forked from terraform-compliance/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
56 lines (49 loc) · 2.26 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
FROM python:3.7.10-slim
ARG VERSION
ARG LATEST_TERRAFORM_VERSION
ARG HASHICORP_PGP_KEY
ARG TARGET_ARCH='linux_amd64'
LABEL terraform_compliance.version="${VERSION}"
LABEL author="Emre Erkunt <[email protected]>"
LABEL source="https://github.com/eerkunt/terraform-compliance"
ENV TERRAFORM_VERSION=${LATEST_TERRAFORM_VERSION}
ENV TARGET_ARCH="${TARGET_ARCH}"
ENV HASHICORP_PGP_KEY="${HASHICORP_PGP_KEY}"
RUN set -ex \
&& BUILD_DEPS='wget unzip gpg' \
&& RUN_DEPS='git' \
&& apt-get update \
&& apt-get install -y ${BUILD_DEPS} ${RUN_DEPS} \
&& TERRAFORM_FILE_NAME="terraform_${TERRAFORM_VERSION}_${TARGET_ARCH}.zip" \
&& SHA256SUM_FILE_NAME="terraform_${TERRAFORM_VERSION}_SHA256SUMS" \
&& SHA256SUM_SIG_FILE_NAME="terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig" \
&& SHA256SUM_FILE_NAME_FOR_ARCH="${SHA256SUM_FILE_NAME}.${TARGET_ARCH}" \
&& HASHICORP_PGP_KEY_FILE='hashicorp-pgp-key.pub' \
&& OLD_BASEDIR="$(pwd)" \
&& TMP_DIR=$(mktemp -d) \
&& cd "${TMP_DIR}" \
&& echo "${HASHICORP_PGP_KEY}" > "${HASHICORP_PGP_KEY_FILE}" \
&& wget -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/${SHA256SUM_FILE_NAME}" \
&& wget -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/${SHA256SUM_SIG_FILE_NAME}" \
&& gpg --import "${HASHICORP_PGP_KEY_FILE}" \
&& gpg --verify "${SHA256SUM_SIG_FILE_NAME}" "${SHA256SUM_FILE_NAME}" \
&& wget -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/${TERRAFORM_FILE_NAME}" \
&& grep "${TERRAFORM_FILE_NAME}" "${SHA256SUM_FILE_NAME}" > "${SHA256SUM_FILE_NAME_FOR_ARCH}" \
&& ls -al . \
&& sha256sum -c "${SHA256SUM_FILE_NAME_FOR_ARCH}" \
&& unzip "${TERRAFORM_FILE_NAME}" \
&& install terraform /usr/bin/ \
&& cd "${OLD_BASEDIR}" \
&& unset OLD_BASEDIR \
&& rm -vrf ${TMP_DIR} \
&& pip install --upgrade pip \
&& pip install "terraform-compliance[faster_parsing]==${VERSION}" \
&& apt-get remove -y ${BUILD_DEPS} \
&& apt-get autoremove -y \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir -p /target
RUN echo "Host *" >> /etc/ssh/ssh_config
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config
WORKDIR /target
ENTRYPOINT ["terraform-compliance"]