Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: binary installation, checksums, cleanup #181

Merged
merged 8 commits into from
Aug 20, 2024
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 12 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,18 @@ FROM alpine:latest@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef

ARG TERRAFORM_VERSION

RUN wget -q https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -O terraform.zip && \
unzip terraform.zip -d /bin && \
rm -f terraform.zip
ENV TERRAFORM_ZIP="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip"
ENV CHECKSUM_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS"
ENV CHECKSUM_FILE="SHA256SUMS"

# download and verify the Terraform binary
RUN wget -q "${TERRAFORM_ZIP}" -O terraform.zip && \
wget -q "${CHECKSUM_URL}" -O "${CHECKSUM_FILE}" && \
EXPECTED_CHECKSUM=$(grep "terraform_${TERRAFORM_VERSION}_linux_amd64.zip" "${CHECKSUM_FILE}" | awk '{ print $1 }') && \
ACTUAL_CHECKSUM=$(sha256sum terraform.zip | awk '{ print $1 }') && \
if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]; then echo "Checksum verification failed"; exit 1; fi && \
unzip terraform.zip -d /bin && \
rm -f terraform.zip "${CHECKSUM_FILE}"
plyr4 marked this conversation as resolved.
Show resolved Hide resolved

##############################################################################
## docker build --no-cache --target certs -t vela-terraform:certs . ##
Expand Down
2 changes: 1 addition & 1 deletion cmd/vela-terraform/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,7 @@ func run(c *cli.Context) error {
tfVersion := c.String("terraform.version")

// attempt to install the custom terraform tfVersion if different from default
err := install(tfVersion, os.Getenv("PLUGIN_TERRAFORM_VERSION"))
err := installBinary(tfVersion, os.Getenv("PLUGIN_TERRAFORM_VERSION"))
if err != nil {
return err
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/vela-terraform/plan_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ func TestTerraform_Plan_Command_tf13(t *testing.T) {
fmt.Sprintf("-var=%s", p.Vars[1]),
fmt.Sprintf("-var-file=%s", p.VarFiles[0]),
fmt.Sprintf("-var-file=%s", p.VarFiles[1]),
fmt.Sprintf(p.Directory),
fmt.Sprint(p.Directory),
)

got := p.Command()
Expand Down
45 changes: 26 additions & 19 deletions cmd/vela-terraform/terraform.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
package main

import (
"context"
"fmt"
"os"
"regexp"
Expand All @@ -11,15 +12,19 @@ import (
"github.com/sirupsen/logrus"
"github.com/spf13/afero"

getter "github.com/hashicorp/go-getter"
"github.com/hashicorp/go-version"
install "github.com/hashicorp/hc-install"
"github.com/hashicorp/hc-install/product"
"github.com/hashicorp/hc-install/releases"
"github.com/hashicorp/hc-install/src"
)

const (
_terraform = "/bin/terraform"
_download = "https://releases.hashicorp.com/terraform/%s/terraform_%s_linux_amd64.zip"
_installDir = "/bin"
_terraform = _installDir + "/" + "terraform"
)

func install(customVer, defaultVer string) error {
func installBinary(customVer, defaultVer string) error {
// use custom filesystem which enables us to test
a := &afero.Afero{
Fs: appFS,
Expand All @@ -31,30 +36,32 @@ func install(customVer, defaultVer string) error {
return nil
}

logrus.Infof("custom terraform version requested: %s", customVer)

logrus.Debugf("custom version does not match default: %s", defaultVer)
// rename the old terraform binary since we can't overwrite it for now
//
// https://github.com/hashicorp/go-getter/issues/219
err := a.Rename(_terraform, fmt.Sprintf("%s.default", _terraform))
// parse the custom version
v, err := version.NewVersion(customVer)
if err != nil {
return err
}

// create the download URL to install terraform
url := fmt.Sprintf(_download, customVer, customVer)
logrus.Infof("custom terraform version requested: %s", customVer)

logrus.Infof("downloading terraform version from: %s", url)
// send the HTTP request to install terraform
err = getter.GetFile(_terraform, url, []getter.ClientOption{}...)
logrus.Debugf("custom version does not match default: %s", defaultVer)

// rename the old terraform binary since we can't overwrite it for now
err = a.Rename(_terraform, fmt.Sprintf("%s.default", _terraform))
if err != nil {
return err
}

logrus.Debugf("changing ownership of file: %s", _terraform)
// ensure the terraform binary is executable
err = a.Chmod(_terraform, 0700)
// use hc-install to install the custom version
installer := install.NewInstaller()
_, err = installer.Install(context.Background(), []src.Installable{
&releases.ExactVersion{
Product: product.Terraform,
Version: v,
InstallDir: _installDir,
},
})

if err != nil {
return err
}
Expand Down
6 changes: 3 additions & 3 deletions cmd/vela-terraform/terraform_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ func TestTerraform_install(t *testing.T) {
appFS = afero.NewMemMapFs()

// run test
err := install("0.11.0", "0.11.0")
err := installBinary("0.11.0", "0.11.0")
if err != nil {
t.Errorf("install returned err: %v", err)
}
Expand All @@ -25,7 +25,7 @@ func TestTerraform_install_NoBinary(t *testing.T) {
appFS = afero.NewMemMapFs()

// run test
err := install("0.11.0", "0.12.0")
err := installBinary("0.11.0", "0.12.0")
if err == nil {
t.Errorf("install should have returned err")
}
Expand All @@ -46,7 +46,7 @@ func TestTerraform_install_NotWritable(t *testing.T) {
}

// run test
err = install("0.11.0", "0.12.0")
err = installBinary("0.11.0", "0.12.0")
if err == nil {
t.Errorf("install should have returned err")
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/vela-terraform/validate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func TestTerraform_Validation_Command_tf13(t *testing.T) {
fmt.Sprintf("-var=%s", v.Vars[1]),
fmt.Sprintf("-var-file=%s", v.VarFiles[0]),
fmt.Sprintf("-var-file=%s", v.VarFiles[1]),
fmt.Sprintf(v.Directory),
fmt.Sprint(v.Directory),
)

got := v.Command()
Expand Down
48 changes: 9 additions & 39 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,58 +5,28 @@ go 1.23
require (
github.com/Masterminds/semver/v3 v3.2.1
github.com/go-vela/types v0.24.0
github.com/hashicorp/go-getter v1.7.6
github.com/hashicorp/go-version v1.7.0
github.com/hashicorp/hc-install v0.8.0
github.com/joho/godotenv v1.5.1
github.com/sirupsen/logrus v1.9.3
github.com/spf13/afero v1.11.0
github.com/urfave/cli/v2 v2.27.4
)

require (
cloud.google.com/go v0.115.1 // indirect
cloud.google.com/go/auth v0.8.1 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
cloud.google.com/go/compute/metadata v0.5.0 // indirect
cloud.google.com/go/iam v1.1.13 // indirect
cloud.google.com/go/storage v1.43.0 // indirect
github.com/aws/aws-sdk-go v1.55.5 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/s2a-go v0.1.8 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.13.0 // indirect
github.com/hashicorp/errwrap v1.0.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/go-version v1.7.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/klauspost/compress v1.17.9 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/ulikunitz/xz v0.5.12 // indirect
github.com/stretchr/testify v1.9.0 // indirect
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
go.opentelemetry.io/otel v1.28.0 // indirect
go.opentelemetry.io/otel/metric v1.28.0 // indirect
go.opentelemetry.io/otel/trace v1.28.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/mod v0.19.0 // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/oauth2 v0.22.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.24.0 // indirect
golang.org/x/text v0.17.0 // indirect
golang.org/x/time v0.6.0 // indirect
google.golang.org/api v0.192.0 // indirect
google.golang.org/genproto v0.0.0-20240812133136-8ffd90a71988 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240812133136-8ffd90a71988 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240812133136-8ffd90a71988 // indirect
google.golang.org/grpc v1.65.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
)
Loading
Loading