Add separate image with az cli (#42)

.github/workflows/build.yml

@@ -14,7 +14,7 @@ jobs:
   deployment:
     strategy:
       matrix:
-        target: [aws, gcp]
+        target: [aws, gcp, azure]
         platform: [linux/amd64, linux/arm64]
     name: Build the image
     runs-on: ubuntu-latest
@@ -39,3 +39,4 @@ jobs:
           set: |
             ${{ matrix.target }}.tags=runner-terraform:${{ github.sha }}
             ${{ matrix.target }}.platform=${{ matrix.platform }}
+

.github/workflows/publish_future.yml

@@ -46,3 +46,15 @@ jobs:
           bake_set: |
             gcp.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-future
             gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-future
+
+      - name: Build and push future image (w/ az cli)
+        uses: ./.github/workflows/publish
+        with:
+          bake_target: azure
+          aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_release: false
+          bake_set: |
+            azure.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-future
+            azure.tags=ghcr.io/spacelift-io/runner-terraform:azure-future
+

.github/workflows/publish_scheduled.yml

@@ -70,6 +70,12 @@ jobs:
             - `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-${{ steps.tag.outputs.TAG }}`
             - `ghcr.io/spacelift-io/runner-terraform:gcp-latest`
             - `ghcr.io/spacelift-io/runner-terraform:gcp-${{ steps.tag.outputs.TAG }}`
+
+            ### Image with az cli
+            - `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-latest`
+            - `${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-${{ steps.tag.outputs.TAG }}`
+            - `ghcr.io/spacelift-io/runner-terraform:azure-latest`
+            - `ghcr.io/spacelift-io/runner-terraform:azure-${{ steps.tag.outputs.TAG }}`
           bake_set: |
             aws.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:latest
             aws.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:${{ steps.tag.outputs.TAG }}
@@ -89,3 +95,18 @@ jobs:
             gcp.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-${{ steps.tag.outputs.TAG }}
             gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-latest
             gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-${{ steps.tag.outputs.TAG }}
+
+      - name: Build and push weekly image (w/ az cli)
+        uses: ./.github/workflows/publish
+        with:
+          bake_target: azure
+          aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          git_tag: ${{ steps.latest-tag.outputs.tag }}
+          publish_release: false
+          bake_set: |
+            azure.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-latest
+            azure.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-${{ steps.tag.outputs.TAG }}
+            azure.tags=ghcr.io/spacelift-io/runner-terraform:azure-latest
+            azure.tags=ghcr.io/spacelift-io/runner-terraform:azure-${{ steps.tag.outputs.TAG }}
+

.github/workflows/publish_tagged.yml

@@ -54,4 +54,19 @@ jobs:
             gcp.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-latest
             gcp.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:gcp-${{ steps.latest-tag.outputs.tag }}
             gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-latest
-            gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-${{ steps.latest-tag.outputs.tag }}
+            gcp.tags=ghcr.io/spacelift-io/runner-terraform:gcp-${{ steps.latest-tag.outputs.tag }}
+
+      - name: Build and push latest image (w/ az cli)
+        uses: ./.github/workflows/publish
+        with:
+          bake_target: azure 
+          aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          git_tag: ${{ steps.latest-tag.outputs.tag }}
+          publish_release: false
+          bake_set: |
+            azure.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-latest
+            azure.tags=${{ secrets.PUBLIC_RUNNER_TERRAFORM_ECR_REPOSITORY_URL }}:azure-${{ steps.latest-tag.outputs.tag }}
+            azure.tags=ghcr.io/spacelift-io/runner-terraform:azure-latest
+            azure.tags=ghcr.io/spacelift-io/runner-terraform:azure-${{ steps.latest-tag.outputs.tag }}
+

.github/workflows/trivy.yml

@@ -16,7 +16,7 @@ jobs:
   build:
     strategy:
       matrix:
-        target: [aws, gcp]
+        target: [aws, gcp, azure]
         platform: [linux/amd64, linux/arm64]
     name: Analyze
     runs-on: ubuntu-latest
@@ -58,3 +58,4 @@ jobs:
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results.sarif"
+

Dockerfile

@@ -53,3 +53,13 @@ RUN gcloud --version && \
     infracost --version
 
 USER spacelift
+
+FROM base AS azure
+
+RUN az --version && \
+    terragrunt --version && \
+    python --version && \
+    infracost --version
+
+USER spacelift
+

README.md

@@ -10,11 +10,13 @@ with ECR.
 
 ## Images
 
-We publish two images. The default has `aws` CLI v2 included, the other has `gcloud`.
-This is because `gcloud` is a very large package and we want to keep the image size down.
+We publish three images. The default has `aws` CLI v2 included, the others
+`gcloud` and `az` respectively.
+This is because `gcloud` and `az` are very large packages and we want to keep the image size down.
 
 - `spacelift-io/runner-terraform:latest` -> with `aws` CLI
 - `spacelift-io/runner-terraform:gcp-latest` -> with `gcloud` CLI
+- `spacelift-io/runner-terraform:azure-latest` -> with `az` CLI
 
 ## Branch Model
 
@@ -29,3 +31,4 @@ $ git push origin v1.1.0
 ```
 
 We also have a weekly cron job that re-runs the `main` branch just to have the latest package updates.
+

docker-bake.hcl

@@ -8,4 +8,11 @@ target "gcp" {
     target = "gcp"
     platforms = ["linux/amd64", "linux/arm64"]
     args = {"BASE_IMAGE": "gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine"}
-}
+}
+
+target "azure" {
+    target = "azure"
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {"BASE_IMAGE": "mcr.microsoft.com/azure-cli:2.48.1"}
+}
+