Tooling rework (#111)

* use supported version for local build version

* correct build script and update readme

* add git ignore config for generated container structure test config

* update push-latest action to retreive latest version from JSON

* remove generated containe structure test config

* restore triggers for build-push latest action

* update dockerhub description action

* add link to Terraform AWS repository, fixme in build script

* udpate docker hub descritpion only from mastere

* add path filter to trigger actions only when needed

* correct build script

* lint Dockerfile and update dependancies, use new hasicorp gpg key

* update hadolint and container-structure-test version for build script, use hadolint config file

* update dockerfile lint action, add trigger path on itself for push-latest action

* add support for TF 0.15.5 and 1.0.0, add support for AZ cli 2.23, 2.24 and 2.25

* update readme

* remove curl verbose leftover arguments

* add hadolint config to lint action

* upgrade support for version 0.14 to patch 11

* enable dependabot

* only support 2 latest az cli releases

* move dependabot config file

Co-authored-by: bgauduch <user.personal@users.noreply.github.com>

Author: bgauduch

.dockerignore

@@ -1,4 +1,9 @@
 # explicitely exclude all files from the build context
 # (each file needed in the Dockefile need to be included manually)
 *
+
+# Specific to Terraform installation
 !hashicorp.asc
+
+# Specific to Hadolint linter
+!hadolint.yaml

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/build-test.yml

@@ -1,17 +1,22 @@
 name: build-test
 
 # trigger on any push
-# but not on master, tags or markdown modifications
+# but not on master or tags
+# and only for image-related modifications
 on:
   push:
     tags-ignore:
       - "**"
     branches:
       - "**"
       - "!master"
-    paths-ignore:
-      - "!README.md"
-      - "!CODE_OF_CONDUCT.md"
+    paths:
+      - "Dockerfile"
+      - "supported_versions.json"
+      - "hashicorp.asc"
+      - "tests/*"
+      - ".dockerignore"
+      - ".github/workflows/build-test.yml"
 
 env:
   IMAGE_NAME: "terraform-azure-cli"

.github/workflows/dockerhub-description.yml

@@ -0,0 +1,20 @@
+name: Update Docker Hub Description
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - README.md
+      - .github/workflows/dockerhub-description.yml
+jobs:
+  dockerHubDescription:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Update Docker Hub Description
+      uses: peter-evans/dockerhub-description@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+        repository: zenika/terraform-azure-cli

.github/workflows/lint-dockerfile.yml

@@ -5,6 +5,7 @@ on:
   push:
     paths:
       - "Dockerfile"
+      - ".github/workflows/lint-dockerfile.yml"
 
 jobs:
   lint:
@@ -15,6 +16,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Lint Dockerfile
-        uses: brpaz/hadolint-action@v1.3.1
+        uses: brpaz/hadolint-action@v1.5.0
         with:
           dockerfile: "Dockerfile"
+          config: "hadolint.yaml"

.github/workflows/push-latest.yml

@@ -1,13 +1,18 @@
 name: push-latest
 
 # trigger on push to master
+# only on image-related modifications
 on:
   push:
     branches:
       - "master"
-    paths-ignore:
-      - "!README.md"
-      - "!CODE_OF_CONDUCT.md"
+    paths:
+      - "Dockerfile"
+      - "supported_versions.json"
+      - "hashicorp.asc"
+      - "tests/**"
+      - ".dockerignore"
+      - ".github/workflows/push-latest.yml"
 
 env:
   ORGANIZATION: "zenika"
@@ -22,8 +27,13 @@ jobs:
       - name: Check out the repo
         uses: actions/checkout@v2
 
+      - name: Retrieve latest suported versions
+        run: |
+          echo "AZ_VERSION=$(jq -r '.azcli_version | sort | .[-1]' supported_versions.json)" >> $GITHUB_ENV
+          echo "TF_VERSION=$(jq -r '.tf_version | sort | .[-1]' supported_versions.json)" >> $GITHUB_ENV
+
       - name: Build image
-        run: docker image build . --file Dockerfile --tag $ORGANIZATION/$IMAGE_NAME:$IMAGE_TAG
+        run: docker image build . --file Dockerfile --build-arg TERRAFORM_VERSION=${TF_VERSION} --build-arg AZURE_CLI_VERSION=${AZ_VERSION} --tag $ORGANIZATION/$IMAGE_NAME:$IMAGE_TAG
 
       - name: Login to Docker Hub registry
         run: echo '${{ secrets.DOCKERHUB_PASS }}' | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin

.gitignore

@@ -0,0 +1,2 @@
+# ignore generated container structure test config
+tests/container-structure-tests.yml

Dockerfile

@@ -1,18 +1,19 @@
-# Setup build arguments with default versions
-ARG AZURE_CLI_VERSION=2.20.0
-ARG TERRAFORM_VERSION=0.14.8
+# Build arguments
+ARG AZURE_CLI_VERSION
+ARG TERRAFORM_VERSION
 ARG PYTHON_MAJOR_VERSION=3.7
-ARG DEBIAN_VERSION=buster-20210208-slim
+ARG DEBIAN_VERSION=buster-20210511-slim
 
 # Download Terraform binary
 FROM debian:${DEBIAN_VERSION} as terraform-cli
 ARG TERRAFORM_VERSION
 RUN apt-get update
-RUN apt-get install -y --no-install-recommends apt-utils=1.8.2.2
-RUN apt-get install -y --no-install-recommends curl=7.64.0-4+deb10u1
+RUN apt-get install -y --no-install-recommends apt=1.8.2.3
+RUN apt-get install -y --no-install-recommends curl=7.64.0-4+deb10u2
 RUN apt-get install -y --no-install-recommends ca-certificates=20200601~deb10u2
 RUN apt-get install -y --no-install-recommends unzip=6.0-23+deb10u2
 RUN apt-get install -y --no-install-recommends gnupg=2.2.12-1+deb10u1
+WORKDIR /workspace
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig
@@ -28,7 +29,7 @@ FROM debian:${DEBIAN_VERSION} as azure-cli
 ARG AZURE_CLI_VERSION
 ARG PYTHON_MAJOR_VERSION
 RUN apt-get update
-RUN apt-get install -y --no-install-recommends apt-utils=1.8.2.2
+RUN apt-get install -y --no-install-recommends apt=1.8.2.3
 RUN apt-get install -y --no-install-recommends python3=${PYTHON_MAJOR_VERSION}.3-1
 RUN apt-get install -y --no-install-recommends python3-pip=18.1-5
 RUN apt-get install -y --no-install-recommends gcc=4:8.3.0-1
@@ -51,12 +52,12 @@ RUN apt-get update \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* \
   && update-alternatives --install /usr/bin/python python /usr/bin/python${PYTHON_MAJOR_VERSION} 1
-COPY --from=terraform-cli /terraform /usr/local/bin/terraform
+WORKDIR /workspace
+COPY --from=terraform-cli /workspace/terraform /usr/local/bin/terraform
 COPY --from=azure-cli /usr/local/bin/az* /usr/local/bin/
 COPY --from=azure-cli /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages
 COPY --from=azure-cli /usr/lib/python3/dist-packages /usr/lib/python3/dist-packages
 
-WORKDIR /workspace
 RUN groupadd --gid 1001 nonroot \
   # user needs a home folder to store azure credentials
   && useradd --gid nonroot --create-home --uid 1001 nonroot \

README.md

@@ -64,19 +64,19 @@ It will :
 * Execute [container structure tests](https://github.com/GoogleContainerTools/container-structure-test) on the image.
 
 ```bash
-# launch build script
-./dev-build.sh
+# launch build script using latest supported versions for both Azure and Terraform CLI
+./build.sh
 ```
 
-Optionally, it is possible to choose the tools desired versions using [Docker builds arguments](https://docs.docker.com/engine/reference/commandline/build/#set-build-time-variables---build-arg) :
+Optionally, it is possible to choose the tools desired versions:
 
 ```bash
 # Set desired tool versions
-AZURE_CLI_VERSION=2.20.0
-TERRAFORM_VERSION=0.14.8
+AZURE_CLI_VERSION=2.24.2
+TERRAFORM_VERSION=0.15.5
 
 # launch build script with parameters
-./dev-build.sh $AZURE_CLI_VERSION $TERRAFORM_VERSION
+./build.sh $AZURE_CLI_VERSION $TERRAFORM_VERSION
 ```
 
 ## 🙏 Roadmap & Contributions
@@ -87,20 +87,28 @@ Do not hesitate to contribute by [filling an issue](https://github.com/Zenika/te
 ## ⬆️ Dependencies upgrades checklist
 
 * Supported versions:
-  * check Azure CLI version (only keep 3 latest releases), available versions on the [project release page](https://github.com/Azure/azure-cli/releases)
-  * check Terraform CLI version (keep all version from 0.11),  available versions on the [project release page](https://github.com/hashicorp/terraform/releases)
+  * check Azure CLI version (only keep 2 latest releases), available on the [project release page](https://github.com/Azure/azure-cli/releases)
+  * check Terraform CLI version (keep all minor versions from 0.11), available on the [project release page](https://github.com/hashicorp/terraform/releases)
 * Dockerfile:
-  * update default version in ARGS
   * check base image version on DockerHub
-  * check OS packages on Debian package repository
+  * check OS package versions on Debian package repository
     * Available Git versions on the [Debian Packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=git)
     * Available Python versions on the [Debian packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=python3)
     * same process for all other packages
+  * check Pip package versions on [pypi](https://pypi.org/)
 * Github actions:
   * check [runner version](https://github.com/actions/virtual-environments#available-environments)
-  * check all actions version release
+  * check each action release versions
+* Build scripts:
+  * check container tags:
+    * [Hadolint releases](https://github.com/hadolint/hadolint/releases)
+    * [Container-structure-test](https://github.com/GoogleContainerTools/container-structure-test/releases)
 * Readme:
-  * update version references in code exemple
+  * update version in code exemples
+
+## Similar repositories
+
+* For AWS: [zenika-open-source/terraform-aws-cli](https://github.com/zenika-open-source/terraform-aws-cli)
 
 ## 📖 License
 This project is under the [Apache License 2.0](https://raw.githubusercontent.com/Zenika/terraform-azure-cli/master/LICENSE)

build.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+# FIXME: use getopts function to parse aguments
+# FIXME: if provided, both TF and AZ CLI semvers should be regex-validated
+
+# Set AZ and TF CLI to latest supported versions if not specified
+[[ -n $1 ]] && AZ_VERSION=$1 || AZ_VERSION=$(jq -r '.azcli_version | sort | .[-1]' supported_versions.json)
+[[ -n $2 ]] && TF_VERSION=$2 || TF_VERSION=$(jq -r '.tf_version | sort | .[-1]' supported_versions.json)
+
+# Set image name and tag (dev if not specified)
+IMAGE_NAME="zenika/terraform-azure-cli"
+[[ -n $3 ]] && IMAGE_TAG=$3 || IMAGE_TAG="dev"
+
+# Lint Dockerfile
+echo "Linting Dockerfile..."
+docker run --rm --interactive --volume "${PWD}":/data --workdir /data hadolint/hadolint:2.5.0-alpine /bin/hadolint --config hadolint.yaml Dockerfile
+echo "Dockerfile successfully linted!"
+
+# Build image
+echo "Building images with AZURE_CLI_VERSION=${AZ_VERSION} and TERRAFORM_VERSION=${TF_VERSION}..."
+docker image build --build-arg AZURE_CLI_VERSION="$AZ_VERSION" --build-arg TERRAFORM_VERSION="$TF_VERSION" -t $IMAGE_NAME:$IMAGE_TAG .
+echo "Image successfully builded!"
+
+# Test image
+echo "Generating test config with AZURE_CLI_VERSION=${AZ_VERSION} and TERRAFORM_VERSION=${TF_VERSION}..."
+export AZ_VERSION=${AZ_VERSION} && export TF_VERSION=${TF_VERSION}
+envsubst '${AZ_VERSION},${TF_VERSION}' < tests/container-structure-tests.yml.template > tests/container-structure-tests.yml
+echo "Test config successfully generated!"
+echo "Executing container structure test..."
+docker container run --rm -it -v "${PWD}"/tests/container-structure-tests.yml:/tests.yml:ro -v /var/run/docker.sock:/var/run/docker.sock:ro gcr.io/gcp-runtimes/container-structure-test:v1.10.0 test --image $IMAGE_NAME:$IMAGE_TAG --config /tests.yml
+unset AZ_VERSION
+unset TF_VERSION