├── .gitignore
├── .github
    └── FUNDING.yml
├── package.json
├── .circleci
    └── config.yml
├── makefile
├── LICENSE
├── test.sh
├── CHANGELOG.md
├── Dockerfile
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules/
2 | 


--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | # Support 'GitHub Sponsors' funding.
2 | github: dwmkerr
3 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "docker-terraform-ci",
 3 |   "version": "0.3.9",
 4 |   "description": "Dockerfile for Terraform CI related tasks.",
 5 |   "scripts": {
 6 |     "release": "standard-version"
 7 |   },
 8 |   "repository": {
 9 |     "type": "git",
10 |     "url": "git+https://github.com/dwmkerr/docker-terraform-ci.git"
11 |   },
12 |   "author": "Dave Kerr <github.com/dwmkerr>",
13 |   "license": "MIT",
14 |   "bugs": {
15 |     "url": "https://github.com/dwmkerr/docker-terraform-ci/issues"
16 |   },
17 |   "homepage": "https://github.com/dwmkerr/docker-terraform-ci#readme",
18 |   "devDependencies": {
19 |     "standard-version": "^8.0.0"
20 |   }
21 | }
22 | 


--------------------------------------------------------------------------------
/.circleci/config.yml:
--------------------------------------------------------------------------------
 1 | version: 2
 2 | jobs:
 3 |   test:
 4 |     machine: true
 5 |     steps:
 6 |       - checkout
 7 |       - run: make build
 8 |       - run: make test
 9 |   deploy:
10 |     machine: true
11 |     steps:
12 |       - checkout
13 |       - run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
14 |       # A little tricky to cache inmges between jobs, so just rebuild.
15 |       - run: make build
16 |       - run: make deploy
17 | 
18 | workflows:
19 |   version: 2
20 |   test:
21 |     jobs:
22 |       - test
23 |       - deploy:
24 |           requires:
25 |             - test
26 |           filters:
27 |             branches:
28 |               only: master
29 | 


--------------------------------------------------------------------------------
/makefile:
--------------------------------------------------------------------------------
 1 | # Grab the version number from the package.json.
 2 | version := $(shell jq -r .version package.json)
 3 | image := dwmkerr/terraform-ci
 4 | 
 5 | build:
 6 | 	docker build -t $(image):latest .	
 7 | 	docker tag $(image):latest $(image):$(version)
 8 | 
 9 | # Run the tests.
10 | test: build
11 | 	./test.sh
12 | 
13 | # Deploy the images to the Docker Hub. Assumes you are logged in!
14 | deploy: 
15 | 	docker push $(image):latest
16 | 	docker push $(image):$(version)
17 | 
18 | # Test the build.
19 | circleci:
20 | 	circleci config validate
21 | 	circleci build --job test
22 | 	circleci build --job deploy
23 | 
24 | # Make sure the makefile knows the commands below are commands, not targets.
25 | .PHONY: build test deploy
26 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2018 Dave Kerr
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/test.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | # Bomb if anything fails.
 4 | set -e
 5 | 
 6 | IMAGE_NAME="dwmkerr/terraform-ci" # For CI
 7 | 
 8 | function assert_installed {
 9 |     program=$1
10 |     command=$2
11 | 
12 |     echo "Checking ${program} is installed..."
13 |     result=$(eval "docker run ${IMAGE_NAME} command -v ${command}")
14 |     if ! [ -x "${result}" ]; then
15 |         echo "Error: Expected ${program} to be installed" >&2
16 |         exit 1
17 |     else
18 |         echo "Success: ${program} is installed"
19 |     fi
20 | }
21 | function assert_version {
22 |     program=$1
23 |     command=$2
24 |     version=$3
25 | 
26 |     echo "Checking ${program} version..."
27 |     result=$(eval "docker run ${IMAGE_NAME} ${command}" 2>&1)
28 |     if [[ ${result} != *"${version}"* ]]; then
29 |         echo "Error: Expected ${program} ${version}, but got: ${result}" >&2
30 |         exit 1
31 |     else
32 |         echo "Success: Found ${program} ${version}"
33 |     fi
34 | }
35 | 
36 | # Assert the versions of tools we need.
37 | assert_version "terraform" "terraform -v" "0.13.0"
38 | assert_version "tflint" "tflint -v" "0.18.0"
39 | assert_version "awscli" "aws --version" "1.16"
40 | assert_version "checkov" "checkov -v" "1.0.484"
41 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | # Changelog
 2 | 
 3 | All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 4 | 
 5 | ### [0.3.9](https://github.com/dwmkerr/docker-terraform-ci/compare/v0.3.8...v0.3.9) (2020-08-14)
 6 | 
 7 | 
 8 | ### Features
 9 | 
10 | * add azure-cli, add checkov, use tf 0.13, debian buster ([7139dda](https://github.com/dwmkerr/docker-terraform-ci/commit/7139dda5fe4dfddc3d5f10b2f2a5eaec95378486))
11 | 
12 | ### [0.3.8](https://github.com/dwmkerr/docker-terraform-ci/compare/v0.3.7...v0.3.8) (2020-03-11)
13 | 
14 | 
15 | ### Features
16 | 
17 | * **terraform:** upgrade to terraform 0.11.23 ([3943a95](https://github.com/dwmkerr/docker-terraform-ci/commit/3943a956fcc8be1176a79dc2609d6c1f8313e132))
18 | 
19 | ### [0.3.7](https://github.com/dwmkerr/docker-terraform-ci/compare/v0.3.6...v0.3.7) (2020-02-28)
20 | 
21 | ### [0.3.6](https://github.com/dwmkerr/docker-terraform-ci/compare/v0.3.5...v0.3.6) (2020-02-12)
22 | 
23 | ### [0.3.5](https://github.com/dwmkerr/docker-terraform-ci/compare/v0.3.2...v0.3.5) (2020-01-15)
24 | 
25 | 
26 | ### Features
27 | 
28 | * Adding curl ([b5d8b4c](https://github.com/dwmkerr/docker-terraform-ci/commit/b5d8b4cbcfb2ba7bf371a184662148898160aec0))
29 | * Adding shellcheck ([3403cc1](https://github.com/dwmkerr/docker-terraform-ci/commit/3403cc13db7f38ecd64c6c9e4f443ae1a22b95ad))
30 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | # A baseline image for general CI tasks with Terraform.
 2 | # Provides Terraform binaries, as well as tflint and the AWS CLI.
 3 | 
 4 | # At the time of writing, the latest version of Debian is 'strech'. Slim is a
 5 | # little leaner, with some rarely used stuff removed.
 6 | FROM debian:buster
 7 | 
 8 | # Some metadata.
 9 | MAINTAINER Dave Kerr <github.com/dwmkerr>
10 | 
11 | # Build arguments, which are used to control version numbers.
12 | ARG VERSION_TERRAFORM=0.13.0
13 | ARG VERSION_TFLINT=0.18.0
14 | ARG VERSION_AWS_CLI=1.16
15 | ARG VERSION_CHECKOV=1.0.484
16 | 
17 | # Install some common tools we'll need for builds.
18 | # Also install tools needed to use this as a CircleCI 2 build image. See:
19 | #   https://circleci.com/docs/2.0/custom-images/
20 | RUN apt-get update -qq && apt-get install -qq -y \
21 |     make \
22 |     wget \
23 |     git \
24 |     ssh \
25 |     tar \
26 |     gzip \
27 |     unzip \
28 |     ca-certificates \
29 |     python3-dev \
30 |     python3-pip \
31 |     shellcheck \
32 |     curl
33 | 
34 | # Install Terraform.
35 | RUN wget -q https://releases.hashicorp.com/terraform/${VERSION_TERRAFORM}/terraform_${VERSION_TERRAFORM}_linux_amd64.zip
36 | RUN unzip terraform_${VERSION_TERRAFORM}_linux_amd64.zip
37 | RUN install terraform /usr/local/bin
38 | RUN terraform -v
39 | 
40 | # Install tflint.
41 | RUN wget -q https://github.com/wata727/tflint/releases/download/v${VERSION_TFLINT}/tflint_linux_amd64.zip
42 | RUN unzip tflint_linux_amd64.zip
43 | RUN install tflint /usr/local/bin
44 | RUN chmod ugo+x /usr/local/bin/tflint
45 | RUN tflint -v
46 | 
47 | # Install Checkov.
48 | RUN pip3 install --upgrade setuptools
49 | RUN pip3 install checkov==${VERSION_CHECKOV}
50 | RUN checkov -v
51 | 
52 | # Install the AWS CLI.
53 | RUN pip3 install awscli==${VERSION_AWS_CLI}
54 | 
55 | # Install the Azure CLI.
56 | RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
57 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # docker-terraform-ci [![CircleCI](https://circleci.com/gh/dwmkerr/docker-terraform-ci.svg?style=shield)](https://circleci.com/gh/dwmkerr/docker-terraform-ci) [![Greenkeeper badge](https://badges.greenkeeper.io/dwmkerr/docker-terraform-ci.svg)](https://greenkeeper.io/) [![GuardRails badge](https://badges.guardrails.io/dwmkerr/docker-dynamodb.svg?token=569f2cc38a148f785f3a38ef0bcf5f5964995d7ca625abfad9956b14bd06ad96&provider=github)](https://dashboard.guardrails.io/default/gh/dwmkerr/docker-dynamodb)
 2 | 
 3 | [![Docker Hub Badge](http://dockeri.co/image/dwmkerr/terraform-ci)](https://registry.hub.docker.com/u/dwmkerr/terraform-ci/)
 4 | 
 5 | The `dwmkerr/terraform-ci` Dockerfile provides a useful baseline image for run Terraform related CI tasks.
 6 | 
 7 | <!-- vim-markdown-toc GFM -->
 8 | 
 9 | * [Introduction](#introduction)
10 | * [Tooling](#tooling)
11 | * [Coding](#coding)
12 |     * [The Makefile](#the-makefile)
13 |     * [The Tests](#the-tests)
14 |     * [Creating a Release](#creating-a-release)
15 | 
16 | <!-- vim-markdown-toc -->
17 | 
18 | # Introduction
19 | 
20 | You can use this image to run CI pipelines which build infrastructure. There is a more detailed article describing this approach on the way, which uses a CI build for [`dwmkerr/terraform-aws-openshift`](https://github.com/dwmkerr/terraform-aws-openshift) as an example.
21 | 
22 | The image is based on Debian Stretch (specifically the official [`debian:stretch`](https://hub.docker.com/_/debian/) image).
23 | 
24 | # Tooling
25 | 
26 | This image contains a number of tools which are useful when working with Terraform.
27 | 
28 | All baseline Debian stretch tools, as well as tools needed by CircleCI 2 images, and some useful utilities:
29 | 
30 | - `make`
31 | - `wget`
32 | - `git`
33 | - `ssh`
34 | - `tar`
35 | - `gzip`
36 | - `unzip`
37 | - `ca-certificates`
38 | - `curl`
39 | - [`shellcheck`](https://github.com/koalaman/shellcheck)
40 | 
41 | Terraform, [Terraform Lint](https://github.com/wata727/tflint) and [Checkov](https://github.com/bridgecrewio/checkov):
42 | 
43 | - `terraform` (0.13)
44 | - `tflint` (0.18)
45 | - `checkov` (latest)
46 | 
47 | Cloud CLIs which are for [Terraform Backends](https://www.terraform.io/docs/backends/)
48 | 
49 | - `aws` (1.16)
50 | - `az` (latest)
51 | 
52 | # Coding 
53 | 
54 | The code is structured like this:
55 | 
56 | ```
57 | Dockerfile     # the important thing, the actual dockerfile
58 | makefile       # commands to build, test deploy etc
59 | test.sh        # a simple test script
60 | package.json   # used for versioning only
61 | ```
62 | 
63 | ## The Makefile
64 | 
65 | The makefile contains commands to build, test and deploy. Parameters can be passed as environment variables or through the command-line.
66 | 
67 | | Command                  | Notes                             |
68 | |--------------------------|-----------------------------------|
69 | | `make build`             | Builds the image `dwmkerr/terraform-ci:latest` and `dwmkerr/terraform-ci:<version>`. The version is loaded from [`package.json`](./package.json). |
70 | | `make test`              | Runs the test scripts. |
71 | | `make deploy`            | Deploys the images to the docker hub. If you are not logged in, you're gonna have a bad time. |
72 | 
73 | ## The Tests
74 | 
75 | The tests are simple bash scripts which check for basic capabilities *which relate to the image*. Essentially, this means they'll test the tools are installed.
76 | 
77 | ## Creating a Release
78 | 
79 | To create a release:
80 | 
81 | - Merge your work to master
82 | - Use `npm run release` to bump and update the changelog
83 | - Push and deploy `git push --follow-tags`
84 | 
85 | A `package.json` file is used to store the version number, however the project has no other dependencies on Node.js than this part of the release process. It is just allows for convenient management of a `CHANGELOG.md` file and the version by using [standard-version](https://github.com/conventional-changelog/standard-version).
86 | 


--------------------------------------------------------------------------------