Add GitHub action for image CI and multi-tag strategy (#63)

bgauduch · web-flow · commit f099ac0e12f8 · 2020-05-06T17:07:44.000+02:00
* 🐳 improved build, update dependencies, lint

* 👷 add build, push-latest and release github action workflow

* 🔧 add an editor config

* 🔧 change dev-build script image tag from latest to dev

* 📝 update readme with new image tag strategy and small updates

* 🐳 renamed build stages
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,12 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = spaces
+insert_final_newline = true
+trim_trailing_whitespace = true
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,51 @@
+name: build
+
+# trigger on any push
+# but not on master or tag
+on:
+  push:
+    tags-ignore:
+      - "**"
+    branches:
+      - "**"
+      - "!master"
+
+env:
+  ORGANIZATION: "zenika"
+  IMAGE_NAME: "terraform-azure-cli"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Lint Dockerfile
+        uses: brpaz/hadolint-action@master
+        with:
+          dockerfile: "Dockerfile"
+
+  build:
+    runs-on: ubuntu-latest
+    needs: lint
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Save branch name as env var
+        run: echo "::set-env name=BRANCH::${GITHUB_REF##*/}"
+
+      - name: Build image
+        run: docker image build . --file Dockerfile --tag $ORGANIZATION/$IMAGE_NAME:$BRANCH
+
+      - name: Save image
+        run: docker image save -o $IMAGE_NAME-$BRANCH.tar $ORGANIZATION/$IMAGE_NAME:$BRANCH
+
+      - name: Upload image artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.IMAGE_NAME }}-${{ env.BRANCH }}
+          path: ${{ env.IMAGE_NAME }}-${{ env.BRANCH }}.tar
diff --git a/.github/workflows/push-latest.yml b/.github/workflows/push-latest.yml
@@ -0,0 +1,51 @@
+name: push-latest
+
+# trigger on master
+on:
+  push:
+    branches:
+      - "master"
+
+env:
+  ORGANIZATION: "zenika"
+  IMAGE_NAME: "terraform-azure-cli"
+  IMAGE_TAG: "latest"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Lint Dockerfile
+        uses: brpaz/hadolint-action@master
+        with:
+          dockerfile: "Dockerfile"
+
+  build_push_latest:
+    runs-on: ubuntu-latest
+    needs: lint
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Build image
+        run: docker image build . --file Dockerfile --tag $ORGANIZATION/$IMAGE_NAME:$IMAGE_TAG
+
+      - name: Login to Docker Hub registry
+        run: echo '${{ secrets.DOCKERHUB_PASS }}' | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
+
+      - name: Push image to registry
+        run: docker push $ORGANIZATION/$IMAGE_NAME:$IMAGE_TAG
+
+      - name: Save image
+        run: docker image save -o $IMAGE_NAME-$IMAGE_TAG.tar $ORGANIZATION/$IMAGE_NAME:$IMAGE_TAG
+
+      - name: Upload image artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}
+          path: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}.tar
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,63 @@
+name: release
+
+# trigger on tag
+on:
+  push:
+    tags:
+      - "*.*"
+
+env:
+  ORGANIZATION: "zenika"
+  IMAGE_NAME: "terraform-azure-cli"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Lint Dockerfile
+        uses: brpaz/hadolint-action@master
+        with:
+          dockerfile: "Dockerfile"
+
+  build_push_release:
+    runs-on: ubuntu-latest
+    needs: lint
+
+    strategy:
+      matrix:
+        versions:
+          - { tf_version: "0.12.24", awscli_version: "2.5.1" }
+
+    env:
+      TF_VERSION: ${{ matrix.versions.tf_version }}
+      AWS_CLI_VERSIOIN: ${{ matrix.versions.awscli_version }}
+      IMAGE_TAG: "tf${{ matrix.versions.tf_version }}-azcli${{ matrix.versions.awscli_version }}"
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Get release tag and save in env var
+        run: echo "::set-env name=RELEASE_TAG::${GITHUB_REF##*/}"
+
+      - name: Build image
+        run: docker image build . --file Dockerfile --build-arg TERRAFORM_VERSION=$TF_VERSION --build-arg AWS_CLI_VERSION=$AWS_CLI_VERSIOIN --tag $ORGANIZATION/$IMAGE_NAME:$RELEASE_TAG-$IMAGE_TAG
+
+      - name: Login to Docker Hub registry
+        run: echo '${{ secrets.DOCKERHUB_PASS }}' | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
+
+      - name: Push image to registry
+        run: docker push $ORGANIZATION/$IMAGE_NAME:$RELEASE_TAG-$IMAGE_TAG
+
+      - name: Save image
+        run: docker image save -o $IMAGE_NAME-$RELEASE_TAG-$IMAGE_TAG.tar $ORGANIZATION/$IMAGE_NAME:r$RELEASE_TAG-$IMAGE_TAG
+
+      - name: Upload image artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.IMAGE_NAME }}-${{ env.RELEASE_TAG }}-${{ env.IMAGE_TAG }}
+          path: ${{ env.IMAGE_NAME }}-${{ env.RELEASE_TAG }}-${{ env.IMAGE_TAG }}.tar
diff --git a/Dockerfile b/Dockerfile
@@ -1,32 +1,35 @@
 # Setup build arguments with default versions
-ARG AZURE_CLI_VERSION=2.1.0
-ARG TERRAFORM_VERSION=0.12.21
+ARG AZURE_CLI_VERSION=2.5.1
+ARG TERRAFORM_VERSION=0.12.24
+ARG PYTHON_MAJOR_VERSION=3.7
 
 # Download Terraform binary
-FROM debian:buster-20191118-slim as terraform
+FROM debian:buster-20191118-slim as terraform-cli
 ARG TERRAFORM_VERSION
 RUN apt-get update
 # hadolint ignore=DL3015
-RUN apt-get install -y curl=7.64.0-4+deb10u1
-RUN apt-get install -y unzip=6.0-23+deb10u1 --no-install-recommends
-RUN apt-get install -y gnupg=2.2.12-1+deb10u1 --no-install-recommends
+RUN apt-get install -y --no-install-recommends curl=7.64.0-4+deb10u1
+RUN apt-get install -y --no-install-recommends ca-certificates=20190110
+RUN apt-get install -y --no-install-recommends unzip=6.0-23+deb10u1
+RUN apt-get install -y --no-install-recommends gnupg=2.2.12-1+deb10u1
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig
 COPY hashicorp.asc hashicorp.asc
 RUN gpg --import hashicorp.asc
 RUN gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS
-# hadolint ignore=DL4006
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN grep terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS | sha256sum -c -
 RUN unzip -j terraform_${TERRAFORM_VERSION}_linux_amd64.zip
 
 # Install az CLI using PIP
-FROM debian:buster-20191118-slim as azure-cli-pip
+FROM debian:buster-20191118-slim as azure-cli
 ARG AZURE_CLI_VERSION
+ARG PYTHON_MAJOR_VERSION
 RUN apt-get update
-RUN apt-get install -y python3=3.7.3-1 --no-install-recommends
-# hadolint ignore=DL3015
-RUN apt-get install -y python3-pip=18.1-5
+RUN apt-get install -y --no-install-recommends python3=${PYTHON_MAJOR_VERSION}.3-1
+RUN apt-get install -y --no-install-recommends python3-pip=18.1-5
+RUN pip3 install setuptools==46.1.3
 RUN pip3 install azure-cli==${AZURE_CLI_VERSION}
 # Fix an pyOpenSSL package issue... (see https://github.com/erjosito/ansible-azure-lab/issues/5)
 RUN pip3 uninstall -y pyOpenSSL cryptography
@@ -35,18 +38,18 @@ RUN pip3 install cryptography==2.8
 
 # Build final image
 FROM debian:buster-20191118-slim
-ENV PYTHON_MAJOR_VERSION=3.7
+ARG PYTHON_MAJOR_VERSION
 RUN apt-get update \
   && apt-get install -y --no-install-recommends \
     ca-certificates=20190110 \
-    git=1:2.20.1-2+deb10u1 \
+    git=1:2.20.1-2+deb10u3 \
     python3=${PYTHON_MAJOR_VERSION}.3-1 \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* \
   && update-alternatives --install /usr/bin/python python /usr/bin/python${PYTHON_MAJOR_VERSION} 1
-COPY --from=terraform /terraform /usr/local/bin/terraform
-COPY --from=azure-cli-pip /usr/local/bin/az* /usr/local/bin/
-COPY --from=azure-cli-pip /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages
-COPY --from=azure-cli-pip /usr/lib/python3/dist-packages /usr/lib/python3/dist-packages
+COPY --from=terraform-cli /terraform /usr/local/bin/terraform
+COPY --from=azure-cli /usr/local/bin/az* /usr/local/bin/
+COPY --from=azure-cli /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages
+COPY --from=azure-cli /usr/lib/python3/dist-packages /usr/lib/python3/dist-packages
 WORKDIR /workspace
 CMD ["bash"]
diff --git a/README.md b/README.md
@@ -1,4 +1,5 @@
 [![CircleCI](https://circleci.com/gh/Zenika/terraform-azure-cli.svg?style=svg)](https://circleci.com/gh/Zenika/terraform-azure-cli)
+[![](https://images.microbadger.com/badges/image/zenika/terraform-azure-cli.svg)](https://microbadger.com/images/zenika/terraform-azure-cli)
 [![Docker Pulls](https://img.shields.io/docker/pulls/zenika/terraform-azure-cli.svg)](https://hub.docker.com/r/zenika/terraform-azure-cli/)
 
 <p align="center">
@@ -8,33 +9,37 @@
 
 # Terraform and Azure CLI Docker image
 
-## :package: Supported tags and respective Dockerfile links
-Repository available on Docker Hub: [zenika/terraform-azure-cli](https://hub.docker.com/r/zenika/terraform-azure-cli)
+## 📦 Supported tags and respective Dockerfile links
+Available image tags can be found on the Docker Hub registry: [zenika/terraform-azure-cli](https://hub.docker.com/r/zenika/terraform-azure-cli/tags)
 
-* [zenika/terraform-azure-cli:latest](https://github.com/Zenika/terraform-azure-cli/blob/master/Dockerfile)
-* [zenika/terraform-azure-cli:3.0-alpine](https://github.com/Zenika/terraform-azure-cli/blob/3.0/alpine.Dockerfile)
-* [zenika/terraform-azure-cli:3.0-debian](https://github.com/Zenika/terraform-azure-cli/blob/3.0/debian.Dockerfile)
-* [zenika/terraform-azure-cli:2.1-alpine](https://github.com/Zenika/terraform-azure-cli/blob/2.1/alpine.Dockerfile)
-* [zenika/terraform-azure-cli:2.1-debian](https://github.com/Zenika/terraform-azure-cli/blob/2.1/debian.Dockerfile)
-* [zenika/terraform-azure-cli:1.0](https://github.com/Zenika/terraform-azure-cli/blob/v1.0/Dockerfile) - Debian only
+The following image tag strategy is applied:
+* `zenika/terraform-azure-cli:latest` - build from master
+  * Included CLI versions can be found in the [Dockerfile](https://github.com/Zenika/terraform-azure-cli/blob/master/Dockerfile)
+* `zenika/terraform-azure-cli:rS.T-tfUU.VV.WW-azcliXX.YY.ZZ` - build from releases
+  * `rS.T` is the release tag
+  * `tfUU.VV.WWW` is the included Terraform CLI version
+  * `azcliXX.YY.ZZ` is the included AWS CLI version
 
-:warning: alpine build support is deprecated, new versions will only be debian based.
-
-## :bulb: Motivation
-Many Docker images including the Terraform and Azure CLI already exist out there, both on the Docker Hub and Github.
-But they all are quite oversized.
+Please report to the [releases page](https://github.com/Zenika/terraform-aws-cli/releases) for the changelogs. Any other tags are not supported.
 
+## 💡Motivation
 The goal is to create a **minimalist** and **lightweight** image with these tools in order to reduce network and storage impact.
 
 This image gives you the flexibility to be used for development or as a base image as you see fits.
 
-## :wrench: What's inside ?
-
-* [Azure CLI](https://docs.microsoft.com/cli/azure/?view=azure-cli-latest), see available version on the [pip repository](https://pypi.org/project/azure-cli/)
-* [Terraform CLI](https://www.terraform.io/docs/commands/index.html), see available versions on the [project release page](https://github.com/hashicorp/terraform/releases)
-* [Git](https://git-scm.com/), see available versions on the [Debian Packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=git)
+## 🔧 What's inside ?
+* [Azure CLI](https://docs.microsoft.com/cli/azure/?view=azure-cli-latest):
+  * Included version indicated in the image tag: `tfXX.YY.ZZ`
+  * Available versions on the [pip repository](https://pypi.org/project/azure-cli/)
+* [Terraform CLI](https://www.terraform.io/docs/commands/index.html):
+  * Included version indicated in the image tag: `awscliXX.YY.ZZ`
+  * Available versions on the [project release page](https://github.com/hashicorp/terraform/releases)
+* [Git](https://git-scm.com/)
+  * Available versions on the [Debian Packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=git)
+* [Python 3](https://www.python.org/)
+  * Available versions on the [Debian packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=python3)
 
-## :rocket: Usage
+## 🚀 Usage
 
 ### Launch the CLI
 Simply launch the container and use the CLI as you would on any other platform, for instance using the latest image:
@@ -57,17 +62,17 @@ Optionally, it is possible to choose the tools desired versions using [Docker bu
 
 ```bash
 # Set tools desired versions
-AZURE_CLI_VERSION=2.0.74
-TERRAFORM_VERSION=0.12.9
+AZURE_CLI_VERSION=2.5.1
+TERRAFORM_VERSION=0.12.24
 
 # launch the build script with parameters
 ./dev-build.sh $AZURE_CLI_VERSION $TERRAFORM_VERSION
 ```
 
-## :pray: Roadmap & Contributions
+## 🙏 Roadmap & Contributions
 Please refer to the [github project](https://github.com/Zenika/terraform-azure-cli/projects/1) to track new features.
 
-Do not hesitate to contribute by [filling an issue](https://github.com/Zenika/terraform-azure-cli/issues) or [a PR](https://github.com/Zenika/terraform-azure-cli/pulls) !
+Do not hesitate to contribute by [filling an issue](https://github.com/Zenika/terraform-azure-cli/issues) or [opening a PR](https://github.com/Zenika/terraform-azure-cli/pulls) !
 
-## :book: License
+## 📖 License
 This project is under the [Apache License 2.0](https://raw.githubusercontent.com/Zenika/terraform-azure-cli/master/LICENSE)
diff --git a/dev-build.sh b/dev-build.sh
@@ -4,8 +4,8 @@ set -eo pipefail
 
 if [ -n "$1" ] && [ -n "$2" ] ; then
   echo "Building images with parameters AZURE_CLI_VERSION=${1} and TERRAFORM_VERSION=${2}"
-  docker image build --build-arg AZURE_CLI_VERSION="$1" --build-arg TERRAFORM_VERSION="$2" -t zenika/terraform-azure-cli:latest .
+  docker image build --build-arg AZURE_CLI_VERSION="$1" --build-arg TERRAFORM_VERSION="$2" -t zenika/terraform-azure-cli:dev .
 else
   echo "Building images with default parameters"
-  docker image build -f Dockerfile -t zenika/terraform-azure-cli:latest .
+  docker image build -f Dockerfile -t zenika/terraform-azure-cli:dev .
 fi
