Merge pull request #4 from smerrell/actions

smerrell · web-flow · commit 164c1ec3e580 · 2021-02-03T16:13:57.000-07:00
actions
diff --git a/.github/workflows/lint-build-test.yml b/.github/workflows/lint-build-test.yml
@@ -0,0 +1,32 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches:
+      - "!main"
+  pull_request:
+    branches: [main]
+
+env:
+  ORGANIZATION: "smerrell"
+  IMAGE_NAME: "terraform-python-build"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Lint Dockerfile
+        uses: brpaz/hadolint-action@master
+        with:
+          dockerfile: "Dockerfile"
+
+  build:
+    runs-on: ubuntu-latest
+    needs: lint
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile --tag $ORGANIZATION/$IMAGE_NAME:$(date +%s)
diff --git a/.github/workflows/push-release.yml b/.github/workflows/push-release.yml
@@ -0,0 +1,58 @@
+name: release
+
+# trigger on published release
+on:
+  release:
+    types: [published]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Lint Dockerfile
+        uses: brpaz/hadolint-action@master
+        with:
+          dockerfile: "Dockerfile"
+
+  build_push_release:
+    runs-on: ubuntu-latest
+    needs: lint
+
+    strategy:
+      matrix:
+        tf_version:
+          - "0.12.29"
+          - "0.13.5"
+
+        azcli_version:
+          - "2.15.1"
+
+    env:
+      ORGANIZATION: "smerrell"
+      IMAGE_NAME: "terraform-python-build"
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Get and save release tag
+        run: echo "RELEASE_TAG=${GITHUB_REF##*/}" >> $GITHUB_ENV
+
+      - name: Build and save image release tag
+        run: echo "IMAGE_RELEASE_TAG=release-${RELEASE_TAG}_terraform-${{ matrix.tf_version }}_azcli-${{ matrix.azcli_version }}" >> $GITHUB_ENV
+
+      - name: Build image
+        run: docker image build . --file Dockerfile --build-arg TF_AZ_CLI_VERSION=release-5.1_terraform-${{ matrix.tf_version }}_azcli-${{ matrix.azcli_version }} --tag ${ORGANIZATION}/${IMAGE_NAME}:${IMAGE_RELEASE_TAG}
+
+      - name: Push image to registry
+        run: docker push ${ORGANIZATION}/${IMAGE_NAME}:${IMAGE_RELEASE_TAG}
diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,16 @@
-FROM zenika/terraform-azure-cli:latest AS build
+ARG TF_AZ_CLI_VERSION=release-5.1_terraform-0.12.29_azcli-2.15.1
+FROM zenika/terraform-azure-cli:${TF_AZ_CLI_VERSION} AS build
 
-RUN apt-get update && apt-get install make git python3-pip -y
-RUN pip3 install gitpython python-terraform pyhcl
+RUN apt-get update && \
+    apt-get install --no-install-recommends git=1:2.20.1-2+deb10u3 python3-pip=18.1-5 -y && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN pip3 install gitpython==3.1.12 python-terraform==0.10.1 pyhcl==0.4.4
 
 FROM build as final
 WORKDIR /workspace
+RUN groupadd --gid 1001 nonroot \
+    # user needs a home folder to store azure credentials
+    && useradd --gid nonroot --create-home --uid 1001 nonroot \
+    && chown nonroot:nonroot /workspace
+USER nonroot
 CMD [ "bash" ]
