mirror of
https://github.com/opentofu/opentofu.git
synced 2024-12-27 09:21:14 -06:00
5c8ff928ba
#15596 set things up with the intent that the docker image build process would be handled by the automated build system on dockerhub, but after merging we found that it's impossible to change the source git repository for an existing dockerhub repository. To get away from the limitations of dockerhub, we intend to eventually automate these builds in a separate CI system. Here we add some scripts that would drive such an automated process. It's split into multiple steps to allow for situations where the new version should not be tagged as the latest, and to make it easier and safer to test the build script while doing development on it. Since this automated process doesn't yet exist, a wrapper script release.sh is included to help run a local, manual build and deploy process in the mean time. The README.md in the docker-release dir here contains details on the intended usage.
40 lines
2.2 KiB
Plaintext
40 lines
2.2 KiB
Plaintext
# This Dockerfile is not intended for general use, but is rather used to
|
|
# package up official Terraform releases (from releases.hashicorp.com) to
|
|
# release on Dockerhub as the "light" release images.
|
|
#
|
|
# The main Dockerfile in the root of the repository is more generally-useful,
|
|
# since it is able to build a docker image of the current state of the work
|
|
# tree, without any dependency on there being an existing release on
|
|
# releases.hashicorp.com.
|
|
|
|
FROM alpine:latest
|
|
MAINTAINER "HashiCorp Terraform Team <terraform@hashicorp.com>"
|
|
|
|
# This is intended to be run from the hooks/build script, which sets this
|
|
# appropriately based on git tags.
|
|
ARG TERRAFORM_VERSION=UNSPECIFIED
|
|
|
|
COPY releases_public_key .
|
|
|
|
# What's going on here?
|
|
# - Download the indicated release along with its checksums and signature for the checksums
|
|
# - Verify that the checksums file is signed by the Hashicorp releases key
|
|
# - Verify that the zip file matches the expected checksum
|
|
# - Extract the zip file so it can be run
|
|
|
|
RUN echo Building image for Terraform ${TERRAFORM_VERSION} && \
|
|
apk add --update git curl openssh gnupg && \
|
|
curl https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip > terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
|
|
curl https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig > terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig && \
|
|
curl https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS > terraform_${TERRAFORM_VERSION}_SHA256SUMS && \
|
|
gpg --import releases_public_key && \
|
|
gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS && \
|
|
grep linux_amd64 terraform_${TERRAFORM_VERSION}_SHA256SUMS >terraform_${TERRAFORM_VERSION}_SHA256SUMS_linux_amd64 && \
|
|
sha256sum -cs terraform_${TERRAFORM_VERSION}_SHA256SUMS_linux_amd64 && \
|
|
unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /bin && \
|
|
rm -f terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS*
|
|
|
|
LABEL "com.hashicorp.terraform.version"="${TERRAFORM_VERSION}"
|
|
|
|
ENTRYPOINT ["/bin/terraform"]
|