-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile.terraform
49 lines (40 loc) · 2.13 KB
/
Dockerfile.terraform
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
FROM docker:latest
RUN apk add --no-cache bash vim openvpn wget unzip curl sshpass openssh-client python3 py3-pip git github-cli jq groff mandoc
# https://stackoverflow.com/a/77334728/3899136
RUN echo "[global]" >> /etc/pip.conf && echo "break-system-packages = true" >> /etc/pip.conf
RUN pip3 install awscli
# Latest Terraform version
ARG TERRAFORM_VERSION=1.9.4
RUN ARCH=$(uname -m) && \
if [ "$ARCH" = "x86_64" ]; then \
TERRAFORM_ARCH="amd64"; \
elif [ "$ARCH" = "aarch64" ]; then \
TERRAFORM_ARCH="arm64"; \
else \
echo "Unsupported architecture: $ARCH"; exit 1; \
fi && \
wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${TERRAFORM_ARCH}.zip && \
unzip terraform_${TERRAFORM_VERSION}_linux_${TERRAFORM_ARCH}.zip -d /usr/local/bin/ && \
rm terraform_${TERRAFORM_VERSION}_linux_${TERRAFORM_ARCH}.zip
# Azure CLI
# https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=script
# https://github.com/Azure/azure-cli/issues/24872
RUN apk add --no-cache -q --virtual=build gcc musl-dev python3-dev libffi-dev openssl-dev cargo make \
&& pip install --no-cache-dir azure-cli -q \
&& apk del --purge build
# Install kubelogin
RUN az aks install-cli
# Terrascan is a static code analyzer for Infrastructure as Code.
# https://github.com/tenable/terrascan/tree/3bf466ddffb5993290a09730450addc3e6f036da?tab=readme-ov-file#quick-start
RUN curl -L "$(curl -s https://api.github.com/repos/tenable/terrascan/releases/latest | grep -o -E "https://.+?_Linux_x86_64.tar.gz")" > terrascan.tar.gz && \
tar -xf terrascan.tar.gz terrascan && rm terrascan.tar.gz && \
install terrascan /usr/local/bin && rm terrascan
# tfsec uses static analysis of your terraform code to spot potential misconfigurations
RUN ARCH=$(uname -m) && \
if [ "$ARCH" = "x86_64" ]; then \
curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | sed 's/ --quiet//g' | bash; \
else \
echo "tfsec installation skipped for architecture: $ARCH"; \
fi
RUN apk add --no-cache postgresql-client
WORKDIR /app