Merge branch 'dev'

.github/workflows/sync-images.yaml

@@ -44,3 +44,7 @@ jobs:
         docker pull gcr.io/kaniko-project/executor:v1.9.1-debug
         docker tag gcr.io/kaniko-project/executor:v1.9.1-debug artifact.onwalk.net/k8s/kaniko-executor:1.9.1-debug
         docker push artifact.onwalk.net/k8s/kaniko-executor:1.9.1-debug
+
+        docker pull hashicorp/terraform:latest
+        docker tag hashicorp/terraform:latest artifact.onwalk.net/devops/terraform:latest
+        docker push artifact.onwalk.net/devops/terraform:latest

example/.gitlab-ci.yml

@@ -1,10 +0,0 @@
-include:
-  - local: 'gitlab-templates/base.yml'
-  - local: 'gitlab-templates/build-and-push-image.yml'
-
-variables:
-  username: 'admin'
-  password: '${repo-passwd}'
-  repository: 'artifact.onwalk.net'
-  image: 'k8s/alpine'
-  tag: '3.13'

example/gitlab-templates/base.yml

@@ -1,6 +0,0 @@
-image:
-  name: gcr.io/kaniko-project/executor:v1.9.0-debug
-  entrypoint: [""]
-
-stages:
-  - build

example/gitlab-templates/build-and-push-image.yml

@@ -1,11 +0,0 @@
-build-image-job:
-  stage: build
-  script:
-    - mkdir -p /kaniko/.docker
-    - echo "{\"auths\":{"https://${repository}":{\"auth\":\"$(printf "%s:%s" "${username}" "${password}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
-    - cat /kaniko/.docker/config.json
-    - /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "Dockerfile" --destination "${repository}/${image}:${tag}"
-  tags:
-    - docker
-  rules:
-    - if: $CI_COMMIT_BRANCH == "main"

oci/ci-runner/alpine/.gitlab-ci.yml

@@ -1,16 +0,0 @@
-stages:
-  - build
-
-build-image-job:
-  stage: build
-  image:
-    name: artifact.onwalk.net/k8s/kaniko-executor:debug
-    entrypoint: [""]
-  script:
-    - mkdir -p /kaniko/.docker
-    - echo "{\"auths\":{\"artifact.onwalk.net/k8s\":{\"auth\":\"$(printf "%s:%s" "admin" "${PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
-    - >-
-      /kaniko/executor
-      --context "${CI_PROJECT_DIR}"
-      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
-      --destination "artifact.onwalk.net/devops/alpine-ci-runner:latest"

oci/hugo/Dockerfile

@@ -0,0 +1,26 @@
+FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 as prod
+
+ENV HUGO_VERSION 0.59.1
+ENV HUGO_BINARY hugo_extended_${HUGO_VERSION}_Linux-64bit.tar.gz
+
+RUN apk --no-cache add libstdc++ ca-certificates wget \
+ && wget https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/${HUGO_BINARY} \
+ && tar xzf ${HUGO_BINARY} \
+ && rm -r ${HUGO_BINARY} \
+ && mv hugo /usr/bin
+
+VOLUME /opt/cache
+VOLUME /opt/destination
+VOLUME /opt/source
+
+EXPOSE 8080
+
+ENTRYPOINT ["hugo",\
+           "server",\
+           "--cacheDir", "/opt/cache",\
+           "--destination", "/opt/destination",\
+           "--source", "/opt/source",\
+           "--minify",\
+           "--bind", "0.0.0.0",\
+           "--port", "80"\
+]

oci/iac-runner/terraform-alicloud/Dockerfile

@@ -0,0 +1,32 @@
+FROM hashicorp/terraform:latest as builder
+FROM infracost/infracost:latest as finops
+
+# Build IAC Runner
+FROM artifact.onwalk.net/k8s/alpine-glibc-awscli:2.6.1 as prod
+LABEL maintainer="Haitao Pan <xz@onwalk.net>"
+
+ARG AWSCLI_VERSION=2.6.1
+
+RUN apk add --update --no-cache ca-certificates openssl openssh-client git bash wget make curl jq py3-pip unzip zip && \
+    mkdir -pv /root/.terraform.d/plugin-cache && \
+    pip3 install jinja2 hvac python-hcl2      && \
+    wget https://mirrors.onwalk.net/tools/linux-amd64/gauth.tar.gz && tar -xvpf gauth.tar.gz -C /usr/bin/ && chmod 755 /usr/bin/gauth && \
+    wget https://mirrors.onwalk.net/tools/linux-amd64/gitleaks_8.8.5_linux_x64.tar.gz && tar -xvpf gitleaks_8.8.5_linux_x64.tar.gz && cp gitleaks /usr/bin/ && chmod 755 /usr/bin/gitleaks && \
+    apk --no-cache del binutils curl && \
+    rm -rf /var/cache/apk/*
+
+# add pre-cost tools 
+COPY --from=builder /bin/terraform /bin/
+COPY --from=finops /usr/bin/terragrunt /usr/bin/
+COPY --from=finops /usr/bin/infracost /usr/bin/
+RUN mkdir -pv /root/.config/infracost/
+COPY credentials.yml /root/.config/infracost/
+RUN infracost configure get api_key
+
+# init terraform provider local mirror
+COPY main.tf .
+RUN mkdir -pv /data/terraform/
+RUN terraform providers mirror /data/terraform/ && rm -f main.tf .terraform.lock.hcl
+COPY .terraformrc /root/
+
+ENTRYPOINT ["terraform"]

oci/iac-runner/terraform-alicloud/Makefile

@@ -0,0 +1,4 @@
+Makefileall:
+	cp -av ~/.terraform.d/ .
+	sudo docker build --network host --no-cache -t artifact.onwalk.net/devops/iac-runner:latest .
+	sudo docker push artifact.onwalk.net/devops/iac-runner:latest 

oci/iac-runner/terraform-alicloud/main.tf

@@ -0,0 +1,18 @@
+provider "alicloud" {
+  region     = "ap-east-1"
+}
+
+terraform {
+  required_providers {
+    local = {
+      source = "hashicorp/local"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "= 4.14.0"  
+    }
+    tls = {
+      source  = "hashicorp/tls"
+    }
+  }
+}

oci/iac-runner/terraform-alicloud/repositories

@@ -0,0 +1,2 @@
+https://mirrors.ustc.edu.cn/alpine/v3.15/main
+https://mirrors.ustc.edu.cn/alpine/v3.15/community