From 1b0afc04b1a3cb2575fa8fe923d7367c302f685d Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Mon, 20 Feb 2023 16:15:15 +0800 Subject: [PATCH] update .github/workflows/terraform-aws.yaml --- .github/workflows/terraform-aws.yaml | 31 ++++++++++++++++++++++ oci/iac-runner/terraform-aws/Dockerfile | 32 +++++++++++++++++++++++ oci/iac-runner/terraform-aws/Makefile | 4 +++ oci/iac-runner/terraform-aws/main.tf | 18 +++++++++++++ oci/iac-runner/terraform-aws/repositories | 2 ++ 5 files changed, 87 insertions(+) create mode 100644 .github/workflows/terraform-aws.yaml create mode 100644 oci/iac-runner/terraform-aws/Dockerfile create mode 100755 oci/iac-runner/terraform-aws/Makefile create mode 100644 oci/iac-runner/terraform-aws/main.tf create mode 100755 oci/iac-runner/terraform-aws/repositories diff --git a/.github/workflows/terraform-aws.yaml b/.github/workflows/terraform-aws.yaml new file mode 100644 index 0000000..02ed766 --- /dev/null +++ b/.github/workflows/terraform-aws.yaml @@ -0,0 +1,31 @@ +name: Build & push ci runner terraform for aws image +on: + pull_request: + push: + paths: + - 'oci/iac-runner/terraform-aws/main.tf' + - 'oci/iac-runner/terraform-aws/Dockerfile' + - 'oci/iac-runner/terraform-aws/.terraformrc' + - '.github/workflows/terraform-aws.yaml' + branches: + - main + +jobs: + base-image: + runs-on: ubuntu-latest + name: Build ci runner terraform for aws image + steps: + - uses: actions/checkout@master + + - name: 'Artifact: build && push terraform for aws image' + uses: aevea/action-kaniko@master + with: + registry: artifact.onwalk.net + username: admin + password: ${{ secrets.HELM_REPO_PASSWORD }} + path: 'oci/iac-runner/terraform-aws/' + build_file: 'Dockerfile' + image: devops/terraform-aws + tag: latest + cache: true + cache_registry: cache diff --git a/oci/iac-runner/terraform-aws/Dockerfile b/oci/iac-runner/terraform-aws/Dockerfile new file mode 100644 index 0000000..0c22a8e --- /dev/null +++ b/oci/iac-runner/terraform-aws/Dockerfile @@ -0,0 +1,32 @@ +FROM hashicorp/terraform:latest as builder +FROM infracost/infracost:latest as finops + +# Build IAC Runner +FROM artifact.onwalk.net/k8s/alpine-glibc-awscli:2.6.1 as prod +LABEL maintainer="Haitao Pan " + +ARG AWSCLI_VERSION=2.6.1 + +RUN apk add --update --no-cache ca-certificates openssl openssh-client git bash wget make curl jq py3-pip unzip zip && \ + mkdir -pv /root/.terraform.d/plugin-cache && \ + pip3 install jinja2 hvac python-hcl2 && \ + wget https://mirrors.onwalk.net/tools/linux-amd64/gauth.tar.gz && tar -xvpf gauth.tar.gz -C /usr/bin/ && chmod 755 /usr/bin/gauth && \ + wget https://mirrors.onwalk.net/tools/linux-amd64/gitleaks_8.8.5_linux_x64.tar.gz && tar -xvpf gitleaks_8.8.5_linux_x64.tar.gz && cp gitleaks /usr/bin/ && chmod 755 /usr/bin/gitleaks && \ + apk --no-cache del binutils curl && \ + rm -rf /var/cache/apk/* + +# add pre-cost tools +COPY --from=builder /bin/terraform /bin/ +COPY --from=finops /usr/bin/terragrunt /usr/bin/ +COPY --from=finops /usr/bin/infracost /usr/bin/ +RUN mkdir -pv /root/.config/infracost/ +COPY credentials.yml /root/.config/infracost/ +RUN infracost configure get api_key + +# init terraform provider local mirror +COPY main.tf . +RUN mkdir -pv /data/terraform/ +RUN terraform providers mirror /data/terraform/ && rm -f main.tf .terraform.lock.hcl +COPY .terraformrc /root/ + +ENTRYPOINT ["terraform"] diff --git a/oci/iac-runner/terraform-aws/Makefile b/oci/iac-runner/terraform-aws/Makefile new file mode 100755 index 0000000..f63b667 --- /dev/null +++ b/oci/iac-runner/terraform-aws/Makefile @@ -0,0 +1,4 @@ +Makefileall: + cp -av ~/.terraform.d/ . + sudo docker build --network host --no-cache -t artifact.onwalk.net/devops/iac-runner:latest . + sudo docker push artifact.onwalk.net/devops/iac-runner:latest diff --git a/oci/iac-runner/terraform-aws/main.tf b/oci/iac-runner/terraform-aws/main.tf new file mode 100644 index 0000000..a6c922d --- /dev/null +++ b/oci/iac-runner/terraform-aws/main.tf @@ -0,0 +1,18 @@ +provider "aws" { + region = "ap-east-1" +} + +terraform { + required_providers { + local = { + source = "hashicorp/local" + } + aws = { + source = "hashicorp/aws" + version = "= 4.14.0" + } + tls = { + source = "hashicorp/tls" + } + } +} diff --git a/oci/iac-runner/terraform-aws/repositories b/oci/iac-runner/terraform-aws/repositories new file mode 100755 index 0000000..281b398 --- /dev/null +++ b/oci/iac-runner/terraform-aws/repositories @@ -0,0 +1,2 @@ +https://mirrors.ustc.edu.cn/alpine/v3.15/main +https://mirrors.ustc.edu.cn/alpine/v3.15/community