-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add dockerfiles and workflows to publish them
- Loading branch information
1 parent
8a7997d
commit 0d8ee88
Showing
6 changed files
with
177 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: Build and publish packer | ||
on: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- 'Dockerfile.packer' | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Project checkout | ||
uses: actions/checkout@v4 | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Login to DockerHub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKER_HUB_USER }} | ||
password: ${{ secrets.DOCKER_HUB_PASSWORD }} | ||
- name: Build and push | ||
uses: docker/build-push-action@v6 | ||
with: | ||
platforms: linux/amd64 | ||
push: true | ||
file: Dockerfile.packer | ||
tags: | | ||
${{ github.repository }}-packer:latest | ||
${{ github.repository }}-packer:${{ github.sha }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: Build and publish terraform | ||
on: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- 'Dockerfile.terraform' | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Project checkout | ||
uses: actions/checkout@v4 | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Login to DockerHub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKER_HUB_USER }} | ||
password: ${{ secrets.DOCKER_HUB_PASSWORD }} | ||
- name: Build and push | ||
uses: docker/build-push-action@v6 | ||
with: | ||
platforms: linux/amd64,linux/arm64 | ||
push: true | ||
file: Dockerfile.terraform | ||
tags: | | ||
${{ github.repository }}:latest | ||
${{ github.repository }}:${{ github.sha }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
certs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
FROM ubuntu:20.04 | ||
|
||
RUN apt-get update && \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install -y openvpn \ | ||
wget \ | ||
unzip \ | ||
curl \ | ||
sshpass \ | ||
openssh-client \ | ||
python3-pip \ | ||
git \ | ||
apt-transport-https \ | ||
software-properties-common | ||
|
||
# https://learn.microsoft.com/en-us/powershell/scripting/install/install-ubuntu?view=powershell-7.4 | ||
RUN wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb && \ | ||
dpkg -i packages-microsoft-prod.deb && \ | ||
rm packages-microsoft-prod.deb && \ | ||
apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y powershell | ||
|
||
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash | ||
|
||
# https://developer.hashicorp.com/packer/install#linux | ||
RUN curl -fsSL -o packer.zip https://releases.hashicorp.com/packer/1.10.2/packer_1.10.2_linux_amd64.zip && \ | ||
unzip -q packer.zip && rm packer.zip && \ | ||
install -m 0755 packer /usr/bin/packer | ||
|
||
WORKDIR /app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
FROM docker:latest | ||
|
||
RUN apk add --no-cache bash vim openvpn wget unzip curl sshpass openssh-client python3 py3-pip git github-cli jq groff mandoc | ||
|
||
# https://stackoverflow.com/a/77334728/3899136 | ||
RUN echo "[global]" >> /etc/pip.conf && echo "break-system-packages = true" >> /etc/pip.conf | ||
RUN pip3 install awscli | ||
|
||
# Latest Terraform version | ||
ARG TERRAFORM_VERSION=1.9.4 | ||
RUN ARCH=$(uname -m) && \ | ||
if [ "$ARCH" = "x86_64" ]; then \ | ||
TERRAFORM_ARCH="amd64"; \ | ||
elif [ "$ARCH" = "aarch64" ]; then \ | ||
TERRAFORM_ARCH="arm64"; \ | ||
else \ | ||
echo "Unsupported architecture: $ARCH"; exit 1; \ | ||
fi && \ | ||
wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${TERRAFORM_ARCH}.zip && \ | ||
unzip terraform_${TERRAFORM_VERSION}_linux_${TERRAFORM_ARCH}.zip -d /usr/local/bin/ && \ | ||
rm terraform_${TERRAFORM_VERSION}_linux_${TERRAFORM_ARCH}.zip | ||
|
||
# Azure CLI | ||
# https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=script | ||
# https://github.com/Azure/azure-cli/issues/24872 | ||
RUN apk add --no-cache -q --virtual=build gcc musl-dev python3-dev libffi-dev openssl-dev cargo make \ | ||
&& pip install --no-cache-dir azure-cli -q \ | ||
&& apk del --purge build | ||
|
||
# Install kubelogin | ||
RUN az aks install-cli | ||
|
||
# Terrascan is a static code analyzer for Infrastructure as Code. | ||
# https://github.com/tenable/terrascan/tree/3bf466ddffb5993290a09730450addc3e6f036da?tab=readme-ov-file#quick-start | ||
RUN curl -L "$(curl -s https://api.github.com/repos/tenable/terrascan/releases/latest | grep -o -E "https://.+?_Linux_x86_64.tar.gz")" > terrascan.tar.gz && \ | ||
tar -xf terrascan.tar.gz terrascan && rm terrascan.tar.gz && \ | ||
install terrascan /usr/local/bin && rm terrascan | ||
|
||
# tfsec uses static analysis of your terraform code to spot potential misconfigurations | ||
RUN ARCH=$(uname -m) && \ | ||
if [ "$ARCH" = "x86_64" ]; then \ | ||
curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | sed 's/ --quiet//g' | bash; \ | ||
else \ | ||
echo "tfsec installation skipped for architecture: $ARCH"; \ | ||
fi | ||
|
||
RUN apk add --no-cache postgresql-client | ||
|
||
WORKDIR /app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
services: | ||
docker: | ||
image: docker:latest | ||
privileged: true | ||
network_mode: host | ||
ports: | ||
- "2375-2376" | ||
volumes: | ||
- ./certs:/certs | ||
development: | ||
build: | ||
context: . | ||
dockerfile: Dockerfile.terraform | ||
privileged: true | ||
network_mode: host | ||
extra_hosts: | ||
- "docker:127.0.0.1" | ||
depends_on: | ||
docker: | ||
condition: service_started | ||
volumes: | ||
- ./:/app | ||
- ./certs:/certs | ||
environment: | ||
# Variables required to connect to the Docker daemon | ||
- DOCKER_HOST=tcp://docker:2376 | ||
- DOCKER_TLS_VERIFY=1 | ||
- DOCKER_CERT_PATH=/certs/client | ||
packer: | ||
build: | ||
context: . | ||
dockerfile: Dockerfile.packer | ||
network_mode: host | ||
volumes: | ||
- ./:/app |