forked from infracost/infracost
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
67 lines (56 loc) · 2.7 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
FROM golang:1.22 as builder
ARG ARCH=linux
ARG DEFAULT_TERRAFORM_VERSION=0.15.5
ARG TERRAGRUNT_VERSION=0.31.8
# Set Environment Variables
SHELL ["/bin/bash", "-c"]
ENV HOME /app
ENV CGO_ENABLED 0
# Install Packages
RUN apt-get update -q && apt-get -y install unzip
# Install latest of each Terraform version after 0.12 as we don't support versions before that
RUN AVAILABLE_TERRAFORM_VERSIONS="0.12.31 0.13.7 0.14.11 ${DEFAULT_TERRAFORM_VERSION} 1.0.2 1.0.10" && \
for VERSION in ${AVAILABLE_TERRAFORM_VERSIONS}; do \
wget -q https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip && \
wget -q https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_SHA256SUMS && \
sed -n "/terraform_${VERSION}_linux_amd64.zip/p" terraform_${VERSION}_SHA256SUMS | sha256sum -c && \
unzip terraform_${VERSION}_linux_amd64.zip -d /tmp && \
mv /tmp/terraform /usr/bin/terraform_${VERSION} && \
chmod +x /usr/bin/terraform_${VERSION} && \
rm terraform_${VERSION}_linux_amd64.zip && \
rm terraform_${VERSION}_SHA256SUMS; \
done && \
ln -s /usr/bin/terraform_0.12.31 /usr/bin/terraform_0.12 && \
ln -s /usr/bin/terraform_0.13.7 /usr/bin/terraform_0.13 && \
ln -s /usr/bin/terraform_0.14.11 /usr/bin/terraform_0.14 && \
ln -s /usr/bin/terraform_1.0.10 /usr/bin/terraform_1.0 && \
ln -s /usr/bin/terraform_${DEFAULT_TERRAFORM_VERSION} /usr/bin/terraform_0.15 && \
ln -s /usr/bin/terraform_${DEFAULT_TERRAFORM_VERSION} /usr/bin/terraform
# Install Terragrunt
RUN wget -q https://github.com/gruntwork-io/terragrunt/releases/download/v$TERRAGRUNT_VERSION/terragrunt_linux_amd64
RUN mv terragrunt_linux_amd64 /usr/bin/terragrunt && \
chmod +x /usr/bin/terragrunt
WORKDIR /app
# Build Application
COPY . .
RUN NO_DIRTY=true make build
RUN chmod +x /app/build/infracost
# Application
FROM alpine:3.16 as app
# Tools needed for running diffs in CI integrations
RUN apk --no-cache add ca-certificates openssl openssh-client curl git bash
# The jq package provided by alpine:3.15 (jq 1.6-rc1) is flagged as a
# high severity vulnerability, so we install the latest release ourselves
# Reference: https://nvd.nist.gov/vuln/detail/CVE-2016-4074 (this is present on jq-1.6-rc1 as well)
RUN \
# Install jq-1.6 (final release)
curl -s -L -o /tmp/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
mv /tmp/jq /usr/local/bin/jq && \
chmod +x /usr/local/bin/jq
WORKDIR /root/
# Scripts are used by CI integrations and other use-cases
COPY scripts /scripts
COPY --from=builder /usr/bin/terraform* /usr/bin/
COPY --from=builder /usr/bin/terragrunt /usr/bin/
COPY --from=builder /app/build/infracost /usr/bin/
ENTRYPOINT [ "infracost" ]