Skip to content

Commit

Permalink
PLT-0 - Add one password cli
Browse files Browse the repository at this point in the history
* add one password cli to allow usage of 1password terraform provider with service account token
  • Loading branch information
Engerim committed Jan 8, 2024
1 parent 6d973e4 commit d89c90d
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 10 deletions.
20 changes: 10 additions & 10 deletions .github/workflows/docker_build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,19 @@ jobs:
- 0.27.0
TF_TG:
# Terraform 1.6.x
- 'TF-1.6.6 TG-0.54.4'
#- 'TF-1.6.6 TG-0.54.4'
# Terraform 1.5.x
- 'TF-1.5.7 TG-0.54.4'
# Terraform 1.4.x
- 'TF-1.4.7 TG-0.54.4'
#- 'TF-1.4.7 TG-0.54.4'
# Terraform 1.3.x
- 'TF-1.3.10 TG-0.54.4'
#- 'TF-1.3.10 TG-0.54.4'
# Terraform 1.2.x
- 'TF-1.2.9 TG-0.54.4'
#- 'TF-1.2.9 TG-0.54.4'
# Terraform 1.1.x
- 'TF-1.1.9 TG-0.54.4'
#- 'TF-1.1.9 TG-0.54.4'
# Terraform 1.0.x
- 'TF-1.0.11 TG-0.54.4'
#- 'TF-1.0.11 TG-0.54.4'

steps:
- name: Checkout repository
Expand Down Expand Up @@ -91,7 +91,7 @@ jobs:
}
retry make build ATLANTIS=${ATLANTIS} TERRAFORM=${TERRAFORM} TERRAGRUNT=${TERRAGRUNT}
env:
RETRIES: 20
RETRIES: 1

- name: Test
run: |
Expand All @@ -109,7 +109,7 @@ jobs:
}
retry make test ATLANTIS=${ATLANTIS} TERRAFORM=${TERRAFORM} TERRAGRUNT=${TERRAGRUNT}
env:
RETRIES: 20
RETRIES: 1

- name: Tag
run: |
Expand All @@ -132,7 +132,7 @@ jobs:
}
retry make login DOCKER_USER=${{ secrets.DOCKER_USERNAME }} DOCKER_PASS=${{ secrets.DOCKER_PASSWORD }}
env:
RETRIES: 20
RETRIES: 1
# https://help.github.com/en/github/automating-your-workflow-with-github-actions/contexts-and-expression-syntax-for-github-actions#functions
if: github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id
&& (
Expand All @@ -159,7 +159,7 @@ jobs:
}
retry make push TAG=${TAG}
env:
RETRIES: 20
RETRIES: 1
# https://help.github.com/en/github/automating-your-workflow-with-github-actions/contexts-and-expression-syntax-for-github-actions#functions
if: github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id
&& (
Expand Down
23 changes: 23 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ RUN apk add \
ARG TERRAGRUNT
ARG TERRAFORM
ARG TERRAGRUNT_ATLANTIS_CONFIG
ARG ONE_PASSWORD_CLI

###
### Ensure Terraform version is present, linked and validated
Expand Down Expand Up @@ -66,4 +67,26 @@ RUN set -eux \
&& chmod +x terragrunt-atlantis-config \
&& rm -rf terragrunt-atlantis-config_${TERRAGRUNT_ATLANTIS_CONFIG}_linux_amd64*


###
### Ensure 1Password CLI version is present, linked and validated
###
RUN set -eux \
&& if [ "${ONE_PASSWORD_CLI}" = "latest" ]; then \
ONE_PASSWORD_CLI="$( \
curl -sS https://app-updates.agilebits.com/product_history/CLI2 \
| grep -Eo '"/dist/1P/op2/pkg/v?[0-9]+\.[0-9]+\.[0-9]+/op_linux_amd64"' \
| grep -Eo '[0-9]+\.[0-9]+\.[0-9]+' \
| sort -V \
| tail -1 \
)"; \
fi \
&& cd "/tmp" \
&& curl "https://cache.agilebits.com/dist/1P/op2/pkg/v${ONE_PASSWORD_CLI}/op_linux_amd64_v${ONE_PASSWORD_CLI}.zip" -o op.zip \
&& unzip op.zip \
&& rm op.zip \
&& chmod +x op \
&& mv op /usr/local/bin/op; \
&& op --version | grep "v${ONE_PASSWORD_CLI}"

USER atlantis
3 changes: 3 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ ATLANTIS = '0.27.0'
TERRAFORM = '1.6.6'
TERRAGRUNT = '0.54.4'
TERRAGRUNT_ATLANTIS_CONFIG = '1.16.0'
ONE_PASSWORD_CLI = '2.24.0'

pull:
docker pull $(shell grep FROM Dockerfile | sed 's/^FROM//g' | sed "s/\$${ATLANTIS}/$(ATLANTIS)/g";)
Expand All @@ -25,13 +26,15 @@ build:
--build-arg TERRAFORM=$(TERRAFORM) \
--build-arg TERRAGRUNT=$(TERRAGRUNT) \
--build-arg TERRAGRUNT_ATLANTIS_CONFIG=$(TERRAGRUNT_ATLANTIS_CONFIG) \
--build-arg ONE_PASSWORD_CLI=$(ONE_PASSWORD_CLI) \
-t $(IMAGE) -f $(DIR)/$(FILE) $(DIR)

test:
docker run --rm --entrypoint atlantis ${IMAGE} version | grep -E '^atlantis v$(ATLANTIS) '
docker run --rm --entrypoint terraform ${IMAGE} --version | grep -E 'v$(TERRAFORM)$$'
docker run --rm --entrypoint terragrunt ${IMAGE} --version | grep -E 'v$(TERRAGRUNT)$$'
docker run --rm --entrypoint terragrunt-atlantis-config ${IMAGE} version | grep -E "$(TERRAGRUNT_ATLANTIS_CONFIG)$$"
docker run --rm --entrypoint op ${IMAGE} --version | grep -E "$(ONE_PASSWORD_CLI)$$"

tag:
docker tag $(IMAGE) $(IMAGE):$(TAG)
Expand Down

0 comments on commit d89c90d

Please sign in to comment.