
1af4159
chore: test
PiotrSierkin-Ki Mar 12, 2024
80f0124
chore: test
PiotrSierkin-Ki Mar 12, 2024
25aaf6a
chore: test
PiotrSierkin-Ki Mar 12, 2024
08254b5
chore test
PiotrSierkin-Ki Mar 12, 2024
2478801
chore: test
PiotrSierkin-Ki Mar 12, 2024
e28d8a4
chore: test
PiotrSierkin-Ki Mar 12, 2024
120ec47
chore: test
PiotrSierkin-Ki Mar 12, 2024
ef3d6f4
chore: test
PiotrSierkin-Ki Mar 12, 2024
5b5142e
chore: test
PiotrSierkin-Ki Mar 12, 2024
a3c17b2
chore: test
PiotrSierkin-Ki Mar 12, 2024
6204df6
chore: test
PiotrSierkin-Ki Mar 12, 2024
0c84047
chore: remove bash -l -c and commented text for asdf
PiotrSierkin-Ki Mar 12, 2024
c6632d5
chore: add bash -l -c
PiotrSierkin-Ki Mar 12, 2024
521e91f
chore: test checkov version
PiotrSierkin-Ki Mar 12, 2024
ca1aa3b
chore: add checkov with the latest version
PiotrSierkin-Ki Mar 12, 2024
c812893
chore: remove docker-entrypoint
PiotrSierkin-Ki Mar 12, 2024
5a0d371
remove builtin tf versions, clean build deps
moss2k13 Apr 18, 2024
255a0f0
use builtin terraform
moss2k13 Apr 18, 2024
19bb60d
use asdf based terraform
moss2k13 Apr 18, 2024
79e7f5f
replace bash with sh
moss2k13 Apr 26, 2024
fb1d9cb
enable asdf for nonlogin noninteractive use
moss2k13 Apr 26, 2024
66e2f21
glab: use newest not breaking version
moss2k13 Apr 29, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
153 changes: 77 additions & 76 deletions app/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,58 +1,43 @@
# syntax=docker/dockerfile:1
ARG ATLANTIS_BASE_VERSION=2023.03.30
# The runatlantis/atlantis-base is created by docker-base/Dockerfile.
FROM ghcr.io/runatlantis/atlantis-base:${ATLANTIS_BASE_VERSION} AS base

ARG ATLANTIS_VERSION=v0.27.2

FROM ghcr.io/runatlantis/atlantis:${ATLANTIS_VERSION} AS base

# Default tool versions installed in that image
ARG ATLANTIS_VERSION=v0.23.3
ARG ASDF_VERSION=v0.11.3
ARG K8S_VERSION=1.25.5
ARG HELM_VERSION=3.11.2
ARG TF_VERSION=1.4.2
ARG TG_VERSION=0.45.0
ARG TG_ATLANTIS_VERSION=1.16.0
ARG CONFTEST_VERSION=v0.35.0
ARG GLAB_VERSION=1.26.0
ARG GOJQ_VERSION=0.12.13
ARG YQ_VERSION=4.9.8
ARG AZURE_CLI_VERSION=2.46.0
ARG CHECKOV_VERSION=2.1.244
ARG INFRACOST_VERSION=v0.10.18
ARG TFLINT_VERSION=0.45.0
ARG TERRAFORM_DOCS_VERSION=0.16.0

RUN set -ex && \
apk update && \
apk add bash py3-pip curl && \
apk add --virtual=build gcc libffi-dev musl-dev openssl-dev python3-dev cargo make curl unzip aws-cli
ARG ASDF_VERSION=v0.14.0
ARG K8S_VERSION=1.30.0
ARG HELM_VERSION=3.14.4
ARG TF_VERSION=1.5.7
ARG TG_VERSION=0.55.13
ARG TG_ATLANTIS_VERSION=1.17.4
ARG CONFTEST_VERSION=0.50.0
ARG GLAB_VERSION=1.30.0
ARG GOJQ_VERSION=0.12.14
ARG YQ_VERSION=4.42.1
ARG AZURE_CLI_VERSION=2.58.0
ARG AWS_CLI_VERSION=2.13.25-r0
ARG CHECKOV_VERSION=3.2.74
ARG INFRACOST_VERSION=0.10.35
ARG TFLINT_VERSION=0.50.3
ARG TERRAFORM_DOCS_VERSION=0.17.0

USER root

###
### Install Checkov
###
RUN set -ex && \
pip install --upgrade pip && \
pip install --upgrade setuptools && \
pip install checkov==${CHECKOV_VERSION}

# Download and install Infracost
RUN curl -LOs https://github.com/infracost/infracost/releases/download/${INFRACOST_VERSION}/infracost-linux-amd64.tar.gz && \
tar xzf infracost-linux-amd64.tar.gz && \
mv infracost-linux-amd64 /usr/bin/infracost && \
chmod a+x /usr/bin/infracost && \
rm -rf infracost-linux-amd64*

###
### Ensure Azure cli version is present and validated
###
RUN set -eux \
&& pip install azure-cli==${AZURE_CLI_VERSION} \
&& az --version

# Download and install Atlantis
RUN curl -LOs https://github.com/runatlantis/atlantis/releases/download/${ATLANTIS_VERSION}/atlantis_linux_amd64.zip && \
unzip atlantis_linux_amd64.zip -d /usr/bin && \
chmod a+x /usr/bin/atlantis && \
rm atlantis_linux_amd64.zip
apk update && \
apk add py3-pip curl aws-cli=${AWS_CLI_VERSION} && \
apk add --virtual=build gcc libffi-dev musl-dev openssl-dev python3-dev cargo make unzip && \
pip install --upgrade pip --break-system-packages && \
pip install --upgrade setuptools --break-system-packages && \
###
### Ensure Azure cli version is present and validated
### with --break-system-packages due to https://peps.python.org/pep-0668/
pip install azure-cli==${AZURE_CLI_VERSION} --break-system-packages && \
az --version && \
### cleanup build dependencies
apk del build

# Download and install terragrunt-atlantis-config
RUN curl -LOs https://github.com/transcend-io/terragrunt-atlantis-config/releases/download/v${TG_ATLANTIS_VERSION}/terragrunt-atlantis-config_${TG_ATLANTIS_VERSION}_linux_amd64.tar.gz && \
@@ -61,16 +46,22 @@ RUN curl -LOs https://github.com/transcend-io/terragrunt-atlantis-config/release
chmod a+x /usr/bin/terragrunt-atlantis-config && \
rm -rf terragrunt-atlantis-config_${TG_ATLANTIS_VERSION}_linux_amd64*

# Download and install asdf, create .profile and source asdf inside
RUN gosu atlantis bash -l -c " \
git clone --quiet https://github.com/asdf-vm/asdf.git /home/atlantis/.asdf --branch ${ASDF_VERSION} && \
echo '. /home/atlantis/.asdf/asdf.sh' >> /home/atlantis/.profile && \
chown atlantis.atlantis /home/atlantis/.profile && \
chmod u+rw /home/atlantis/.profile"
# Download and install asdf
USER atlantis

RUN git clone --quiet https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch ${ASDF_VERSION}

ENV PATH=$PATH:/home/atlantis/.asdf/bin:/home/atlantis/.asdf/shims

# Create .profile and source asdf inside
# ASDF_DIR is not automatically detected for sh
RUN echo 'export ASDF_DIR=$HOME/.asdf' >> $HOME/.profile && \
echo '. $HOME/.asdf/asdf.sh' >> $HOME/.profile && \
chown $USER.root $HOME/.profile && \
chmod u+rw $HOME/.profile

# Install all needed plugins
RUN gosu atlantis bash -l -c " \
asdf plugin-add kubectl && \
RUN asdf plugin-add kubectl && \
asdf plugin-add helm && \
asdf plugin-add terragrunt && \
asdf plugin-add terraform && \
@@ -79,11 +70,12 @@ RUN gosu atlantis bash -l -c " \
asdf plugin-add gojq && \
asdf plugin-add tflint && \
asdf plugin-add terraform-docs && \
asdf plugin-add yq"
asdf plugin-add yq && \
asdf plugin-add checkov && \
asdf plugin-add infracost

# Install default versions and define them globally
RUN gosu atlantis bash -l -c " \
cd /home/atlantis/ && \
asdf install kubectl ${K8S_VERSION} && \
RUN asdf install kubectl ${K8S_VERSION} && \
asdf install helm ${HELM_VERSION} && \
asdf install terraform ${TF_VERSION} && \
asdf install terragrunt ${TG_VERSION} && \
@@ -93,6 +85,8 @@ RUN gosu atlantis bash -l -c " \
asdf install tflint ${TFLINT_VERSION} && \
asdf install terraform-docs ${TERRAFORM_DOCS_VERSION} && \
asdf install yq ${YQ_VERSION} && \
asdf install checkov ${CHECKOV_VERSION} && \
asdf install infracost ${INFRACOST_VERSION} && \
asdf global kubectl ${K8S_VERSION} && \
asdf global helm ${HELM_VERSION} && \
asdf global terraform ${TF_VERSION} && \
@@ -102,32 +96,39 @@ RUN gosu atlantis bash -l -c " \
asdf global gojq ${GOJQ_VERSION} && \
asdf global tflint ${TFLINT_VERSION} && \
asdf global terraform-docs ${TERRAFORM_DOCS_VERSION} && \
asdf global yq ${YQ_VERSION}"
asdf global yq ${YQ_VERSION} && \
asdf global checkov ${CHECKOV_VERSION} && \
asdf global infracost ${INFRACOST_VERSION}

# Additional cleanup for non default terraform versions, pip cache, tmp
RUN pip cache purge

USER root

RUN rm -f /usr/local/bin/terraform* && \
pip cache purge && \
rm -rf /tmp/*

# Additional cleanup
RUN rm -rf /tmp/*
# Add 'alias' `jq` to `gojq`
RUN echo -e '#!/bin/bash \nexec gojq "$@"' > /usr/local/bin/jq && chmod +x /usr/local/bin/jq
RUN echo -e '#!/bin/sh \nexec gojq "$@"' > /usr/local/bin/jq && chmod +x /usr/local/bin/jq

# Set atlantis login shell to bash
RUN sed -i s#atlantis:/sbin/nologin#atlantis:/bin/bash#g /etc/passwd
# Set atlantis login shell to sh
RUN sed -i s#atlantis:/sbin/nologin#atlantis:/bin/sh#g /etc/passwd

COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
COPY check-gitlab-approvals.sh /usr/local/bin/check-gitlab-approvals.sh
COPY pull-gitlab-variables.sh /usr/local/bin/pull-gitlab-variables.sh

RUN chmod a+x /usr/local/bin/docker-entrypoint.sh && \
chmod a+x /usr/local/bin/check-gitlab-approvals.sh && \
RUN chmod a+x /usr/local/bin/check-gitlab-approvals.sh && \
chmod a+x /usr/local/bin/pull-gitlab-variables.sh

USER atlantis
# Add GitHub and GitLab to known keys file for safe SSH connections
RUN mkdir -p /home/atlantis/.ssh && \
chmod 0700 /home/atlantis/.ssh && \
touch /home/atlantis/.ssh/known_hosts && \
chmod 0600 /home/atlantis/.ssh/known_hosts && \
ssh-keyscan -H github.com >> /home/atlantis/.ssh/known_hosts && \
ssh-keyscan -H gitlab.com >> /home/atlantis/.ssh/known_hosts
RUN mkdir -p $HOME/.ssh && \
chmod 0700 $HOME/.ssh && \
touch $HOME/.ssh/known_hosts && \
chmod 0600 $HOME/.ssh/known_hosts && \
ssh-keyscan -H github.com >> $HOME/.ssh/known_hosts && \
ssh-keyscan -H gitlab.com >> $HOME/.ssh/known_hosts

ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["server"]
46 changes: 0 additions & 46 deletions app/docker-entrypoint.sh

This file was deleted.

Loading