From d89c90dc287eca67b4096117e00f51eeb6742ceb Mon Sep 17 00:00:00 2001 From: "alexander.miehe" Date: Mon, 8 Jan 2024 15:51:51 +0100 Subject: [PATCH] PLT-0 - Add one password cli * add one password cli to allow usage of 1password terraform provider with service account token --- .github/workflows/docker_build.yml | 20 ++++++++++---------- Dockerfile | 23 +++++++++++++++++++++++ Makefile | 3 +++ 3 files changed, 36 insertions(+), 10 deletions(-) diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index b25cc08..bca7d04 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -18,19 +18,19 @@ jobs: - 0.27.0 TF_TG: # Terraform 1.6.x - - 'TF-1.6.6 TG-0.54.4' + #- 'TF-1.6.6 TG-0.54.4' # Terraform 1.5.x - 'TF-1.5.7 TG-0.54.4' # Terraform 1.4.x - - 'TF-1.4.7 TG-0.54.4' + #- 'TF-1.4.7 TG-0.54.4' # Terraform 1.3.x - - 'TF-1.3.10 TG-0.54.4' + #- 'TF-1.3.10 TG-0.54.4' # Terraform 1.2.x - - 'TF-1.2.9 TG-0.54.4' + #- 'TF-1.2.9 TG-0.54.4' # Terraform 1.1.x - - 'TF-1.1.9 TG-0.54.4' + #- 'TF-1.1.9 TG-0.54.4' # Terraform 1.0.x - - 'TF-1.0.11 TG-0.54.4' + #- 'TF-1.0.11 TG-0.54.4' steps: - name: Checkout repository @@ -91,7 +91,7 @@ jobs: } retry make build ATLANTIS=${ATLANTIS} TERRAFORM=${TERRAFORM} TERRAGRUNT=${TERRAGRUNT} env: - RETRIES: 20 + RETRIES: 1 - name: Test run: | @@ -109,7 +109,7 @@ jobs: } retry make test ATLANTIS=${ATLANTIS} TERRAFORM=${TERRAFORM} TERRAGRUNT=${TERRAGRUNT} env: - RETRIES: 20 + RETRIES: 1 - name: Tag run: | @@ -132,7 +132,7 @@ jobs: } retry make login DOCKER_USER=${{ secrets.DOCKER_USERNAME }} DOCKER_PASS=${{ secrets.DOCKER_PASSWORD }} env: - RETRIES: 20 + RETRIES: 1 # https://help.github.com/en/github/automating-your-workflow-with-github-actions/contexts-and-expression-syntax-for-github-actions#functions if: github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id && ( @@ -159,7 +159,7 @@ jobs: } retry make push TAG=${TAG} env: - RETRIES: 20 + RETRIES: 1 # https://help.github.com/en/github/automating-your-workflow-with-github-actions/contexts-and-expression-syntax-for-github-actions#functions if: github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id && ( diff --git a/Dockerfile b/Dockerfile index 2c3b72b..dc19e14 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,6 +12,7 @@ RUN apk add \ ARG TERRAGRUNT ARG TERRAFORM ARG TERRAGRUNT_ATLANTIS_CONFIG +ARG ONE_PASSWORD_CLI ### ### Ensure Terraform version is present, linked and validated @@ -66,4 +67,26 @@ RUN set -eux \ && chmod +x terragrunt-atlantis-config \ && rm -rf terragrunt-atlantis-config_${TERRAGRUNT_ATLANTIS_CONFIG}_linux_amd64* + +### +### Ensure 1Password CLI version is present, linked and validated +### +RUN set -eux \ + && if [ "${ONE_PASSWORD_CLI}" = "latest" ]; then \ + ONE_PASSWORD_CLI="$( \ + curl -sS https://app-updates.agilebits.com/product_history/CLI2 \ + | grep -Eo '"/dist/1P/op2/pkg/v?[0-9]+\.[0-9]+\.[0-9]+/op_linux_amd64"' \ + | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+' \ + | sort -V \ + | tail -1 \ + )"; \ + fi \ + && cd "/tmp" \ + && curl "https://cache.agilebits.com/dist/1P/op2/pkg/v${ONE_PASSWORD_CLI}/op_linux_amd64_v${ONE_PASSWORD_CLI}.zip" -o op.zip \ + && unzip op.zip \ + && rm op.zip \ + && chmod +x op \ + && mv op /usr/local/bin/op; \ + && op --version | grep "v${ONE_PASSWORD_CLI}" + USER atlantis diff --git a/Makefile b/Makefile index 9bbb869..17bfaaa 100644 --- a/Makefile +++ b/Makefile @@ -14,6 +14,7 @@ ATLANTIS = '0.27.0' TERRAFORM = '1.6.6' TERRAGRUNT = '0.54.4' TERRAGRUNT_ATLANTIS_CONFIG = '1.16.0' +ONE_PASSWORD_CLI = '2.24.0' pull: docker pull $(shell grep FROM Dockerfile | sed 's/^FROM//g' | sed "s/\$${ATLANTIS}/$(ATLANTIS)/g";) @@ -25,6 +26,7 @@ build: --build-arg TERRAFORM=$(TERRAFORM) \ --build-arg TERRAGRUNT=$(TERRAGRUNT) \ --build-arg TERRAGRUNT_ATLANTIS_CONFIG=$(TERRAGRUNT_ATLANTIS_CONFIG) \ + --build-arg ONE_PASSWORD_CLI=$(ONE_PASSWORD_CLI) \ -t $(IMAGE) -f $(DIR)/$(FILE) $(DIR) test: @@ -32,6 +34,7 @@ test: docker run --rm --entrypoint terraform ${IMAGE} --version | grep -E 'v$(TERRAFORM)$$' docker run --rm --entrypoint terragrunt ${IMAGE} --version | grep -E 'v$(TERRAGRUNT)$$' docker run --rm --entrypoint terragrunt-atlantis-config ${IMAGE} version | grep -E "$(TERRAGRUNT_ATLANTIS_CONFIG)$$" + docker run --rm --entrypoint op ${IMAGE} --version | grep -E "$(ONE_PASSWORD_CLI)$$" tag: docker tag $(IMAGE) $(IMAGE):$(TAG)