initial commit

.github/workflows/build-and-push.yml

@@ -0,0 +1,83 @@
+---
+name: "build-push-docker-image"
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+' # Match only a full sematic version tag, i.e. v20.15.10
+
+jobs:
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - uses: "marvinpinto/action-automatic-releases@latest"
+        # This action requires minimum permissions of:
+        # permissions:
+        #   contents: write
+        #   pull-requests: write
+        with:
+          repo_token: "${{ secrets.GITHUB_TOKEN }}"
+          prerelease: false
+
+  build-and-push-image:
+    name: Build and push Docker image
+    needs: release
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # This is required for the AWS role assumption
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log in to the Github Container registry
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # - name: Log in to Docker Hub
+      #   uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+      #   with:
+      #     username: ${{ secrets.DOCKER_HUB_USERNAME }}
+      #     password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+      # - name: Configure AWS credentials
+      #   uses: aws-actions/configure-aws-credentials@v2
+      #   with:
+      #     role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+      #     aws-region: ${{ vars.AWS_ECR_REGION }}
+
+      # - name: Login to Amazon ECR
+      #   uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+      #   with:
+      #     ecr: true
+      #     registry: ${{ secrets.AWS_ECR_ACCOUNT }}.dkr.ecr.${{ vars.AWS_ECR_REGION }}.amazonaws.com
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          # images: |
+          #   ghcr.io/${{ github.repository }}
+          #   ${{ secrets.DOCKER_HUB_USERNAME }}/${{ vars.DOCKER_HUB_IMAGE_NAME }}
+          #   ${{ secrets.AWS_ECR_ACCOUNT }}.dkr.ecr.${{ vars.AWS_ECR_REGION }}.amazonaws.com/${{ vars.AWS_ECR_IMAGE_NAME}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -0,0 +1,58 @@
+FROM python:3.11
+
+LABEL org.opencontainers.image.description="Terraform and related tools in a container"
+
+ARG DEBIAN_FRONTEND=noninteractive
+ARG CONTAINER_USER_NAME=ec2-user
+ARG CONTAINER_USER_ID=1000
+ARG CONTAINER_GROUP_ID=1000
+ARG CONTAINER_GROUP_NAME=ec2-user
+
+# ENV TZ=America/New_York
+
+RUN apt-get clean && apt-get update && apt-get -qy upgrade \
+    && apt-get -qy install locales tzdata apt-utils software-properties-common build-essential python3 nano graphviz \
+    && locale-gen en_US.UTF-8 \
+    && ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime \
+    && dpkg-reconfigure -f noninteractive tzdata \
+    && apt-get -qy install nano dnsutils jq sudo
+
+# clean up after ourselves, keep image as lean as possible
+RUN apt-get remove -qy --purge software-properties-common \
+    && apt-get autoclean -qy \
+    && apt-get autoremove -qy --purge \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# python updates/packages
+RUN pip3 install --upgrade --root-user-action=ignore boto3 botocore pip
+
+# aws CLI v2
+RUN curl --silent "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
+    && unzip awscliv2.zip \
+    && ./aws/install -i /usr/local/aws-cli -b /usr/local/bin \
+    && rm -rf awscliv2.zip
+
+# tfenv and terraform
+ENV TFENV_VERSION=3.0.0
+RUN mkdir -p /opt/tfenv \
+	&& git clone https://github.com/tfutils/tfenv.git --branch v${TFENV_VERSION} /opt/tfenv \
+	&& ln -s /opt/tfenv/bin/* /usr/bin \
+	&& tfenv install latest \
+    && tfenv use latest \
+	&& chmod -R a+w /opt/tfenv/versions /opt/tfenv/version
+
+RUN addgroup --gid $CONTAINER_GROUP_ID $CONTAINER_USER_NAME
+RUN adduser --disabled-password --gecos '' --uid $CONTAINER_USER_ID --gid $CONTAINER_GROUP_ID $CONTAINER_USER_NAME
+RUN echo "$CONTAINER_USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+RUN usermod --append --groups sudo $CONTAINER_USER_NAME
+
+USER ${CONTAINER_USER_NAME}
+RUN mkdir ~/.ssh && \
+	ssh-keyscan github.com >> ~/.ssh/known_hosts
+
+# Aliases for humans using the container
+COPY bashrc-extras.sh /tmp/bashrc-extras.sh
+RUN cat /tmp/bashrc-extras.sh >> ~/.bashrc
+
+CMD [ "/bin/bash" ]

README.md

@@ -0,0 +1,28 @@
+# paul-e-allen/docker-terraform-tools
+
+Derived from https://github.com/paul-e-allen/docker-build-publish-example.
+
+## Image
+
+```
+ghcr.io/paul-e-allen/docker-terraform-tools:latest
+```
+
+## Change Log
+
+### v1.0.0
+- Initial release
+
+##  Trigger a New Release and Image Build
+
+Trigger a new release, build, and push by creating and pushing a new tag with format:
+```
+v<MAJOR_VERSION>.<MINOR_VERSION>.<PATCH_NUMBER>
+```
+For example, `v1.0.0`. 
+
+You can use the following `git` commands to create a push a tag:
+
+```
+git tag -a v1.0.0 -m v1.0.0
+git push origin v1.0.0

bashrc-extras.sh

@@ -0,0 +1,14 @@
+# Source: paul-e-allen/docker-terrafor-tools/bashrc-extras.sh
+# 
+# These commands are meant to be appended to a ~/.bashrc file during Docker build
+
+alias tf=terraform
+alias aws-export='eval $(aws configure export-credentials --format env)'
+alias aws-id='aws sts get-caller-identity'
+
+echo "Aliases available:"
+echo "  tf              -- runs terraform"
+echo "  aws-export      -- exports AWS credentials into environment variables"
+echo "  aws-id          -- runs 'aws sts get-caller-identity'"
+
+alias junk='echo "This is a junk alias"'

docker-compose.yml

@@ -0,0 +1,32 @@
+version: "3"
+services:
+  tftools:
+    container_name: tftools
+    # image: ghcr.io/paul-e-allen/docker-terraform-tools:latest
+    build:
+      context: .
+      args:
+        # For use on Cloud9
+        CONTAINER_USER_NAME: ec2-user
+        CONTAINER_USER_ID: 1000
+        CONTAINER_GROUP_ID: 1000
+        CONTAINER_GROUP_NAME: ec2-user
+    environment:
+      - AWS_PROFILE=CHANGE_ME
+      - AWS_DEFAULT_REGION=us-east-1
+      - AWS_PAGER=
+      - SSH_AUTH_SOCK=/ssh-agent-sock
+    user: ec2-user
+    networks:
+      - default
+    stdin_open: true
+    tty: true
+    volumes:
+      - ./:/mounted-files
+      - ${HOME}/.aws:/home/ec2-user/.aws
+      - ${HOME}/.ssh/known_hosts:/home/ec2-user/.ssh/known_hosts
+      - ${SSH_AUTH_SOCK}:/ssh-agent-sock
+    working_dir: "/mounted-files"
+networks:
+  default:
+    driver: "bridge"

go.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+echo "Starting container using AWS CLIv2 ..."
+docker-compose up --detach --remove-orphans
+docker-compose exec tftools bash