Created
June 30, 2021 07:16
-
-
Save ajinkya101/ad9730766c1af4cecc19fe6cecef9ce1 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Infracost Tool Demonstration | |
| # Importing official atlantis docker image | |
| FROM runatlantis/atlantis:v0.17.0 | |
| RUN apk update && apk upgrade | |
| # Python | |
| RUN apk add bash py-pip | |
| # Azure cli setup | |
| RUN apk add py-pip | |
| RUN apk add --virtual=build gcc libffi-dev musl-dev openssl-dev make python3-dev linux-headers | |
| ENV AZURE_CLI_VERSION 2.18.0 | |
| RUN pip3 --no-cache-dir install azure-cli==${AZURE_CLI_VERSION} | |
| # Install required packages | |
| RUN apk --update --no-cache add ca-certificates openssl openssh-client curl git | |
| # The jq package provided by alpine:3.13 (jq 1.6-rc1) is flagged as a | |
| # high severity vulnerability, so we install the latest release ourselves | |
| # Reference: https://nvd.nist.gov/vuln/detail/CVE-2016-4074 (this is present on jq-1.6-rc1 as well) | |
| RUN \ | |
| # Install jq-1.6 (final release) | |
| curl -s -L -o /tmp/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \ | |
| mv /tmp/jq /usr/local/bin/jq && \ | |
| chmod +x /usr/local/bin/jq | |
| RUN \ | |
| # Install latest infracost version | |
| curl -s -L https://github.com/infracost/infracost/releases/latest/download/infracost-linux-amd64.tar.gz | tar xz -C /tmp && \ | |
| mv /tmp/infracost-linux-amd64 /usr/bin/infracost && \ | |
| # Fetch the atlantis_diff.sh script that runs infracost | |
| curl -s -L -o /home/atlantis/infracost_atlantis_diff.sh https://raw.githubusercontent.com/infracost/infracost/master/scripts/ci/atlantis_diff.sh && \ | |
| chmod +x /home/atlantis/infracost_atlantis_diff.sh && \ | |
| chown atlantis:atlantis /home/atlantis/infracost_atlantis_diff.sh && \ | |
| ln -s /home/atlantis/infracost_atlantis_diff.sh /infracost_atlantis_diff.sh | |
| ENV INSTALL_DIR=/opt/nu-atlantis | |
| ENV TERRAFORM_VERSION=0.15.5 | |
| ENV INFRACOST_API_KEY=******* | |
| ENV INFRACOST_TERRAFORM_BINARY=/opt/nu-atlantis/terraform | |
| # Terraform installation steps | |
| RUN mkdir -p ${INSTALL_DIR} | |
| RUN rm -rf /usr/local/bin/terraform && \ | |
| curl -s -Lo terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ | |
| unzip terraform.zip && \ | |
| rm -rf terraform.zip && \ | |
| chmod +x terraform && \ | |
| mv terraform ${INSTALL_DIR}/ && \ | |
| chown atlantis:atlantis ${INSTALL_DIR}/terraform | |
| USER atlantis | |
| ENV INSTALL_DIR=/opt/nu-atlantis \ | |
| PATH=${PATH}:${INSTALL_DIR} \ | |
| ATLANTIS_HIDE_PREV_PLAN_COMMENTS=true \ | |
| ATLANTIS_WRITE_GIT_CREDS=true \ | |
| ATLANTIS_AUTOMERGE=true \ | |
| TFMASK_VALUES_REGEX="(?i)^.*[^a-zA-Z](oauth|secret|token|password|key|result).*$" \ | |
| TF_CLI_ARGS="-no-color" \ | |
| WORKDIR=/home/atlantis | |
| WORKDIR ${WORKDIR} | |
| # Atlantis server start command | |
| COPY files/ ${WORKDIR} | |
| CMD ["atlantis", "server", "--repo-config", "repos.yaml", "--gh-user", "*******", "--gh-token", "*******", "--repo-allowlist", "*******", "--gh-webhook-secret", "*******", "&"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment