From 91a9c15ccebe1297b166e44c0cbef765a6a610c6 Mon Sep 17 00:00:00 2001 From: seemywings Date: Wed, 12 Jun 2024 13:14:03 -0400 Subject: [PATCH 01/14] use opentofu binary in harness terraform image --- .github/workflows/publish-harness.yaml | 28 +++++------------------- dockerfiles/harness/terraform.Dockerfile | 8 +++---- 2 files changed, 10 insertions(+), 26 deletions(-) diff --git a/.github/workflows/publish-harness.yaml b/.github/workflows/publish-harness.yaml index 6fadd5bc..3b22c044 100644 --- a/.github/workflows/publish-harness.yaml +++ b/.github/workflows/publish-harness.yaml @@ -96,30 +96,14 @@ jobs: runs-on: ubuntu-20.04 needs: [publish-harness-base] env: - TERRAFORM_VERSION: 1.8.2 + TOFU_VERESION: 1.7.2 strategy: matrix: versions: - - full: 1.8.2 - tag: 1.8.2 - - full: 1.8.2 - tag: "1.8" - - full: 1.7.5 - tag: '1.7' - - full: 1.6.6 - tag: '1.6' - - full: 1.5.7 - tag: '1.5' - - full: 1.4.7 - tag: '1.4' - - full: 1.3.10 - tag: '1.3' - - full: 1.2.9 - tag: '1.2' - - full: 1.1.9 - tag: '1.1' - - full: 1.0.11 - tag: '1.0' + - full: 1.7.2 + tag: '1.7' + - full: 1.6.2 + tag: '1.6' permissions: contents: write discussions: write @@ -169,7 +153,7 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max build-args: | - TERRAFORM_IMAGE_TAG=${{ matrix.versions.full }} + TOFU_IMAGE_TAG=${{ matrix.versions.full }} HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base HARNESS_BASE_IMAGE_TAG=${{ needs.publish-harness-base.outputs.version }} diff --git a/dockerfiles/harness/terraform.Dockerfile b/dockerfiles/harness/terraform.Dockerfile index f1deaba2..1373312c 100644 --- a/dockerfiles/harness/terraform.Dockerfile +++ b/dockerfiles/harness/terraform.Dockerfile @@ -1,11 +1,11 @@ -ARG TERRAFORM_IMAGE_TAG=1.8.2 -ARG TERRAFORM_IMAGE=hashicorp/terraform:$TERRAFORM_IMAGE_TAG +ARG TOFU_IMAGE_TAG=1.7.1 +ARG TOFU_IMAGE=ghcr.io/opentofu/opentofu:$TOFU_IMAGE_TAG ARG HARNESS_BASE_IMAGE_TAG=latest ARG HARNESS_BASE_IMAGE_REPO=harness-base ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG -FROM $TERRAFORM_IMAGE as terraform +FROM $TOFU_IMAGE as tofu FROM $HARNESS_BASE_IMAGE as final -COPY --from=terraform /bin/terraform /bin/terraform +COPY --from=tofu /usr/local/bin/tofu /bin/terraform From 7e6f6998c43ad9fcdc018395de4ef7fed0d9129e Mon Sep 17 00:00:00 2001 From: seemywings Date: Wed, 12 Jun 2024 13:56:05 -0400 Subject: [PATCH 02/14] update tofu terraform tag --- .github/workflows/publish-harness.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish-harness.yaml b/.github/workflows/publish-harness.yaml index 3b22c044..25009504 100644 --- a/.github/workflows/publish-harness.yaml +++ b/.github/workflows/publish-harness.yaml @@ -100,10 +100,12 @@ jobs: strategy: matrix: versions: - - full: 1.7.2 + - tofu: 1.7.2 + terraform: 1.8.2 + tag: '1.8' + - tofu: 1.6.2 + terraform: 1.7.2 tag: '1.7' - - full: 1.6.2 - tag: '1.6' permissions: contents: write discussions: write @@ -153,7 +155,7 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max build-args: | - TOFU_IMAGE_TAG=${{ matrix.versions.full }} + TOFU_IMAGE_TAG=${{ matrix.versions.tofu }} HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base HARNESS_BASE_IMAGE_TAG=${{ needs.publish-harness-base.outputs.version }} From b9d8f06699d2392e0f2f1c0cc628d2b720f7e6a7 Mon Sep 17 00:00:00 2001 From: seemywings Date: Wed, 12 Jun 2024 14:10:13 -0400 Subject: [PATCH 03/14] update tofu terraform tag --- .github/workflows/publish-harness.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/publish-harness.yaml b/.github/workflows/publish-harness.yaml index 25009504..b19a5dfa 100644 --- a/.github/workflows/publish-harness.yaml +++ b/.github/workflows/publish-harness.yaml @@ -101,10 +101,8 @@ jobs: matrix: versions: - tofu: 1.7.2 - terraform: 1.8.2 tag: '1.8' - tofu: 1.6.2 - terraform: 1.7.2 tag: '1.7' permissions: contents: write From fe3b02877e347d5b95bae392e8bad8c468ad8ab1 Mon Sep 17 00:00:00 2001 From: seemywings Date: Wed, 12 Jun 2024 14:21:18 -0400 Subject: [PATCH 04/14] update tofu terraform tag --- .github/workflows/publish-harness.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-harness.yaml b/.github/workflows/publish-harness.yaml index b19a5dfa..8d878570 100644 --- a/.github/workflows/publish-harness.yaml +++ b/.github/workflows/publish-harness.yaml @@ -101,9 +101,23 @@ jobs: matrix: versions: - tofu: 1.7.2 - tag: '1.8' + tag: "1.8" + - tofu: 1.7.1 + tag: '1.7' - tofu: 1.6.2 - tag: '1.7' + tag: '1.6' + - tofu: 1.6.2 + tag: '1.5' + - tofu: 1.6.2 + tag: '1.4' + - tofu: 1.6.2 + tag: '1.3' + - tofu: 1.6.2 + tag: '1.2' + - tofu: 1.6.2 + tag: '1.1' + - tofu: 1.6.2 + tag: '1.0' permissions: contents: write discussions: write From 21c85fae86c30ea34d2ebc6d608cdc1f89e361b9 Mon Sep 17 00:00:00 2001 From: seemywings Date: Fri, 21 Jun 2024 12:38:44 -0400 Subject: [PATCH 05/14] add Terraform Version to publish-harness-terraform version matrix and use that to conditionally determine which dockerfile to use --- .github/workflows/publish-harness.yaml | 12 +++++++++++- dockerfiles/harness/oppentofu.Dockerfile | 11 +++++++++++ dockerfiles/harness/terraform.Dockerfile | 8 ++++---- 3 files changed, 26 insertions(+), 5 deletions(-) create mode 100644 dockerfiles/harness/oppentofu.Dockerfile diff --git a/.github/workflows/publish-harness.yaml b/.github/workflows/publish-harness.yaml index 8d878570..f7e0e37d 100644 --- a/.github/workflows/publish-harness.yaml +++ b/.github/workflows/publish-harness.yaml @@ -101,22 +101,31 @@ jobs: matrix: versions: - tofu: 1.7.2 + terraform: 1.8.2 tag: "1.8" - tofu: 1.7.1 + terraform: 1.7.5 tag: '1.7' - tofu: 1.6.2 + terraform: 1.6.6 tag: '1.6' - tofu: 1.6.2 + terraform: 1.5.7 tag: '1.5' - tofu: 1.6.2 + terraform: 1.4.7 tag: '1.4' - tofu: 1.6.2 + terraform: 1.3.10 tag: '1.3' - tofu: 1.6.2 + terraform: 1.2.9 tag: '1.2' - tofu: 1.6.2 + terraform: 1.1.9 tag: '1.1' - tofu: 1.6.2 + terraform: 1.0.11 tag: '1.0' permissions: contents: write @@ -159,7 +168,7 @@ jobs: uses: docker/build-push-action@v5 with: context: "." - file: "./dockerfiles/harness/terraform.Dockerfile" + file: ${{ matrix.versions.terraform >= '1.5.7' && './dockerfiles/harness/opentofu.Dockerfile' || './dockerfiles/harness/terraform.Dockerfile' }} push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} @@ -168,6 +177,7 @@ jobs: cache-to: type=gha,mode=max build-args: | TOFU_IMAGE_TAG=${{ matrix.versions.tofu }} + TERRAFORM_IMAGE_TAG=${{ matrix.versions.terraform }} HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base HARNESS_BASE_IMAGE_TAG=${{ needs.publish-harness-base.outputs.version }} diff --git a/dockerfiles/harness/oppentofu.Dockerfile b/dockerfiles/harness/oppentofu.Dockerfile new file mode 100644 index 00000000..1373312c --- /dev/null +++ b/dockerfiles/harness/oppentofu.Dockerfile @@ -0,0 +1,11 @@ +ARG TOFU_IMAGE_TAG=1.7.1 +ARG TOFU_IMAGE=ghcr.io/opentofu/opentofu:$TOFU_IMAGE_TAG + +ARG HARNESS_BASE_IMAGE_TAG=latest +ARG HARNESS_BASE_IMAGE_REPO=harness-base +ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG + +FROM $TOFU_IMAGE as tofu +FROM $HARNESS_BASE_IMAGE as final + +COPY --from=tofu /usr/local/bin/tofu /bin/terraform diff --git a/dockerfiles/harness/terraform.Dockerfile b/dockerfiles/harness/terraform.Dockerfile index 1373312c..f1deaba2 100644 --- a/dockerfiles/harness/terraform.Dockerfile +++ b/dockerfiles/harness/terraform.Dockerfile @@ -1,11 +1,11 @@ -ARG TOFU_IMAGE_TAG=1.7.1 -ARG TOFU_IMAGE=ghcr.io/opentofu/opentofu:$TOFU_IMAGE_TAG +ARG TERRAFORM_IMAGE_TAG=1.8.2 +ARG TERRAFORM_IMAGE=hashicorp/terraform:$TERRAFORM_IMAGE_TAG ARG HARNESS_BASE_IMAGE_TAG=latest ARG HARNESS_BASE_IMAGE_REPO=harness-base ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG -FROM $TOFU_IMAGE as tofu +FROM $TERRAFORM_IMAGE as terraform FROM $HARNESS_BASE_IMAGE as final -COPY --from=tofu /usr/local/bin/tofu /bin/terraform +COPY --from=terraform /bin/terraform /bin/terraform From 0f2fb54598e31b2a31d51b90dea51b031e8784bb Mon Sep 17 00:00:00 2001 From: seemywings Date: Fri, 21 Jun 2024 12:56:07 -0400 Subject: [PATCH 06/14] rename opentofu.Dockerfile --- dockerfiles/harness/{oppentofu.Dockerfile => opentofu.Dockerfile} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename dockerfiles/harness/{oppentofu.Dockerfile => opentofu.Dockerfile} (100%) diff --git a/dockerfiles/harness/oppentofu.Dockerfile b/dockerfiles/harness/opentofu.Dockerfile similarity index 100% rename from dockerfiles/harness/oppentofu.Dockerfile rename to dockerfiles/harness/opentofu.Dockerfile From 693ca99b47f491bde3ad92d03637813cd13f9cea Mon Sep 17 00:00:00 2001 From: seemywings Date: Thu, 19 Dec 2024 15:41:54 -0500 Subject: [PATCH 07/14] update opentofu dockerfile user --- dockerfiles/harness/opentofu.Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dockerfiles/harness/opentofu.Dockerfile b/dockerfiles/harness/opentofu.Dockerfile index 1373312c..8d3c33a6 100644 --- a/dockerfiles/harness/opentofu.Dockerfile +++ b/dockerfiles/harness/opentofu.Dockerfile @@ -9,3 +9,6 @@ FROM $TOFU_IMAGE as tofu FROM $HARNESS_BASE_IMAGE as final COPY --from=tofu /usr/local/bin/tofu /bin/terraform + +# Switch to the non-root user +USER 65532:65532 From a47a4873a629cc90a716adf797d72137440f9929 Mon Sep 17 00:00:00 2001 From: seemywings Date: Thu, 19 Dec 2024 15:54:59 -0500 Subject: [PATCH 08/14] don't use latest in tofu dockerfile --- dockerfiles/harness/opentofu.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerfiles/harness/opentofu.Dockerfile b/dockerfiles/harness/opentofu.Dockerfile index 8d3c33a6..949e55d9 100644 --- a/dockerfiles/harness/opentofu.Dockerfile +++ b/dockerfiles/harness/opentofu.Dockerfile @@ -1,7 +1,7 @@ ARG TOFU_IMAGE_TAG=1.7.1 ARG TOFU_IMAGE=ghcr.io/opentofu/opentofu:$TOFU_IMAGE_TAG -ARG HARNESS_BASE_IMAGE_TAG=latest +ARG HARNESS_BASE_IMAGE_TAG=sha-1eca71e ARG HARNESS_BASE_IMAGE_REPO=harness-base ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG From 113a3418cbc5f60cabc122926a0771c479863e29 Mon Sep 17 00:00:00 2001 From: seemywings Date: Tue, 7 Jan 2025 18:45:58 -0500 Subject: [PATCH 09/14] adding tofurc --- dockerfiles/harness/opentofu.Dockerfile | 9 +++++++-- dockerfiles/harness/plrl.tfrc | 11 +++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 dockerfiles/harness/plrl.tfrc diff --git a/dockerfiles/harness/opentofu.Dockerfile b/dockerfiles/harness/opentofu.Dockerfile index 949e55d9..2e565c3d 100644 --- a/dockerfiles/harness/opentofu.Dockerfile +++ b/dockerfiles/harness/opentofu.Dockerfile @@ -5,10 +5,15 @@ ARG HARNESS_BASE_IMAGE_TAG=sha-1eca71e ARG HARNESS_BASE_IMAGE_REPO=harness-base ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG -FROM $TOFU_IMAGE as tofu -FROM $HARNESS_BASE_IMAGE as final +FROM $TOFU_IMAGE AS tofu +FROM $HARNESS_BASE_IMAGE AS final COPY --from=tofu /usr/local/bin/tofu /bin/terraform +USER root +ENV TF_CLI_CONFIG_FILE=/usr/local/etc/plrl.tfrc +COPY dockerfiles/harness/plrl.tfrc $TF_CLI_CONFIG_FILE +RUN chown 65532:65532 $TF_CLI_CONFIG_FILE + # Switch to the non-root user USER 65532:65532 diff --git a/dockerfiles/harness/plrl.tfrc b/dockerfiles/harness/plrl.tfrc new file mode 100644 index 00000000..c90cc7d6 --- /dev/null +++ b/dockerfiles/harness/plrl.tfrc @@ -0,0 +1,11 @@ +provider_installation { + direct { + include = [ + "registry.terraform.io/*" + ] + + exclude = [ + "registry.opentofu.org/*" + ] + } +} \ No newline at end of file From 14bd6334c62b01d476ac454be433420412e0b474 Mon Sep 17 00:00:00 2001 From: seemywings Date: Tue, 7 Jan 2025 20:04:30 -0500 Subject: [PATCH 10/14] update tofurc --- dockerfiles/harness/plrl.tfrc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/dockerfiles/harness/plrl.tfrc b/dockerfiles/harness/plrl.tfrc index c90cc7d6..33ce6033 100644 --- a/dockerfiles/harness/plrl.tfrc +++ b/dockerfiles/harness/plrl.tfrc @@ -1,11 +1,7 @@ provider_installation { direct { include = [ - "registry.terraform.io/*" - ] - - exclude = [ - "registry.opentofu.org/*" + "registry.terraform.io/*/*" ] } } \ No newline at end of file From baeec9c1f6a79489dc2495b1fc9ddf39549946cd Mon Sep 17 00:00:00 2001 From: seemywings Date: Tue, 7 Jan 2025 20:56:28 -0500 Subject: [PATCH 11/14] update tofurc --- dockerfiles/harness/plrl.tfrc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dockerfiles/harness/plrl.tfrc b/dockerfiles/harness/plrl.tfrc index 33ce6033..d860fc68 100644 --- a/dockerfiles/harness/plrl.tfrc +++ b/dockerfiles/harness/plrl.tfrc @@ -3,5 +3,9 @@ provider_installation { include = [ "registry.terraform.io/*/*" ] + + exclude = [ + "registry.opentofu.org/*/*" + ] } -} \ No newline at end of file +} From 9702e2ad286a672717f86f9142b1e32af98a19e8 Mon Sep 17 00:00:00 2001 From: seemywings Date: Tue, 7 Jan 2025 22:33:09 -0500 Subject: [PATCH 12/14] rm tofu config --- dockerfiles/harness/opentofu.Dockerfile | 8 ++++---- dockerfiles/harness/plrl.tfrc | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/dockerfiles/harness/opentofu.Dockerfile b/dockerfiles/harness/opentofu.Dockerfile index 2e565c3d..66e3eec6 100644 --- a/dockerfiles/harness/opentofu.Dockerfile +++ b/dockerfiles/harness/opentofu.Dockerfile @@ -10,10 +10,10 @@ FROM $HARNESS_BASE_IMAGE AS final COPY --from=tofu /usr/local/bin/tofu /bin/terraform -USER root -ENV TF_CLI_CONFIG_FILE=/usr/local/etc/plrl.tfrc -COPY dockerfiles/harness/plrl.tfrc $TF_CLI_CONFIG_FILE -RUN chown 65532:65532 $TF_CLI_CONFIG_FILE +# USER root +# ENV TF_CLI_CONFIG_FILE=/usr/local/etc/plrl.tfrc +# COPY dockerfiles/harness/plrl.tfrc $TF_CLI_CONFIG_FILE +# RUN chown 65532:65532 $TF_CLI_CONFIG_FILE # Switch to the non-root user USER 65532:65532 diff --git a/dockerfiles/harness/plrl.tfrc b/dockerfiles/harness/plrl.tfrc index d860fc68..12ab8ce6 100644 --- a/dockerfiles/harness/plrl.tfrc +++ b/dockerfiles/harness/plrl.tfrc @@ -1,7 +1,8 @@ provider_installation { direct { include = [ - "registry.terraform.io/*/*" + "registry.terraform.io/hashicorp/*" + "registry.terraform.io/pluralsh/*" ] exclude = [ From 8ed5f4cbeef166a3220dc8b7a8e9a10853996b12 Mon Sep 17 00:00:00 2001 From: seemywings Date: Tue, 7 Jan 2025 23:14:48 -0500 Subject: [PATCH 13/14] update tofurc --- dockerfiles/harness/opentofu.Dockerfile | 8 ++++---- dockerfiles/harness/plrl.tfrc | 9 +-------- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/dockerfiles/harness/opentofu.Dockerfile b/dockerfiles/harness/opentofu.Dockerfile index 66e3eec6..e8b9f62a 100644 --- a/dockerfiles/harness/opentofu.Dockerfile +++ b/dockerfiles/harness/opentofu.Dockerfile @@ -10,10 +10,10 @@ FROM $HARNESS_BASE_IMAGE AS final COPY --from=tofu /usr/local/bin/tofu /bin/terraform -# USER root -# ENV TF_CLI_CONFIG_FILE=/usr/local/etc/plrl.tfrc -# COPY dockerfiles/harness/plrl.tfrc $TF_CLI_CONFIG_FILE -# RUN chown 65532:65532 $TF_CLI_CONFIG_FILE +USER root +ENV TF_CLI_CONFIG_FILE=/usr/local/etc/plrl.tfrc +COPY dockerfiles/harness/plrl.tfrc /usr/local/etc/plrl.tfrc +RUN chown 65532:65532 /usr/local/etc/plrl.tfrc # Switch to the non-root user USER 65532:65532 diff --git a/dockerfiles/harness/plrl.tfrc b/dockerfiles/harness/plrl.tfrc index 12ab8ce6..0d5293fe 100644 --- a/dockerfiles/harness/plrl.tfrc +++ b/dockerfiles/harness/plrl.tfrc @@ -1,12 +1,5 @@ provider_installation { direct { - include = [ - "registry.terraform.io/hashicorp/*" - "registry.terraform.io/pluralsh/*" - ] - - exclude = [ - "registry.opentofu.org/*/*" - ] + include = ["registry.terraform.io/*/*","registry.opentofu.org/*/*"] } } From 0cb44b54c4e829f8f6b468340e81b6ef0a32c233 Mon Sep 17 00:00:00 2001 From: seemywings Date: Tue, 7 Jan 2025 23:16:43 -0500 Subject: [PATCH 14/14] update tofurc --- dockerfiles/harness/plrl.tfrc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dockerfiles/harness/plrl.tfrc b/dockerfiles/harness/plrl.tfrc index 0d5293fe..8c15752b 100644 --- a/dockerfiles/harness/plrl.tfrc +++ b/dockerfiles/harness/plrl.tfrc @@ -1,5 +1,8 @@ provider_installation { direct { - include = ["registry.terraform.io/*/*","registry.opentofu.org/*/*"] + include = [ + "registry.terraform.io/*/*", + "registry.opentofu.org/*/*" + ] } }