diff --git a/.github/workflows/docker-build-and-publish.yml b/.github/workflows/docker-build-and-publish.yml index 1f08e0a..6e74ee9 100644 --- a/.github/workflows/docker-build-and-publish.yml +++ b/.github/workflows/docker-build-and-publish.yml @@ -18,7 +18,7 @@ env: IMAGE_TAG: 1.0.${{ github.run_number }} jobs: - standard-alpine: + standard-alpine-amd64: name: Build standard-alpine-amd64 runs-on: ubuntu-latest @@ -53,9 +53,89 @@ jobs: buildoptions: "--compress --force-rm" dockerfile: images/standard-alpine-amd64/Dockerfile platforms: linux/amd64 - tags: "latest,${{ env.IMAGE_TAG }}" + tags: "latest,${{ env.IMAGE_TAG }},amd64" - standard-ubuntu: + standard-alpine-arm64: + name: Build standard-alpine-arm64 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + run: | + docker buildx install + docker buildx create --use + docker build . --platform linux/arm64 --load --file images/standard-alpine-arm64/Dockerfile --no-cache -t standard-alpine-arm64:${{ github.sha }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "standard-alpine-arm64:${{ github.sha }}" + format: "table" + exit-code: "1" + ignore-unfixed: true + severity: "CRITICAL,HIGH" + hide-progress: true + vuln-type: "os" + + - uses: actions/checkout@v3 + - name: Docker Image Size + run: docker inspect -f "{{ .Size }}" standard-alpine-arm64:${{ github.sha }} | numfmt --to=si + + - name: Publish to Registry + id: publish-standard-alpine-arm64 + uses: elgohr/Publish-Docker-Github-Action@v5 + with: + name: SlalomBuild/pe-toolkit-standard-alpine-arm64 + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + buildoptions: "--compress --force-rm" + dockerfile: images/standard-alpine-arm64/Dockerfile + platforms: linux/arm64 + tags: "latest,${{ env.IMAGE_TAG }},arm64" + + standard-ubuntu-arm64: + name: Build standard-ubuntu-arm64 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + run: | + docker buildx install + docker buildx create --use + docker build . --platform linux/arm64 --load --file images/standard-ubuntu-arm64/Dockerfile --no-cache -t standard-ubuntu-arm64:${{ github.sha }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "standard-ubuntu-arm64:${{ github.sha }}" + format: "table" + exit-code: "1" + ignore-unfixed: true + severity: "CRITICAL,HIGH" + hide-progress: true + vuln-type: "os" + + - uses: actions/checkout@v3 + - name: Docker Image Size + run: docker inspect -f "{{ .Size }}" standard-ubuntu-arm64:${{ github.sha }} | numfmt --to=si + + - name: Publish to Registry + id: publish-standard-ubuntu-arm64 + uses: elgohr/Publish-Docker-Github-Action@v5 + with: + name: SlalomBuild/pe-toolkit-standard-ubuntu-arm64 + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + buildoptions: "--compress --force-rm" + dockerfile: images/standard-ubuntu-arm64/Dockerfile + platforms: linux/arm64 + tags: "latest,${{ env.IMAGE_TAG }},arm64" + + standard-ubuntu-amd64: name: Build standard-ubuntu-amd64 runs-on: ubuntu-latest @@ -90,9 +170,9 @@ jobs: buildoptions: "--compress --force-rm" dockerfile: images/standard-ubuntu-amd64/Dockerfile platforms: linux/amd64 - tags: "latest,${{ env.IMAGE_TAG }}" + tags: "latest,${{ env.IMAGE_TAG }},amd64" - full-alpine: + full-alpine-amd64: name: Build full-alpine-amd64 runs-on: ubuntu-latest @@ -126,9 +206,48 @@ jobs: buildoptions: "--compress --force-rm" dockerfile: images/full-alpine-amd64/Dockerfile platforms: linux/amd64 - tags: "latest,${{ env.IMAGE_TAG }}" + tags: "latest,${{ env.IMAGE_TAG }},amd64" + + full-alpine-arm64: + name: Build full-alpine-arm64 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + run: | + docker buildx install + docker buildx create --use + docker build . --platform linux/arm64 --load --file images/full-alpine-arm64/Dockerfile --no-cache -t full-alpine-arm64:${{ github.sha }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "full-alpine-arm64:${{ github.sha }}" + format: "table" + exit-code: "1" + ignore-unfixed: true + severity: "CRITICAL,HIGH" + hide-progress: true + vuln-type: "os" - full-ubuntu: + - uses: actions/checkout@v3 + - name: Docker Image Size + run: docker inspect -f "{{ .Size }}" full-alpine-arm64:${{ github.sha }} | numfmt --to=si + + - name: Publish to Registry + uses: elgohr/Publish-Docker-Github-Action@v5 + with: + name: SlalomBuild/pe-toolkit-full-alpine-arm64 + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + buildoptions: "--compress --force-rm" + dockerfile: images/full-alpine-arm64/Dockerfile + platforms: linux/arm64 + tags: "latest,${{ env.IMAGE_TAG }},arm64" + + full-ubuntu-amd64: name: Build full-ubuntu-amd64 runs-on: ubuntu-latest @@ -162,80 +281,90 @@ jobs: buildoptions: "--compress --force-rm" dockerfile: images/full-ubuntu-amd64/Dockerfile platforms: linux/amd64 - tags: "latest,${{ env.IMAGE_TAG }}" + tags: "latest,${{ env.IMAGE_TAG }},amd64" - test-standard-alpine: - name: Test standard-alpine-amd64 + full-ubuntu-arm64: + name: Build full-ubuntu-arm64 runs-on: ubuntu-latest - container: - image: ghcr.io/slalombuild/pe-toolkit-standard-alpine-amd64:1.0.${{ github.run_number }} - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - needs: standard-alpine - if: ${{ success() }} - steps: - - name: Run each tool - run: | - figlet terraform && terraform version - figlet atmos && atmos version - figlet tflint && tflint --version - figlet tfsec && tfsec --version - figlet opa && opa version - - test-full-alpine: - name: Test full-alpine-amd64 - runs-on: ubuntu-latest - container: - image: ghcr.io/slalombuild/pe-toolkit-full-alpine-amd64:1.0.${{ github.run_number }} - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - needs: full-alpine - if: ${{ success() }} + steps: - - name: Run each tool + - uses: actions/checkout@v3 + - name: Build the Docker image run: | - figlet terraform && terraform version - figlet atmos && atmos version - figlet tflint && tflint --version - figlet tfsec && tfsec --version - figlet opa && opa version - - test-standard-ubuntu: - name: Test standard-ubuntu-amd64 - runs-on: ubuntu-latest - container: - image: ghcr.io/slalombuild/pe-toolkit-standard-ubuntu-amd64:1.0.${{ github.run_number }} - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - needs: standard-ubuntu + docker buildx install + docker buildx create --use + docker build . --platform linux/arm64 --load --file images/full-ubuntu-arm64/Dockerfile --no-cache -t full-ubuntu-arm64:${{ github.sha }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "full-ubuntu-arm64:${{ github.sha }}" + format: "table" + exit-code: "1" + ignore-unfixed: true + severity: "CRITICAL,HIGH" + hide-progress: true + vuln-type: "os" + + - uses: actions/checkout@v3 + - name: Docker Image Size + run: docker inspect -f "{{ .Size }}" full-ubuntu-arm64:${{ github.sha }} | numfmt --to=si + + - name: Publish to Registry + uses: elgohr/Publish-Docker-Github-Action@v5 + with: + name: SlalomBuild/pe-toolkit-full-ubuntu-arm64 + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + buildoptions: "--compress --force-rm" + dockerfile: images/full-ubuntu-arm64/Dockerfile + platforms: linux/arm64 + tags: "latest,${{ env.IMAGE_TAG }},arm64" + + # _____ _ + # |_ _|__ ___| |_ ___ + # | |/ _ \/ __| __/ __| + # | | __/\__ \ |_\__ \ + # |_|\___||___/\__|___/ + + test: + name: Test ${{ matrix.type.name }}-${{ matrix.distro.id }}-${{ matrix.arch.id }} if: ${{ success() }} - steps: - - name: Run each tool - run: | - figlet terraform && terraform version - figlet atmos && atmos version - figlet tflint && tflint --version - figlet tfsec && tfsec --version - figlet opa && opa version - - test-full-ubuntu: - name: Test full-ubuntu-amd64 + needs: + [ + standard-alpine-amd64, + standard-alpine-arm64, + standard-ubuntu-amd64, + standard-ubuntu-arm64, + full-alpine-amd64, + full-alpine-arm64, + full-ubuntu-amd64, + full-ubuntu-arm64, + ] runs-on: ubuntu-latest - container: - image: ghcr.io/slalombuild/pe-toolkit-full-ubuntu-amd64:1.0.${{ github.run_number }} - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - needs: full-ubuntu - if: ${{ success() }} + strategy: + matrix: + arch: + - id: "amd64" + - id: "arm64" + distro: + - id: "ubuntu" + - id: "alpine" + type: + - name: "full" + - name: "standard" + steps: - - name: Run each tool + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: "linux/${{ matrix.arch.id }}" + + - name: Run binaries in docker run: | - figlet terraform && terraform version - figlet atmos && atmos version - figlet tflint && tflint --version - figlet tfsec && tfsec --version - figlet opa && opa version + docker run \ + --rm \ + --platform linux/${{ matrix.arch.id }} \ + ghcr.io/slalombuild/pe-toolkit-${{ matrix.type.name }}-${{ matrix.distro.id }}-${{ matrix.arch.id }}:${{ env.IMAGE_TAG }} \ + /bin/sh -c 'figlet terraform && terraform version && figlet atmos && atmos version && figlet tflint && tflint --version && figlet tfsec && tfsec --version && figlet opa && opa version' diff --git a/README.md b/README.md index 034f62e..b4adfd6 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ We offer two options (currently); Alpine (latest) and Ubuntu (latest). #### Which architectures do we support? -`amd64`. If there's an architecture you'd like an image for, please submit a PR. +`amd64` and `arm64`. If there's an architecture you'd like an image for, please submit a PR. ### Contributions diff --git a/images/full-alpine-arm64/Dockerfile b/images/full-alpine-arm64/Dockerfile new file mode 100644 index 0000000..95eacbc --- /dev/null +++ b/images/full-alpine-arm64/Dockerfile @@ -0,0 +1,86 @@ +FROM alpine:latest + +RUN apk update && \ + apk upgrade && \ + apk add --update --no-cache \ + curl \ + bash \ + jq \ + yq \ + figlet \ + unzip \ + zip \ + git \ + shellcheck \ + nano \ + tar && \ + rm -rf /var/cache/apk/* + +# Install languages, libraries and frameworks +RUN apk add --update \ + nodejs \ + npm \ + python3 \ + py3-pip && \ + rm -rf /var/cache/apk/* + +# Install golang +COPY --from=golang:alpine3.17 /usr/local/go/ /usr/local/go/ +ENV PATH="/usr/local/go/bin:${PATH}" + +# Install terraform (https://github.com/hashicorp/terraform) +RUN export tfrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/hashicorp/terraform/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing terraform v${tfrelease}" \ + && wget https://releases.hashicorp.com/terraform/${tfrelease}/terraform_${tfrelease}_linux_arm64.zip \ + && unzip terraform_${tfrelease}_linux_arm64.zip \ + && chmod +x terraform \ + && mv terraform /usr/local/bin/terraform \ + && rm terraform_${tfrelease}_linux_arm64.zip + +# Install atmos (https://github.com/cloudposse/atmos) +RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/cloudposse/atmos/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing atmos v${atmosrelease}" \ + && wget https://github.com/cloudposse/atmos/releases/download/v${atmosrelease}/atmos_${atmosrelease}_linux_arm64 \ + && chmod +x atmos_${atmosrelease}_linux_arm64 \ + && mv atmos_${atmosrelease}_linux_arm64 /usr/local/bin/atmos + +# Install terraform-docs +RUN export tfdocsrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/terraform-docs/terraform-docs/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing terraform-docs v${tfdocsrelease}" \ + && wget https://github.com/terraform-docs/terraform-docs/releases/download/v${tfdocsrelease}/terraform-docs-v${tfdocsrelease}-linux-arm64.tar.gz \ + && tar -xzf terraform-docs-v${tfdocsrelease}-linux-arm64.tar.gz -C /usr/local/bin terraform-docs \ + && chmod +x /usr/local/bin/terraform-docs \ + && rm terraform-docs-v${tfdocsrelease}-linux-arm64.tar.gz + +# Install Packer https://github.com/hashicorp/packer() +ARG packer_version=1.8.5 +ARG packer_zip_url=https://releases.hashicorp.com/packer/${packer_version}/packer_${packer_version}_linux_arm64.zip +RUN wget -nv ${packer_zip_url} \ + && unzip -d /usr/local/bin packer_${packer_version}_linux_arm64.zip \ + && rm packer_${packer_version}_linux_arm64.zip + +# Install hadolint (https://github.com/hadolint/hadolint) +ARG hadolint_version=2.12.0 +RUN wget -nv https://github.com/hadolint/hadolint/releases/download/v${hadolint_version}/hadolint-Linux-x86_64 \ + && mv hadolint-Linux-x86_64 /usr/local/bin/hadolint \ + && chmod +x /usr/local/bin/hadolint + +# Install tflint (https://github.com/terraform-linters/tflint) +RUN export tflintrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/terraform-linters/tflint/releases/latest" | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing tflint v${tflintrelease}" \ + && wget https://github.com/terraform-linters/tflint/releases/download/v${tflintrelease}/tflint_linux_arm64.zip \ + && unzip -d /usr/local/bin tflint_linux_arm64.zip \ + && chmod +x /usr/local/bin/tflint \ + && rm tflint_linux_arm64.zip + +# Install tfsec (https://github.com/aquasecurity/tfsec) +RUN export tfsecrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/aquasecurity/tfsec/releases/latest" | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing tfsec v${tfsecrelease}" \ + && wget https://github.com/aquasecurity/tfsec/releases/download/v${tfsecrelease}/tfsec-linux-arm64 \ + && chmod +x tfsec-linux-arm64 \ + && mv tfsec-linux-arm64 /usr/local/bin/tfsec + +# Install Open Policy Agent (https://openpolicyagent.org) +RUN curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_arm64_static \ + && chmod +x opa \ + && mv opa /usr/local/bin/opa diff --git a/images/full-ubuntu-arm64/Dockerfile b/images/full-ubuntu-arm64/Dockerfile new file mode 100644 index 0000000..6c7c3dc --- /dev/null +++ b/images/full-ubuntu-arm64/Dockerfile @@ -0,0 +1,84 @@ +FROM ubuntu:latest + +RUN apt update -yq && \ + apt upgrade -yq && \ + apt install -yq --no-install-recommends --no-install-suggests \ + ca-certificates \ + apt-transport-https \ + wget \ + curl \ + bash \ + jq \ + figlet \ + unzip \ + zip \ + git \ + shellcheck \ + nano \ + tar + +# Install languages, libraries and frameworks +RUN apt install -yq --no-install-recommends --no-install-suggests \ + nodejs \ + npm \ + python3 \ + python3-pip \ + golang && \ + rm -rf /var/lib/apt/lists/* + +# Install terraform (https://github.com/hashicorp/terraform) +RUN export tfrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/hashicorp/terraform/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing terraform v${tfrelease}" \ + && wget https://releases.hashicorp.com/terraform/${tfrelease}/terraform_${tfrelease}_linux_arm64.zip \ + && unzip terraform_${tfrelease}_linux_arm64.zip \ + && chmod +x terraform \ + && mv terraform /usr/local/bin/terraform \ + && rm terraform_${tfrelease}_linux_arm64.zip + +# Install atmos (https://github.com/cloudposse/atmos) +RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/cloudposse/atmos/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing atmos v${atmosrelease}" \ + && wget https://github.com/cloudposse/atmos/releases/download/v${atmosrelease}/atmos_${atmosrelease}_linux_arm64 \ + && chmod +x atmos_${atmosrelease}_linux_arm64 \ + && mv atmos_${atmosrelease}_linux_arm64 /usr/local/bin/atmos + +# Install terraform-docs +RUN export tfdocsrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/terraform-docs/terraform-docs/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing terraform-docs v${tfdocsrelease}" \ + && wget https://github.com/terraform-docs/terraform-docs/releases/download/v${tfdocsrelease}/terraform-docs-v${tfdocsrelease}-linux-arm64.tar.gz \ + && tar -xzf terraform-docs-v${tfdocsrelease}-linux-arm64.tar.gz -C /usr/local/bin terraform-docs \ + && chmod +x /usr/local/bin/terraform-docs \ + && rm terraform-docs-v${tfdocsrelease}-linux-arm64.tar.gz + +# Install Packer https://github.com/hashicorp/packer() +ARG packer_version=1.8.5 +ARG packer_zip_url=https://releases.hashicorp.com/packer/${packer_version}/packer_${packer_version}_linux_arm64.zip +RUN wget -nv ${packer_zip_url} \ + && unzip -d /usr/local/bin packer_${packer_version}_linux_arm64.zip \ + && rm packer_${packer_version}_linux_arm64.zip + +# Install hadolint (https://github.com/hadolint/hadolint) +ARG hadolint_version=2.12.0 +RUN wget -nv https://github.com/hadolint/hadolint/releases/download/v${hadolint_version}/hadolint-Linux-x86_64 \ + && mv hadolint-Linux-x86_64 /usr/local/bin/hadolint \ + && chmod +x /usr/local/bin/hadolint + +# Install tflint (https://github.com/terraform-linters/tflint) +RUN export tflintrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/terraform-linters/tflint/releases/latest" | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing tflint v${tflintrelease}" \ + && wget https://github.com/terraform-linters/tflint/releases/download/v${tflintrelease}/tflint_linux_arm64.zip \ + && unzip -d /usr/local/bin tflint_linux_arm64.zip \ + && chmod +x /usr/local/bin/tflint \ + && rm tflint_linux_arm64.zip + +# Install tfsec (https://github.com/aquasecurity/tfsec) +RUN export tfsecrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/aquasecurity/tfsec/releases/latest" | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing tfsec v${tfsecrelease}" \ + && wget https://github.com/aquasecurity/tfsec/releases/download/v${tfsecrelease}/tfsec-linux-arm64 \ + && chmod +x tfsec-linux-arm64 \ + && mv tfsec-linux-arm64 /usr/local/bin/tfsec + +# Install Open Policy Agent (https://openpolicyagent.org) +RUN curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_arm64_static \ + && chmod +x opa \ + && mv opa /usr/local/bin/opa diff --git a/images/standard-alpine-arm64/Dockerfile b/images/standard-alpine-arm64/Dockerfile new file mode 100644 index 0000000..084f80d --- /dev/null +++ b/images/standard-alpine-arm64/Dockerfile @@ -0,0 +1,52 @@ +FROM alpine:latest + +RUN apk update && \ + apk upgrade && \ + apk add --update --no-cache \ + curl \ + bash \ + jq \ + yq \ + figlet \ + unzip \ + zip \ + git \ + shellcheck \ + nano && \ + rm -rf /var/cache/apk/* + +# Install terraform (https://github.com/hashicorp/terraform) +RUN export tfrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/hashicorp/terraform/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing terraform v${tfrelease}" \ + && wget https://releases.hashicorp.com/terraform/${tfrelease}/terraform_${tfrelease}_linux_arm64.zip \ + && unzip terraform_${tfrelease}_linux_arm64.zip \ + && chmod +x terraform \ + && mv terraform /usr/local/bin/terraform \ + && rm terraform_${tfrelease}_linux_arm64.zip + +# Install atmos (https://github.com/cloudposse/atmos) +RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/cloudposse/atmos/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing atmos v${atmosrelease}" \ + && wget https://github.com/cloudposse/atmos/releases/download/v${atmosrelease}/atmos_${atmosrelease}_linux_arm64 \ + && chmod +x atmos_${atmosrelease}_linux_arm64 \ + && mv atmos_${atmosrelease}_linux_arm64 /usr/local/bin/atmos + +# Install tflint (https://github.com/terraform-linters/tflint) +RUN export tflintrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/terraform-linters/tflint/releases/latest" | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing tflint v${tflintrelease}" \ + && wget https://github.com/terraform-linters/tflint/releases/download/v${tflintrelease}/tflint_linux_arm64.zip \ + && unzip -d /usr/local/bin tflint_linux_arm64.zip \ + && chmod +x /usr/local/bin/tflint \ + && rm tflint_linux_arm64.zip + +# Install tfsec (https://github.com/aquasecurity/tfsec) +RUN export tfsecrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/aquasecurity/tfsec/releases/latest" | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing tfsec v${tfsecrelease}" \ + && wget https://github.com/aquasecurity/tfsec/releases/download/v${tfsecrelease}/tfsec-linux-arm64 \ + && chmod +x tfsec-linux-arm64 \ + && mv tfsec-linux-arm64 /usr/local/bin/tfsec + +# Install Open Policy Agent (https://openpolicyagent.org) +RUN curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_arm64_static \ + && chmod +x opa \ + && mv opa /usr/local/bin/opa \ No newline at end of file diff --git a/images/standard-ubuntu-arm64/Dockerfile b/images/standard-ubuntu-arm64/Dockerfile new file mode 100644 index 0000000..9d0d976 --- /dev/null +++ b/images/standard-ubuntu-arm64/Dockerfile @@ -0,0 +1,53 @@ +FROM ubuntu:latest + +RUN apt update -yq && \ + apt upgrade -yq && \ + apt install -yq --no-install-recommends --no-install-suggests \ + ca-certificates \ + wget \ + curl \ + bash \ + jq \ + figlet \ + unzip \ + zip \ + git \ + shellcheck \ + nano && \ + rm -rf /var/lib/apt/lists/* + +# Install terraform (https://github.com/hashicorp/terraform) +RUN export tfrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/hashicorp/terraform/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing terraform v${tfrelease}" \ + && wget https://releases.hashicorp.com/terraform/${tfrelease}/terraform_${tfrelease}_linux_arm64.zip \ + && unzip terraform_${tfrelease}_linux_arm64.zip \ + && chmod +x terraform \ + && mv terraform /usr/local/bin/terraform \ + && rm terraform_${tfrelease}_linux_arm64.zip + +# Install atmos (https://github.com/cloudposse/atmos) +RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/cloudposse/atmos/releases/latest | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing atmos v${atmosrelease}" \ + && wget https://github.com/cloudposse/atmos/releases/download/v${atmosrelease}/atmos_${atmosrelease}_linux_arm64 \ + && chmod +x atmos_${atmosrelease}_linux_arm64 \ + && mv atmos_${atmosrelease}_linux_arm64 /usr/local/bin/atmos + +# Install tflint (https://github.com/terraform-linters/tflint) +RUN export tflintrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/terraform-linters/tflint/releases/latest" | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing tflint v${tflintrelease}" \ + && wget https://github.com/terraform-linters/tflint/releases/download/v${tflintrelease}/tflint_linux_arm64.zip \ + && unzip -d /usr/local/bin tflint_linux_arm64.zip \ + && chmod +x /usr/local/bin/tflint \ + && rm tflint_linux_arm64.zip + +# Install tfsec (https://github.com/aquasecurity/tfsec) +RUN export tfsecrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/aquasecurity/tfsec/releases/latest" | awk -F / '{print substr($NF,2);}')" \ + && echo "Installing tfsec v${tfsecrelease}" \ + && wget https://github.com/aquasecurity/tfsec/releases/download/v${tfsecrelease}/tfsec-linux-arm64 \ + && chmod +x tfsec-linux-arm64 \ + && mv tfsec-linux-arm64 /usr/local/bin/tfsec + +# Install Open Policy Agent (https://openpolicyagent.org) +RUN curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_arm64_static \ + && chmod +x opa \ + && mv opa /usr/local/bin/opa \ No newline at end of file