From ba818f6a240cc04fca81a6722736e54f03554767 Mon Sep 17 00:00:00 2001 From: mauwii Date: Mon, 23 Oct 2023 23:44:37 +0200 Subject: [PATCH 1/3] add terraform, squash in mergify --- .github/mergify.yml | 2 +- linux/ubuntu/Dockerfile | 24 ++++++++++++++++++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/.github/mergify.yml b/.github/mergify.yml index 4944967..5710c74 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -9,4 +9,4 @@ pull_request_rules: - '#approved-reviews-by>=1' actions: merge: - method: merge + method: squash diff --git a/linux/ubuntu/Dockerfile b/linux/ubuntu/Dockerfile index 48c8a01..ed1d61f 100644 --- a/linux/ubuntu/Dockerfile +++ b/linux/ubuntu/Dockerfile @@ -206,9 +206,22 @@ RUN KUBECTL_VERSION=$(curl -fsSL "https://dl.k8s.io/release/stable.txt") \ -o "${PATH_LOCAL_BINS}/kubectl" \ && chmod +x "${PATH_LOCAL_BINS}/kubectl" \ && curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash \ - && curl -sSL -O "https://storage.googleapis.com/minikube/releases/latest/minikube-linux-${TARGETARCH}" \ + && curl -sSLO "https://storage.googleapis.com/minikube/releases/latest/minikube-linux-${TARGETARCH}" \ && install "minikube-linux-${TARGETARCH}" "${PATH_LOCAL_BINS}/minikube" +FROM base as terraform +ARG TARGETARCH +ARG PATH_LOCAL_BINS +SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] +RUN URL=$(curl -fsSL https://api.releases.hashicorp.com/v1/releases/terraform/latest \ + | jq --arg arch "$(dpkg --print-architecture)" -r '.builds[] | select((.arch==$arch) and (.os=="linux")).url') \ + && curl -sSL "${URL}" \ + -o /tmp/terraform.zip \ + && unzip \ + -qq /tmp/terraform.zip \ + -d "${PATH_LOCAL_BINS}" \ + && terraform --version + FROM base as rust ARG TARGETARCH SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] @@ -406,7 +419,14 @@ RUN ln -s azcopy "${PATH_LOCAL_BINS}/azcopy10" COPY --link --from=git-lfs "${PATH_LOCAL_BINS}/git-lfs" "${PATH_LOCAL_BINS}/git-lfs" # add k8s-tools -COPY --link --from=k8s-tools "${PATH_LOCAL_BINS}/helm" "${PATH_LOCAL_BINS}/kubectl" "${PATH_LOCAL_BINS}/minikube" "${PATH_LOCAL_BINS}"/ +COPY --link --from=k8s-tools \ + "${PATH_LOCAL_BINS}/helm" \ + "${PATH_LOCAL_BINS}/kubectl" \ + "${PATH_LOCAL_BINS}/minikube" \ + "${PATH_LOCAL_BINS}"/ + +# add terraform +COPY --link --from=terraform "${PATH_LOCAL_BINS}/terraform" "${PATH_LOCAL_BINS}/terraform" # add rust ARG CARGO_HOME From ed00b3d2c21c8395a45cd26310b73171a9b4d9f8 Mon Sep 17 00:00:00 2001 From: mauwii Date: Tue, 24 Oct 2023 00:09:34 +0200 Subject: [PATCH 2/3] add pipefail option in sub-shell --- linux/ubuntu/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux/ubuntu/Dockerfile b/linux/ubuntu/Dockerfile index ed1d61f..321a2ad 100644 --- a/linux/ubuntu/Dockerfile +++ b/linux/ubuntu/Dockerfile @@ -213,7 +213,7 @@ FROM base as terraform ARG TARGETARCH ARG PATH_LOCAL_BINS SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] -RUN URL=$(curl -fsSL https://api.releases.hashicorp.com/v1/releases/terraform/latest \ +RUN URL=$(bash -o pipefail -c "curl -fsSL https://api.releases.hashicorp.com/v1/releases/terraform/latest" \ | jq --arg arch "$(dpkg --print-architecture)" -r '.builds[] | select((.arch==$arch) and (.os=="linux")).url') \ && curl -sSL "${URL}" \ -o /tmp/terraform.zip \ From 0936e37f33637a96b47353e39e20d00e4aa36a57 Mon Sep 17 00:00:00 2001 From: mauwii Date: Tue, 24 Oct 2023 00:22:41 +0200 Subject: [PATCH 3/3] disable pipefail in kics (already in hadolint) --- linux/ubuntu/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linux/ubuntu/Dockerfile b/linux/ubuntu/Dockerfile index 321a2ad..7046737 100644 --- a/linux/ubuntu/Dockerfile +++ b/linux/ubuntu/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -# kics-scan disable=e36d8880-3f78-4546-b9a1-12f0745ca0d5,965a08d7-ef86-4f14-8792-4a3b2098937e,77783205-c4ca-4f80-bb80-c777f267c547,0008c003-79aa-42d8-95b8-1c2fe37dbfe6 +# kics-scan disable=e36d8880-3f78-4546-b9a1-12f0745ca0d5,965a08d7-ef86-4f14-8792-4a3b2098937e,77783205-c4ca-4f80-bb80-c777f267c547,0008c003-79aa-42d8-95b8-1c2fe37dbfe6,efbf148a-67e9-42d2-ac47-02fa1c0d0b22 ############## # base-image # @@ -213,7 +213,7 @@ FROM base as terraform ARG TARGETARCH ARG PATH_LOCAL_BINS SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] -RUN URL=$(bash -o pipefail -c "curl -fsSL https://api.releases.hashicorp.com/v1/releases/terraform/latest" \ +RUN URL=$(curl -fsSL https://api.releases.hashicorp.com/v1/releases/terraform/latest \ | jq --arg arch "$(dpkg --print-architecture)" -r '.builds[] | select((.arch==$arch) and (.os=="linux")).url') \ && curl -sSL "${URL}" \ -o /tmp/terraform.zip \