Created
April 8, 2020 18:58
-
-
Save AlainODea/2b93bfe592a4305b09025c7baed124fb to your computer and use it in GitHub Desktop.
Circle CI multi-version Terraform Dockerfile with Gruntwork tools (you need a Gruntwork subscription to use them)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The CircleCi builds will run in the Docker image built from this Dockerfile. To build a new image: | |
# | |
# 1. docker build -t <ACCOUNT_ID>.dkr.ecr.ca-central-1.amazonaws.com/circle-ci-build:<VERSION> --build-arg GITHUB_OAUTH_TOKEN=<YOUR_TOKEN> . | |
# 2. eval "$(aws ecr get-login --region ca-central-1 --no-include-email)" | |
# 3. docker push <ACCOUNT_ID>.dkr.ecr.ca-central-1.amazonaws.com/circle-ci-build:<VERSION> | |
# 4. Update the image setting in config.yml to your new VERSION. | |
# | |
# Note that we use a multi-stage build. This allows us to pass in the GITHUB_OAUTH_TOKEN secret (which we use to access | |
# the private gruntwork-io repos) as a build arg without it being stored in the build history. For more info, see: | |
# | |
# https://stackoverflow.com/a/40762010/483528 | |
# https://vsupalov.com/build-docker-image-clone-private-repo-ssh-key/ | |
# | |
# You must set a GitHub personal access token as a build arg. This will be used to access the private gruntwork-io | |
# GitHub repos | |
ARG GITHUB_OAUTH_TOKEN | |
# Module and tool versions have defaults, but you can override them | |
ARG GRUNTWORK_INSTALLER_VERSION=v0.0.24 | |
ARG MODULE_CI_VERSION=v0.18.4 | |
ARG TFENV_VERSION=1.0.2 | |
ARG TGENV_VERSION=0.0.3 | |
ARG TERRAFORM_VERSION=0.11.3 | |
ARG TERRAFORM_12_VERSION=0.12.21 | |
ARG TERRAGRUNT_VERSION=0.18.7 | |
ARG TERRAGRUNT_12_VERSION=0.22.4 | |
FROM ubuntu:18.04 as intermediate | |
ARG GITHUB_OAUTH_TOKEN | |
ARG GRUNTWORK_INSTALLER_VERSION | |
ARG MODULE_CI_VERSION | |
ARG TFENV_VERSION | |
ARG TGENV_VERSION | |
ARG TERRAFORM_VERSION | |
ARG TERRAFORM_12_VERSION | |
ARG TERRAGRUNT_VERSION | |
ARG TERRAGRUNT_12_VERSION | |
RUN if [ -z "$GITHUB_OAUTH_TOKEN" ]; then echo "ERROR: You must set GITHUB_OAUTH_TOKEN as a Docker build arg."; exit 1; fi | |
RUN apt-get update && \ | |
apt-get upgrade -y && \ | |
apt-get install -y curl wget unzip sudo libdigest-sha-perl | |
RUN tfenv_installdir=$(mktemp -d) && \ | |
cd ${tfenv_installdir} && \ | |
mkdir -p /opt/tfenv/${TFENV_VERSION}/ && \ | |
curl -LO "https://github.com/tfutils/tfenv/archive/v${TFENV_VERSION}.tar.gz" && \ | |
tar xf v${TFENV_VERSION}.tar.gz && \ | |
cd tfenv-${TFENV_VERSION}/ && \ | |
cp -R bin libexec share /opt/tfenv/${TFENV_VERSION}/ && \ | |
ln -s /opt/tfenv/${TFENV_VERSION}/bin/terraform /usr/local/bin/terraform && \ | |
ln -s /opt/tfenv/${TFENV_VERSION}/bin/tfenv /usr/local/bin/tfenv && \ | |
tfenv install ${TERRAFORM_VERSION} && \ | |
tfenv install ${TERRAFORM_12_VERSION} && \ | |
rm -Rf ${tfenv_installdir} | |
RUN tgenv_installdir=$(mktemp -d) && \ | |
cd ${tgenv_installdir} && \ | |
mkdir -p /opt/tfenv/${TGENV_VERSION}/ && \ | |
curl -LO "https://github.com/cunymatthieu/tgenv/archive/v${TGENV_VERSION}.tar.gz" && \ | |
tar xf v${TGENV_VERSION}.tar.gz && \ | |
cd tgenv-${TGENV_VERSION}/ && \ | |
mkdir -p /opt/tgenv/${TGENV_VERSION}/ && \ | |
cp -R bin libexec /opt/tgenv/${TGENV_VERSION}/ && \ | |
ln -s /opt/tgenv/${TGENV_VERSION}/bin/terragrunt /usr/local/bin/terragrunt && \ | |
ln -s /opt/tgenv/${TGENV_VERSION}/bin/tgenv /usr/local/bin/tgenv && \ | |
tgenv install ${TERRAGRUNT_VERSION} && \ | |
tgenv install ${TERRAGRUNT_12_VERSION} && \ | |
rm -Rf ${tgenv_installdir} | |
RUN curl -Ls https://raw.githubusercontent.com/gruntwork-io/gruntwork-installer/master/bootstrap-gruntwork-installer.sh | bash /dev/stdin --version "$GRUNTWORK_INSTALLER_VERSION" && \ | |
gruntwork-install --module-name "build-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "$MODULE_CI_VERSION" && \ | |
gruntwork-install --module-name "terraform-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "$MODULE_CI_VERSION" && \ | |
gruntwork-install --module-name "git-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "$MODULE_CI_VERSION" | |
# This is the real Docker image that will be created in the end. It just carefully copies code from the intermediate. | |
FROM ubuntu:18.04 | |
ARG TFENV_VERSION | |
ARG TGENV_VERSION | |
RUN apt-get update && \ | |
apt-get install -y git apt-transport-https ca-certificates curl software-properties-common jq python-pip && \ | |
pip install awscli | |
# Here we install Docker in Docker. We need it because our builds will run, well, Docker! Note that all we're really | |
# using is the Docker client, as CircleCi will mount a socket for us to talk to a Docker server outside of this | |
# container. | |
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \ | |
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \ | |
apt-get update && \ | |
apt-get install -y docker-ce | |
COPY --from=intermediate \ | |
/usr/local/bin/build-docker-image \ | |
/usr/local/bin/terraform-update-variable \ | |
/usr/local/bin/git-add-commit-push \ | |
/usr/local/bin/git-rebase \ | |
/usr/local/bin/ | |
COPY --from=intermediate \ | |
/opt /opt/ | |
RUN ln -s /opt/tfenv/${TFENV_VERSION}/bin/terraform /usr/local/bin/terraform && \ | |
ln -s /opt/tfenv/${TFENV_VERSION}/bin/tfenv /usr/local/bin/tfenv && \ | |
ln -s /opt/tgenv/${TGENV_VERSION}/bin/terragrunt /usr/local/bin/terragrunt && \ | |
ln -s /opt/tgenv/${TGENV_VERSION}/bin/tgenv /usr/local/bin/tgenv |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment