Skip to content

Docker container with common tools to run Terraform locally and/or through CI systems

Notifications You must be signed in to change notification settings

kkacsh321/tf-tools

Repository files navigation

Terraform Build Container

Summary

This repo contains the dockerfile for my Terraform Build Container. This is a lightweight container based off alpine that contains all the tools needed to provision work with Terraform:

Includes:

TFENV for managing Terraform versions (https://github.com/tfutils/tfenv)

Installs both Terraform 1 for all needs for versioning.

Terraform-docs for generating documentation (https://github.com/terraform-docs/terraform-docs)

TF Lint for linting of the code (https://github.com/terraform-linters/tflint)

Terragrunt (https://github.com/gruntwork-io/terragrunt)

Helmenv (https://github.com/little-angry-clouds/kubernetes-binaries-managers/tree/master/cmd/helmenv)

Helm (managed by helmenv above)

Kbenv (https://github.com/little-angry-clouds/kubernetes-binaries-managers/tree/master/cmd/kbenv)

Kubernetescli (managed by kbenv above)

Infracost for generating cross-cloud pricing (https://github.com/infracost)

TFSec For writing policy as code checks (https://github.com/aquasecurity/tfsec)

This container gets used locally, and in CI to make sure all build processes use same environment setup.

How to work with the repo

This is a pretty basic repo that contains the Dockerfile, a simple entry script, and the Makefile. Make your adjustments to the dockerfile and then use the make commands to help build and test your changes. You will need to set a DOCKER_REGISTRY_URL environment variable

Usage:
  make <target>

Targets:
  build       Build the docker container and tag as latest
  shell       Build the docker container and then run in interaction mode
  push        Push the docker container to registry
  tag         Tag the docker image
  grype       Runs grype locally - you need to have it installed first (https://github.com/anchore/grype)
  hadolint    Runs hadolint locally - you need to have it installed first (https://github.com/hadolint/hadolint)
  check-version  Checks for the required version bump
  bump-version  bump minor version
  prepare-pr  Runs grype, and hadolint to check for issues with container before your PR
  help        show this usage

PR Checks and Github Actions

This repo has a few different Github Actions that are also running.

Anchore - This is the container vulnerability scanning engine, that can help identify container issues. https://github.com/anchore/scan-action

Hadolint - This is a quick check for proper Dockerfile conventions and best practices

Docker_build_push - This builds and publishes a new image to Dockerhub https://hub.docker.com/r/drkrazy/tf-tools based off a github release tag - This requires a few Github secrets of DOCKER_TOKEN and DOCKER_USERNAME to be set in repo for Dockerhub user.

Autotagger - will auto tag on merge to the main branch, this will also kick off the above Docker_build_push to publish image to Dockerhub. This requires a Github secret of GH_TOKEN to be set in the repo

Publishing to Docker Registries

This repo publishes both to Dockerhub publically, and uses my internal Jenkins/Anchore and Harbor registry for internal needs.

Dockerhub:

Upon succesful merge to the main branch a Github action called autotagger with create a tag based off the value in package.json - this needs to be updated in every PR to create new version.

Once that happens the tag creation will trigger the docker_build_push Github action to build and publish the image to Dockerhub

Jenkins:

Upon succesful merge to the main branch it will kick off a Jenkin job that builds the image, scans it with Anchore, and uploads it to my internal Harbor registry.

About

Docker container with common tools to run Terraform locally and/or through CI systems

Resources

Stars

Watchers

Forks

Packages

No packages published