From b6b9c1fd9e7fc26fd195b55ef575641ee1f9f8fc Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Thu, 23 Feb 2023 10:32:04 +0800 Subject: [PATCH 1/2] submit for dev --- example/.gitlab-ci.yml | 10 ------ example/gitlab-templates/base.yml | 6 ---- .../gitlab-templates/build-and-push-image.yml | 11 ------- oci/ci-runner/alpine/.gitlab-ci.yml | 16 ---------- oci/hugo/Dockerfile | 26 +++++++++++++++ .../pulumi-alicloud}/.terraformrc | 0 .../pulumi-alicloud}/Dockerfile | 0 .../pulumi-alicloud}/Makefile | 0 .../pulumi-alicloud}/main.tf | 0 .../pulumi-alicloud}/repositories | 0 .../terraform-alicloud}/.gitlab-ci.yml | 0 oci/iac-runner/terraform-alicloud/Dockerfile | 32 +++++++++++++++++++ oci/iac-runner/terraform-alicloud/Makefile | 4 +++ oci/iac-runner/terraform-alicloud/main.tf | 18 +++++++++++ .../terraform-alicloud/repositories | 2 ++ 15 files changed, 82 insertions(+), 43 deletions(-) delete mode 100644 example/.gitlab-ci.yml delete mode 100644 example/gitlab-templates/base.yml delete mode 100644 example/gitlab-templates/build-and-push-image.yml delete mode 100644 oci/ci-runner/alpine/.gitlab-ci.yml create mode 100644 oci/hugo/Dockerfile rename oci/{ci-runner/terraform => iac-runner/pulumi-alicloud}/.terraformrc (100%) rename oci/{ci-runner/terraform => iac-runner/pulumi-alicloud}/Dockerfile (100%) rename oci/{ci-runner/terraform => iac-runner/pulumi-alicloud}/Makefile (100%) rename oci/{ci-runner/terraform => iac-runner/pulumi-alicloud}/main.tf (100%) rename oci/{ci-runner/terraform => iac-runner/pulumi-alicloud}/repositories (100%) rename oci/{ci-runner/terraform => iac-runner/terraform-alicloud}/.gitlab-ci.yml (100%) create mode 100644 oci/iac-runner/terraform-alicloud/Dockerfile create mode 100755 oci/iac-runner/terraform-alicloud/Makefile create mode 100644 oci/iac-runner/terraform-alicloud/main.tf create mode 100755 oci/iac-runner/terraform-alicloud/repositories diff --git a/example/.gitlab-ci.yml b/example/.gitlab-ci.yml deleted file mode 100644 index 7562d21..0000000 --- a/example/.gitlab-ci.yml +++ /dev/null @@ -1,10 +0,0 @@ -include: - - local: 'gitlab-templates/base.yml' - - local: 'gitlab-templates/build-and-push-image.yml' - -variables: - username: 'admin' - password: '${repo-passwd}' - repository: 'artifact.onwalk.net' - image: 'k8s/alpine' - tag: '3.13' diff --git a/example/gitlab-templates/base.yml b/example/gitlab-templates/base.yml deleted file mode 100644 index f8d68ff..0000000 --- a/example/gitlab-templates/base.yml +++ /dev/null @@ -1,6 +0,0 @@ -image: - name: gcr.io/kaniko-project/executor:v1.9.0-debug - entrypoint: [""] - -stages: - - build diff --git a/example/gitlab-templates/build-and-push-image.yml b/example/gitlab-templates/build-and-push-image.yml deleted file mode 100644 index 54ec350..0000000 --- a/example/gitlab-templates/build-and-push-image.yml +++ /dev/null @@ -1,11 +0,0 @@ -build-image-job: - stage: build - script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{"https://${repository}":{\"auth\":\"$(printf "%s:%s" "${username}" "${password}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - - cat /kaniko/.docker/config.json - - /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "Dockerfile" --destination "${repository}/${image}:${tag}" - tags: - - docker - rules: - - if: $CI_COMMIT_BRANCH == "main" diff --git a/oci/ci-runner/alpine/.gitlab-ci.yml b/oci/ci-runner/alpine/.gitlab-ci.yml deleted file mode 100644 index 0ed3c48..0000000 --- a/oci/ci-runner/alpine/.gitlab-ci.yml +++ /dev/null @@ -1,16 +0,0 @@ -stages: - - build - -build-image-job: - stage: build - image: - name: artifact.onwalk.net/k8s/kaniko-executor:debug - entrypoint: [""] - script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{\"artifact.onwalk.net/k8s\":{\"auth\":\"$(printf "%s:%s" "admin" "${PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - - >- - /kaniko/executor - --context "${CI_PROJECT_DIR}" - --dockerfile "${CI_PROJECT_DIR}/Dockerfile" - --destination "artifact.onwalk.net/devops/alpine-ci-runner:latest" diff --git a/oci/hugo/Dockerfile b/oci/hugo/Dockerfile new file mode 100644 index 0000000..e783efd --- /dev/null +++ b/oci/hugo/Dockerfile @@ -0,0 +1,26 @@ +FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 as prod + +ENV HUGO_VERSION 0.59.1 +ENV HUGO_BINARY hugo_extended_${HUGO_VERSION}_Linux-64bit.tar.gz + +RUN apk --no-cache add libstdc++ ca-certificates wget \ + && wget https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/${HUGO_BINARY} \ + && tar xzf ${HUGO_BINARY} \ + && rm -r ${HUGO_BINARY} \ + && mv hugo /usr/bin + +VOLUME /opt/cache +VOLUME /opt/destination +VOLUME /opt/source + +EXPOSE 8080 + +ENTRYPOINT ["hugo",\ + "server",\ + "--cacheDir", "/opt/cache",\ + "--destination", "/opt/destination",\ + "--source", "/opt/source",\ + "--minify",\ + "--bind", "0.0.0.0",\ + "--port", "80"\ +] diff --git a/oci/ci-runner/terraform/.terraformrc b/oci/iac-runner/pulumi-alicloud/.terraformrc similarity index 100% rename from oci/ci-runner/terraform/.terraformrc rename to oci/iac-runner/pulumi-alicloud/.terraformrc diff --git a/oci/ci-runner/terraform/Dockerfile b/oci/iac-runner/pulumi-alicloud/Dockerfile similarity index 100% rename from oci/ci-runner/terraform/Dockerfile rename to oci/iac-runner/pulumi-alicloud/Dockerfile diff --git a/oci/ci-runner/terraform/Makefile b/oci/iac-runner/pulumi-alicloud/Makefile similarity index 100% rename from oci/ci-runner/terraform/Makefile rename to oci/iac-runner/pulumi-alicloud/Makefile diff --git a/oci/ci-runner/terraform/main.tf b/oci/iac-runner/pulumi-alicloud/main.tf similarity index 100% rename from oci/ci-runner/terraform/main.tf rename to oci/iac-runner/pulumi-alicloud/main.tf diff --git a/oci/ci-runner/terraform/repositories b/oci/iac-runner/pulumi-alicloud/repositories similarity index 100% rename from oci/ci-runner/terraform/repositories rename to oci/iac-runner/pulumi-alicloud/repositories diff --git a/oci/ci-runner/terraform/.gitlab-ci.yml b/oci/iac-runner/terraform-alicloud/.gitlab-ci.yml similarity index 100% rename from oci/ci-runner/terraform/.gitlab-ci.yml rename to oci/iac-runner/terraform-alicloud/.gitlab-ci.yml diff --git a/oci/iac-runner/terraform-alicloud/Dockerfile b/oci/iac-runner/terraform-alicloud/Dockerfile new file mode 100644 index 0000000..0c22a8e --- /dev/null +++ b/oci/iac-runner/terraform-alicloud/Dockerfile @@ -0,0 +1,32 @@ +FROM hashicorp/terraform:latest as builder +FROM infracost/infracost:latest as finops + +# Build IAC Runner +FROM artifact.onwalk.net/k8s/alpine-glibc-awscli:2.6.1 as prod +LABEL maintainer="Haitao Pan " + +ARG AWSCLI_VERSION=2.6.1 + +RUN apk add --update --no-cache ca-certificates openssl openssh-client git bash wget make curl jq py3-pip unzip zip && \ + mkdir -pv /root/.terraform.d/plugin-cache && \ + pip3 install jinja2 hvac python-hcl2 && \ + wget https://mirrors.onwalk.net/tools/linux-amd64/gauth.tar.gz && tar -xvpf gauth.tar.gz -C /usr/bin/ && chmod 755 /usr/bin/gauth && \ + wget https://mirrors.onwalk.net/tools/linux-amd64/gitleaks_8.8.5_linux_x64.tar.gz && tar -xvpf gitleaks_8.8.5_linux_x64.tar.gz && cp gitleaks /usr/bin/ && chmod 755 /usr/bin/gitleaks && \ + apk --no-cache del binutils curl && \ + rm -rf /var/cache/apk/* + +# add pre-cost tools +COPY --from=builder /bin/terraform /bin/ +COPY --from=finops /usr/bin/terragrunt /usr/bin/ +COPY --from=finops /usr/bin/infracost /usr/bin/ +RUN mkdir -pv /root/.config/infracost/ +COPY credentials.yml /root/.config/infracost/ +RUN infracost configure get api_key + +# init terraform provider local mirror +COPY main.tf . +RUN mkdir -pv /data/terraform/ +RUN terraform providers mirror /data/terraform/ && rm -f main.tf .terraform.lock.hcl +COPY .terraformrc /root/ + +ENTRYPOINT ["terraform"] diff --git a/oci/iac-runner/terraform-alicloud/Makefile b/oci/iac-runner/terraform-alicloud/Makefile new file mode 100755 index 0000000..f63b667 --- /dev/null +++ b/oci/iac-runner/terraform-alicloud/Makefile @@ -0,0 +1,4 @@ +Makefileall: + cp -av ~/.terraform.d/ . + sudo docker build --network host --no-cache -t artifact.onwalk.net/devops/iac-runner:latest . + sudo docker push artifact.onwalk.net/devops/iac-runner:latest diff --git a/oci/iac-runner/terraform-alicloud/main.tf b/oci/iac-runner/terraform-alicloud/main.tf new file mode 100644 index 0000000..1a02e1f --- /dev/null +++ b/oci/iac-runner/terraform-alicloud/main.tf @@ -0,0 +1,18 @@ +provider "alicloud" { + region = "ap-east-1" +} + +terraform { + required_providers { + local = { + source = "hashicorp/local" + } + aws = { + source = "hashicorp/aws" + version = "= 4.14.0" + } + tls = { + source = "hashicorp/tls" + } + } +} diff --git a/oci/iac-runner/terraform-alicloud/repositories b/oci/iac-runner/terraform-alicloud/repositories new file mode 100755 index 0000000..281b398 --- /dev/null +++ b/oci/iac-runner/terraform-alicloud/repositories @@ -0,0 +1,2 @@ +https://mirrors.ustc.edu.cn/alpine/v3.15/main +https://mirrors.ustc.edu.cn/alpine/v3.15/community From 25afd610969bfe01fe657b9588971c97bd629a9e Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Fri, 24 Feb 2023 15:15:12 +0800 Subject: [PATCH 2/2] sync hashicorp/terraform:latest --- .github/workflows/sync-images.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 264e20c..9e069a0 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -44,3 +44,7 @@ jobs: docker pull gcr.io/kaniko-project/executor:v1.9.1-debug docker tag gcr.io/kaniko-project/executor:v1.9.1-debug artifact.onwalk.net/k8s/kaniko-executor:1.9.1-debug docker push artifact.onwalk.net/k8s/kaniko-executor:1.9.1-debug + + docker pull hashicorp/terraform:latest + docker tag hashicorp/terraform:latest artifact.onwalk.net/devops/terraform:latest + docker push artifact.onwalk.net/devops/terraform:latest