Initial implementation

This basically extracts the build container image from our
`pulumi-hcp` provider into its own repository so it can be more
clearly used in different providers.

Signed-off-by: Christopher Maier <[email protected]>

Author: christophermaier

.buildkite/pipeline.verify.yml

@@ -0,0 +1,12 @@
+---
+env:
+  PANTS_CONFIG_FILES: "['pants.toml', 'pants.ci.toml']"
+
+steps:
+  - label: ":lint-roller::docker: Lint Dockerfile"
+    command:
+      - make lint-docker
+
+  - label: ":docker: Build Image"
+    command:
+      - make image

.gitignore

@@ -0,0 +1,2 @@
+.pants.d
+.pids

BUILD

@@ -0,0 +1,3 @@
+docker_image(
+    name="build-environment",
+)

Dockerfile

@@ -0,0 +1,49 @@
+# syntax=docker/dockerfile:1.3-labs
+
+ARG PULUMI_VERSION
+
+# This gets us the Pulumi CLI, as well as current language runtimes
+# for Go, Node/TypeScript, Python, and .NET.
+FROM pulumi/pulumi:${PULUMI_VERSION}
+
+ARG PULUMICTL_VERSION
+ARG GOLANGCI_LINT_VERSION
+ARG GORELEASER_VERSION
+
+SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
+
+RUN <<EOF
+curl \
+    --proto "=https" \
+    --tlsv1.2 \
+    --location \
+    --fail \
+    --verbose \
+    --output "pulumictl.tar.gz" \
+    "https://github.com/pulumi/pulumictl/releases/download/v${PULUMICTL_VERSION}/pulumictl-v${PULUMICTL_VERSION}-linux-amd64.tar.gz"
+mkdir pulumictl_extraction
+tar --extract --gunzip --verbose --directory pulumictl_extraction --file pulumictl.tar.gz
+mv pulumictl_extraction/pulumictl /usr/local/bin/pulumictl
+chmod a+x /usr/local/bin/pulumictl
+rm -Rf pulumictl_extraction
+rm pulumictl.tar.gz
+
+# Install golangci-lint
+curl --proto "=https" \
+    --tlsv1.2 \
+    --silent \
+    --show-error \
+    --fail \
+    --location \
+    https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh \
+| sh -s -- -b "$(go env GOPATH)/bin" "v${GOLANGCI_LINT_VERSION}"
+
+# Install goreleaser
+go install "github.com/goreleaser/goreleaser@v${GORELEASER_VERSION}"
+
+EOF
+
+# The default entrypoint of our base image is `pulumi`; we don't
+# want that.
+ENTRYPOINT []
+CMD ["bash"]

Makefile

@@ -0,0 +1,18 @@
+.DEFAULT_GOAL = all
+
+.PHONY: all
+all: lint-docker
+all: image
+all: # Run all tasks
+
+.PHONY: lint-docker
+lint-docker: ## Lint Dockerfiles
+	./pants filter --target-type=docker_image :: | xargs ./pants lint
+
+.PHONY: image
+image: ## Build the container image
+	docker buildx bake
+
+.PHONY: image-push
+image-push: ## Build *and* push the container image to a repository
+	docker buildx bake --push

docker-bake.hcl

@@ -0,0 +1,42 @@
+variable "PULUMI_VERSION" {
+  default = "3.30.0"
+}
+
+variable "PULUMICTL_VERSION" {
+  default = "0.0.31"
+}
+
+variable "GOLANGCI_LINT_VERSION" {
+  # Note: No leading "v"
+  default = "1.45.2"
+}
+
+variable "GORELEASER_VERSION" {
+  # Note: No leading "v"
+  default = "1.6.3"
+}
+
+group "default" {
+  targets = [
+    "pulumi-provider-build-environment"
+  ]
+}
+
+target "pulumi-provider-build-environment" {
+  context = "."
+  dockerfile = "Dockerfile"
+  args = {
+    PULUMI_VERSION = "${PULUMI_VERSION}",
+    PULUMICTL_VERSION = "${PULUMICTL_VERSION}"
+    GOLANGCI_LINT_VERSION = "${GOLANGCI_LINT_VERSION}"
+    GORELEASER_VERSION = "${GORELEASER_VERSION}"
+  }
+  labels = {
+    "org.opencontainers.image.authors" = "https://graplsecurity.com"
+    "org.opencontainers.image.source"  = "https://github.com/grapl-security/pulumi-provider-build-environment",
+    "org.opencontainers.image.vendor"  = "Grapl, Inc."
+  }
+  tags = [
+    "docker.cloudsmith.io/grapl/raw/pulumi-provider-build-environment:${PULUMI_VERSION}"
+  ]
+}