From eb432c7b00d4d1213f1568a8b0ad2f97a43e74a9 Mon Sep 17 00:00:00 2001 From: Jack Joy Date: Tue, 26 Sep 2023 16:18:16 +0100 Subject: [PATCH] added generic docker image for concourse tasks --- .github/workflows/image_concourse-tools.yml | 20 +++++++ concourse-tools/Dockerfile | 28 +++++++++ concourse-tools/README.md | 16 +++++ concourse-tools/plugin_cache.tf | 18 ++++++ concourse-tools/terraform.lock.hcl | 65 +++++++++++++++++++++ concourse-tools/terraform_spec.rb | 49 ++++++++++++++++ terraform/plugin_cache.tf | 11 ++-- terraform/terraform.lock.hcl | 53 ++++++++++++----- 8 files changed, 240 insertions(+), 20 deletions(-) create mode 100644 .github/workflows/image_concourse-tools.yml create mode 100644 concourse-tools/Dockerfile create mode 100644 concourse-tools/README.md create mode 100644 concourse-tools/plugin_cache.tf create mode 100755 concourse-tools/terraform.lock.hcl create mode 100644 concourse-tools/terraform_spec.rb mode change 100755 => 100644 terraform/terraform.lock.hcl diff --git a/.github/workflows/image_concourse-tools.yml b/.github/workflows/image_concourse-tools.yml new file mode 100644 index 00000000..f829ae16 --- /dev/null +++ b/.github/workflows/image_concourse-tools.yml @@ -0,0 +1,20 @@ +--- +name: "Image: concourse-tools" +permissions: + actions: write # so 'cancel-workflow-action' can function + +on: + workflow_dispatch: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + workflows: + uses: ./.github/workflows/build-image-base.yml + with: + image: concourse-tools + secrets: inherit diff --git a/concourse-tools/Dockerfile b/concourse-tools/Dockerfile new file mode 100644 index 00000000..f0fdfd2a --- /dev/null +++ b/concourse-tools/Dockerfile @@ -0,0 +1,28 @@ +FROM ghcr.io/alphagov/paas/bosh-cli-v2:main + +ENV AWSCLI_VERSION "1.19.112" +ENV PATH $PATH:/usr/local/bin +ENV TERRAFORM_VER 1.5.2 +ENV TERRAFORM_SUM 781ffe0c8888d35b3f5bd0481e951cebe9964b9cfcb27e352f22687975401bcd +ENV TERRAFORM_ZIP terraform_${TERRAFORM_VER}_linux_amd64.zip + +RUN apt-get update && apt-get install -y \ + unzip \ + curl \ + python3 \ + python3-pip \ + && pip3 install \ + awscli==$AWSCLI_VERSION + +RUN set -ex \ + && wget https://releases.hashicorp.com/terraform/${TERRAFORM_VER}/${TERRAFORM_ZIP} -O /tmp/${TERRAFORM_ZIP} \ + && echo "${TERRAFORM_SUM} /tmp/${TERRAFORM_ZIP}" | sha256sum -c - \ + && unzip /tmp/${TERRAFORM_ZIP} -d /usr/local/bin \ + && rm /tmp/${TERRAFORM_ZIP} + +ENV TF_DATA_DIR "/.terraform" +COPY plugin_cache.tf /tmp/ +COPY terraform.lock.hcl /tmp/.terraform.lock.hcl +RUN cd /tmp && terraform init + +ENV TF_INPUT 0 diff --git a/concourse-tools/README.md b/concourse-tools/README.md new file mode 100644 index 00000000..f0656696 --- /dev/null +++ b/concourse-tools/README.md @@ -0,0 +1,16 @@ +# Concourse Tools + +This image is for building a container to run concourse tasks, which require various tools including: bosh-cli, awscli and curl. It uses bosh-cli-v2 as a base image and installs awscli on top using pip, and curl using apt. + +## Build locally + +``` +$ cd concourse-tools +$ docker build -t concourse-tools . +``` + +## Run + +``` +docker run -it concourse-tools /bin/bash -c "bosh --version" +``` diff --git a/concourse-tools/plugin_cache.tf b/concourse-tools/plugin_cache.tf new file mode 100644 index 00000000..3c4c5bbe --- /dev/null +++ b/concourse-tools/plugin_cache.tf @@ -0,0 +1,18 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "5.9.0" + } + null = { + source = "hashicorp/null" + version = "3.1.1" + } + random = { + source = "hashicorp/random" + version = "3.5.1" + } + } + required_version = "1.5.2" +} + diff --git a/concourse-tools/terraform.lock.hcl b/concourse-tools/terraform.lock.hcl new file mode 100755 index 00000000..66e686dc --- /dev/null +++ b/concourse-tools/terraform.lock.hcl @@ -0,0 +1,65 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.9.0" + constraints = "5.9.0" + hashes = [ + "h1:TjctPnxYpg1RZaU1dGW8BSvdmf0t0jsNGU1rEmNIXns=", + "zh:032424d4686ce2ff7c5a4a738491635616afbf6e06b3e7e6a754baa031d1265d", + "zh:1e530b4020544ec94e1fe7b1e4296640eb12cf1bf4f79cd6429ff2c4e6fffaf3", + "zh:24d2eee57a4c78039959dd9bb6dff2b75ed0483d44929550c067c3488307dc62", + "zh:3ad6d736722059664e790a358eacf0e0e60973ec44e70142fb503275de2116c1", + "zh:3f34d81acf86c61ddd271e9c4b8215765037463c3fe3c7aea1dc32a509020cfb", + "zh:65a04aa615fc320059a0871702c83b6be10bce2064056096b46faffe768a698e", + "zh:7fb56c3ce1fe77983627e2931e7c7b73152180c4dfb03e793413d0137c85d6b2", + "zh:90c94cb9d7352468bcd5ba21a56099fe087a072b1936d86f47d54c2a012b708a", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a109c5f01ed48852fe17847fa8a116dfdb81500794a9cf7e5ef92ea6dec20431", + "zh:a27c5396077a36ac2801d4c1c1132201a9225a65bba0e3b3aded9cc18f2c38ff", + "zh:a86ad796ccb0f2cb8f0ca069c774dbf74964edd3282529726816c72e22164b3c", + "zh:bda8afc64091a2a72e0cc38fde937b2163b1b072a5c41310d255901207571afd", + "zh:d22473894cd7e94b7a971793dd07309569f82913a10e4bd6c22e04f362f03bb9", + "zh:f4dbb6d13511290a5274f5b202e6d9997643f86e4c48e8c5e3c204121082851a", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.1.1" + constraints = "~> 3.1.1" + hashes = [ + "h1:YvH6gTaQzGdNv+SKTZujU1O0bO+Pw6vJHOPhqgN8XNs=", + "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", + "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", + "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e", + "zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa", + "zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5", + "zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4", + "zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46", + "zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924", + "zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b", + "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.5.1" + constraints = "3.5.1" + hashes = [ + "h1:IL9mSatmwov+e0+++YX2V6uel+dV6bn+fC/cnGDK3Ck=", + "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", + "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", + "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", + "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", + "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", + "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", + "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", + "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", + "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", + "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + ] +} diff --git a/concourse-tools/terraform_spec.rb b/concourse-tools/terraform_spec.rb new file mode 100644 index 00000000..ff605757 --- /dev/null +++ b/concourse-tools/terraform_spec.rb @@ -0,0 +1,49 @@ +require 'spec_helper' +require 'docker' +require 'serverspec' + +describe "Terraform image" do + before(:all) { + set :docker_image, find_image_id(ENV['DOCKER_IMAGE']) + } + + it "installs Alpine" do + expect(command("cat /etc/issue | head -1").stdout).to include("Alpine Linux") + end + + it "installs Root Certificates" do + expect(file("/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt")).to be_file + end + + it "installs plugin cache" do + expect(file("/tmp/plugin_cache.tf")).to be_file + end + + it "installs terraform plugin lock" do + expect(file("/tmp/.terraform.lock.hcl")).to be_file + end + + it "has the expected Terraform version" do + expect( + command("terraform version").stdout + ).to match("Terraform v1.5.2") + end + + it "installs SSH" do + expect( + command("ssh -V").stderr.strip + ).to include("OpenSSH") + end + + it "has the plugins already downloaded" do + expect( + command("cd /tmp && terraform init").stdout.strip + ).to_not include("Downloading") + end + + it "disables interactive Terraform use" do + expect( + command("printenv TF_INPUT").stdout.strip + ).to eq("0") + end +end diff --git a/terraform/plugin_cache.tf b/terraform/plugin_cache.tf index 7038bd5a..3c4c5bbe 100644 --- a/terraform/plugin_cache.tf +++ b/terraform/plugin_cache.tf @@ -2,14 +2,17 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "4.25.0" + version = "5.9.0" } - null = { source = "hashicorp/null" - version = "~> 3.1.1" + version = "3.1.1" + } + random = { + source = "hashicorp/random" + version = "3.5.1" } } - required_version = ">= 1.2.7" + required_version = "1.5.2" } diff --git a/terraform/terraform.lock.hcl b/terraform/terraform.lock.hcl old mode 100755 new mode 100644 index 2600d989..66e686dc --- a/terraform/terraform.lock.hcl +++ b/terraform/terraform.lock.hcl @@ -2,22 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "4.25.0" - constraints = "~> 4.25.0" + version = "5.9.0" + constraints = "5.9.0" hashes = [ - "h1:0dYkCnmIGkx+TlvUy21GpK7/8cCfN/fiZjHV+AAt3Xw=", - "zh:51fddc33f289108f60c2de78537f758ae913b2614187abfc3f560f9dd277bc1a", - "zh:5a2bfa0725a8941f12e775eb9c44582ec237a664321a740d8283e9b56452f2ad", - "zh:6ca73a9f11c2a9ff8f55433c00a12c1b69c22131251cb0698d32c682229b1233", + "h1:TjctPnxYpg1RZaU1dGW8BSvdmf0t0jsNGU1rEmNIXns=", + "zh:032424d4686ce2ff7c5a4a738491635616afbf6e06b3e7e6a754baa031d1265d", + "zh:1e530b4020544ec94e1fe7b1e4296640eb12cf1bf4f79cd6429ff2c4e6fffaf3", + "zh:24d2eee57a4c78039959dd9bb6dff2b75ed0483d44929550c067c3488307dc62", + "zh:3ad6d736722059664e790a358eacf0e0e60973ec44e70142fb503275de2116c1", + "zh:3f34d81acf86c61ddd271e9c4b8215765037463c3fe3c7aea1dc32a509020cfb", + "zh:65a04aa615fc320059a0871702c83b6be10bce2064056096b46faffe768a698e", + "zh:7fb56c3ce1fe77983627e2931e7c7b73152180c4dfb03e793413d0137c85d6b2", + "zh:90c94cb9d7352468bcd5ba21a56099fe087a072b1936d86f47d54c2a012b708a", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:aeafec22947a7be418adc3c6d1eddb719ed02b5e41b6e2cc9cbdca991e2140b8", - "zh:b043563789e32f6935bf51c3b4344482487c03cb084673f6181ce3443f956a3d", - "zh:b0693f4295d35ae6ce3656ee2294fd69eb732f601ba7d6eb28b7fded4471c3d2", - "zh:bccb9ec142aa11350a52142b71fd8f0332d36a94332207f45bd93ceb7297b922", - "zh:c353fd5060cf6d86e4505d0ade84a37f91d4d8774b17eaa1290a191d9da43729", - "zh:d07848da6940b2882b884fc24144741f7ce0442865c9833df26751c48429e11f", - "zh:d4feeb5c394ec9528d1633e2e2c133632d8d099f6c99654e2bbd2aa112b6a08e", - "zh:fb0a75edb943847354c759a665edb93fd7945b892be7d0511c6708785abf090c", + "zh:a109c5f01ed48852fe17847fa8a116dfdb81500794a9cf7e5ef92ea6dec20431", + "zh:a27c5396077a36ac2801d4c1c1132201a9225a65bba0e3b3aded9cc18f2c38ff", + "zh:a86ad796ccb0f2cb8f0ca069c774dbf74964edd3282529726816c72e22164b3c", + "zh:bda8afc64091a2a72e0cc38fde937b2163b1b072a5c41310d255901207571afd", + "zh:d22473894cd7e94b7a971793dd07309569f82913a10e4bd6c22e04f362f03bb9", + "zh:f4dbb6d13511290a5274f5b202e6d9997643f86e4c48e8c5e3c204121082851a", ] } @@ -25,7 +28,7 @@ provider "registry.terraform.io/hashicorp/null" { version = "3.1.1" constraints = "~> 3.1.1" hashes = [ - "h1:71sNUDvmiJcijsvfXpiLCz0lXIBSsEJjMxljt7hxMhw=", + "h1:YvH6gTaQzGdNv+SKTZujU1O0bO+Pw6vJHOPhqgN8XNs=", "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", @@ -41,4 +44,22 @@ provider "registry.terraform.io/hashicorp/null" { ] } - +provider "registry.terraform.io/hashicorp/random" { + version = "3.5.1" + constraints = "3.5.1" + hashes = [ + "h1:IL9mSatmwov+e0+++YX2V6uel+dV6bn+fC/cnGDK3Ck=", + "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", + "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", + "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", + "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", + "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", + "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", + "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", + "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", + "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", + "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + ] +}