Skip to content

Instantly share code, notes, and snippets.

@angeloskaltsikis

angeloskaltsikis/Dockerfile

Forked from dmattia/terragrunt_light.js
Last active April 26, 2023 10:14
Show Gist options
  • Save angeloskaltsikis/f5ded5e94495e6254a9171365bcfaf7a to your computer and use it in GitHub Desktop.
Save angeloskaltsikis/f5ded5e94495e6254a9171365bcfaf7a to your computer and use it in GitHub Desktop.
Download ZIP
A wrapper to make Terragrunt less verbose (both plan & apply supported). Also includes all the files required to efficiently run Terragrunt with Atlantis.
Raw
Dockerfile
ARG atlantis_version=v0.15.0
FROM runatlantis/atlantis:${atlantis_version}
LABEL maintainer="Beat DevOps Team"
LABEL description="thebeat.co atlantis image used in IaC CI/CD!"
LABEL version="0.2"
# https://github.com/gruntwork-io/terragrunt/releases
ARG terragrunt_version=v0.25.1
ARG terragrunt_sha256sum=533f43ece374476efc8bbe4eea9395892dfcd9e4f1ae033cdd6855c227632f31
ARG terragrunt_uri=https://github.com/gruntwork-io/terragrunt/releases/download/${terragrunt_version}/terragrunt_linux_amd64
# Custom fork of https://github.com/transcend-io/terragrunt-atlantis-config for linux_amd64 binary
ARG terragrunt_atlantis_config_version=0.8.0
ARG terragrunt_atlantis_config_sha256sum=3b146cdba021410a5f6de836c29da9546c3424cd55c060722fed5a724a01236b
# This is a fork of the original project because it doesn't support Linux AMD64 Binary yet. It will be changed as soon as the repo supports it.
ARG terragrunt_atlantis_config_uri=https://github.com/angeloskaltsikis/terragrunt-atlantis-config/releases/download/v${terragrunt_atlantis_config_version}/terragrunt-atlantis-config_${terragrunt_atlantis_config_version}_linux_amd64.tar.gz
# https://releases.hashicorp.com/terraform-provider-aws
ARG terraform_provider_aws_version=3.8.0
ARG terraform_provider_aws_sha256sum=d931d23ad961616f1ad437b48cb4ad147b3b68fedf8d1b541ab6c5e49eacb32c
ARG terraform_provider_aws_uri=https://releases.hashicorp.com/terraform-provider-aws/${terraform_provider_aws_version}/terraform-provider-aws_${terraform_provider_aws_version}_linux_amd64.zip
# https://releases.hashicorp.com/terraform-provider-github
ARG terraform_provider_github_version=2.9.1
ARG terraform_provider_github_sha256sum=f9f4ee5444d58ed94f608ed580feccded225a6e26899f016b1013a388dc3cce5
ARG terraform_provider_github_uri=https://releases.hashicorp.com/terraform-provider-github/${terraform_provider_github_version}/terraform-provider-github_${terraform_provider_github_version}_linux_amd64.zip
# https://github.com/Mongey/terraform-provider-kafka
ARG terraform_provider_kafka_version=0.2.10
ARG terraform_provider_kafka_sha256sum=8faa5fca58cc8c73a604e097dc8d205d521141db0db25747b874e4d65a1680db
ARG terraform_provider_kafka_uri=https://github.com/Mongey/terraform-provider-kafka/releases/download/v${terraform_provider_kafka_version}/terraform-provider-kafka_${terraform_provider_kafka_version}_linux_amd64.zip
# https://releases.hashicorp.com/terraform-provider-random
ARG terraform_provider_random_version=2.2.1
ARG terraform_provider_random_sha256sum=7fa7737661380d18cba3cdc71c4ec6f2fd281b9d61112f6b48d06ca8bbf97771
ARG terraform_provider_random_uri=https://releases.hashicorp.com/terraform-provider-random/${terraform_provider_random_version}/terraform-provider-random_${terraform_provider_random_version}_linux_amd64.zip
# Downloads multiple custom dependencies we have for our Atlantis Installation
RUN AVAILABLE_TERRAFORM_VERSIONS="0.12.26 0.12.28 0.13.2" && \
# Fetch all Terraform Versions described in the AVAILABLE_TERRAFORM_VERSIONS
for VERSION in ${AVAILABLE_TERRAFORM_VERSIONS}; do \
curl -LOs https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip && \
curl -LOs https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_SHA256SUMS && \
sed -n "/terraform_${VERSION}_linux_amd64.zip/p" terraform_${VERSION}_SHA256SUMS | sha256sum -c && \
mkdir -p /usr/local/bin/tf/versions/${VERSION} && \
unzip terraform_${VERSION}_linux_amd64.zip -d /usr/local/bin/tf/versions/${VERSION} && \
ln -s /usr/local/bin/tf/versions/${VERSION}/terraform /usr/local/bin/terraform${VERSION} && \
rm terraform_${VERSION}_linux_amd64.zip && \
rm terraform_${VERSION}_SHA256SUMS; \
done && \
# Fetch Terragrunt
wget --directory-prefix=/tmp ${terragrunt_uri} && \
echo "${terragrunt_sha256sum} /tmp/terragrunt_linux_amd64" | sha256sum -c - && \
cp /tmp/terragrunt_linux_amd64 /usr/local/bin/terragrunt && \
chmod +x /usr/local/bin/terragrunt && \
rm /tmp/terragrunt_linux_amd64 && \
# Fetch Terragrunt NodeJS Wrapper Dependencies
apk add --update nodejs npm && \
npm install shelljs path && \
# Fetch Terragrunt Atlantis Config Generator
wget --directory-prefix=/tmp ${terragrunt_atlantis_config_uri} && \
echo "${terragrunt_atlantis_config_sha256sum} /tmp/terragrunt-atlantis-config_${terragrunt_atlantis_config_version}_linux_amd64.tar.gz" | sha256sum -c - && \
cd /tmp && tar -zxvf terragrunt-atlantis-config_${terragrunt_atlantis_config_version}_linux_amd64.tar.gz && \
cp /tmp/terragrunt-atlantis-config_${terragrunt_atlantis_config_version}_linux_amd64/terragrunt-atlantis-config_${terragrunt_atlantis_config_version}_linux_amd64 /usr/local/bin/terragrunt-atlantis-config && \
chmod +x /usr/local/bin/terragrunt-atlantis-config && \
# Terraform Providers
mkdir -p /home/atlantis/terraform-providers && \
mkdir -p /home/atlantis/.terraform.d/plugins/ && \
# Fetch Terraform AWS Provider (Both for TF 0.12 & TF 0.13)
wget --directory-prefix=/tmp ${terraform_provider_aws_uri} && \
echo "$terraform_provider_aws_sha256sum terraform-provider-aws_${terraform_provider_aws_version}_linux_amd64.zip" | sha256sum -c - && \
cd /tmp && unzip terraform-provider-aws_${terraform_provider_aws_version}_linux_amd64.zip && \
chmod +x terraform-provider-aws_v${terraform_provider_aws_version}_x5 && \
cp terraform-provider-aws_v${terraform_provider_aws_version}_x5 /home/atlantis/terraform-providers && \
ln -s /home/atlantis/terraform-providers/terraform-provider-aws_v${terraform_provider_aws_version}_x5 /home/atlantis/.terraform.d/plugins/terraform-provider-aws && \
mkdir -p /home/atlantis/.terraform.d/plugins/registry.terraform.io/hashicorp/aws/${terraform_provider_aws_version}/linux_amd64/ && \
mkdir -p /home/atlantis/.terraform.d/plugins/registry.terraform.io/-/aws/${terraform_provider_aws_version}/linux_amd64/ && \
ln -s /home/atlantis/terraform-providers/terraform-provider-aws_v${terraform_provider_aws_version}_x5 /home/atlantis/.terraform.d/plugins/registry.terraform.io/hashicorp/aws/${terraform_provider_aws_version}/linux_amd64/terraform-provider-aws_v${terraform_provider_aws_version} && \
ln -s /home/atlantis/terraform-providers/terraform-provider-aws_v${terraform_provider_aws_version}_x5 /home/atlantis/.terraform.d/plugins/registry.terraform.io/-/aws/${terraform_provider_aws_version}/linux_amd64/terraform-provider-aws_v${terraform_provider_aws_version} && \
# Fetch Terraform Github Provider (Both for TF 0.12 & TF 0.13)
wget --directory-prefix=/tmp ${terraform_provider_github_uri} && \
echo "$terraform_provider_github_sha256sum terraform-provider-github_${terraform_provider_github_version}_linux_amd64.zip" | sha256sum -c - && \
cd /tmp && unzip terraform-provider-github_${terraform_provider_github_version}_linux_amd64.zip && \
chmod +x terraform-provider-github_v${terraform_provider_github_version}_x4 && \
cp terraform-provider-github_v${terraform_provider_github_version}_x4 /home/atlantis/terraform-providers && \
ln -s /home/atlantis/terraform-providers/terraform-provider-github_v${terraform_provider_github_version}_x4 /home/atlantis/.terraform.d/plugins/terraform-provider-github && \
mkdir -p /home/atlantis/.terraform.d/plugins/registry.terraform.io/hashicorp/google/${terraform_provider_github_version}/linux_amd64/ && \
mkdir -p /home/atlantis/.terraform.d/plugins/registry.terraform.io/-/google/${terraform_provider_github_version}/linux_amd64/ && \
ln -s /home/atlantis/terraform-providers/terraform-provider-github_v${terraform_provider_github_version}_x4 /home/atlantis/.terraform.d/plugins/registry.terraform.io/hashicorp/google/${terraform_provider_github_version}/linux_amd64/terraform-provider-github_v${terraform_provider_github_version} && \
ln -s /home/atlantis/terraform-providers/terraform-provider-github_v${terraform_provider_github_version}_x4 /home/atlantis/.terraform.d/plugins/registry.terraform.io/-/google/${terraform_provider_github_version}/linux_amd64/terraform-provider-github_v${terraform_provider_github_version} && \
# Fetch Terraform Kafka Provider (Both for TF 0.12 & TF 0.13)
wget --directory-prefix=/tmp ${terraform_provider_kafka_uri} && \
echo "$terraform_provider_kafka_sha256sum terraform-provider-kafka_${terraform_provider_kafka_version}_linux_amd64.zip" | sha256sum -c - && \
cd /tmp && unzip terraform-provider-kafka_${terraform_provider_kafka_version}_linux_amd64.zip && \
chmod +x terraform-provider-kafka_v${terraform_provider_kafka_version} && \
cp terraform-provider-kafka_v${terraform_provider_kafka_version} /home/atlantis/terraform-providers && \
ln -s /home/atlantis/terraform-providers/terraform-provider-kafka_v${terraform_provider_kafka_version} /home/atlantis/.terraform.d/plugins/terraform-provider-kafka && \
mkdir -p /home/atlantis/.terraform.d/plugins/registry.terraform.io/Mongey/kafka/${terraform_provider_kafka_version}/linux_amd64/ && \
mkdir -p /home/atlantis/.terraform.d/plugins/registry.terraform.io/-/kafka/${terraform_provider_kafka_version}/linux_amd64/ && \
ln -s /home/atlantis/terraform-providers/terraform-provider-kafka_v${terraform_provider_kafka_version} /home/atlantis/.terraform.d/plugins/registry.terraform.io/Mongey/kafka/${terraform_provider_kafka_version}/linux_amd64/terraform-provider-kafka_v${terraform_provider_kafka_version} && \
ln -s /home/atlantis/terraform-providers/terraform-provider-kafka_v${terraform_provider_kafka_version} /home/atlantis/.terraform.d/plugins/registry.terraform.io/-/kafka/${terraform_provider_kafka_version}/linux_amd64/terraform-provider-kafka_v${terraform_provider_kafka_version} && \
# Fetch Terraform Random Provider (Both for TF 0.12 & TF 0.13)
wget --directory-prefix=/tmp ${terraform_provider_random_uri} && \
echo "$terraform_provider_random_sha256sum terraform-provider-random_${terraform_provider_random_version}_linux_amd64.zip" | sha256sum -c - && \
cd /tmp && unzip terraform-provider-random_${terraform_provider_random_version}_linux_amd64.zip && \
chmod +x terraform-provider-random_v${terraform_provider_random_version}_x4 && \
cp terraform-provider-random_v${terraform_provider_random_version}_x4 /home/atlantis/terraform-providers && \
ln -s /home/atlantis/terraform-providers/terraform-provider-random_v${terraform_provider_random_version}_x4 /home/atlantis/.terraform.d/plugins/terraform-provider-random && \
mkdir -p /home/atlantis/.terraform.d/plugins/registry.terraform.io/hashicorp/random/${terraform_provider_random_version}/linux_amd64/ && \
mkdir -p /home/atlantis/.terraform.d/plugins/registry.terraform.io/-/random/${terraform_provider_random_version}/linux_amd64/ && \
ln -s /home/atlantis/terraform-providers/terraform-provider-random_v${terraform_provider_random_version}_x4 /home/atlantis/.terraform.d/plugins/registry.terraform.io/hashicorp/random/${terraform_provider_random_version}/linux_amd64/terraform-provider-random_v${terraform_provider_random_version} && \
ln -s /home/atlantis/terraform-providers/terraform-provider-random_v${terraform_provider_random_version}_x4 /home/atlantis/.terraform.d/plugins/registry.terraform.io/-/random/${terraform_provider_random_version}/linux_amd64/terraform-provider-random_v${terraform_provider_random_version} && \
# Delete all the /tmp folder to make sure it deletes all downloads
rm -rf /tmp/*
# Based on https://gist.github.com/dmattia/0d17696bad1dffd90ec7c899e0343955 for less verbose terragrunt output from . Our version is a more extended one.
COPY terragrunt_light.js /home/atlantis/terragrunt_light.js
# Wrapper Script which tries to run git hooks if the repo cloned to atlantis include some in a certain directory.
COPY post-checkout.sh /home/atlantis/hooks/post-checkout
Raw
post-checkout.sh
#!/bin/bash
## Make sure to give execution permissions.
# Checks if a post-checkout.sh script exists in `atlantis-hooks` folder in order to auto-run that.
PWD=`pwd`
FILE=$PWD/atlantis-git-hooks/repo-post-checkout.sh
if [ -f "$FILE" ]; then
echo "$FILE exists in the repo $PWD."
exec $FILE
else
echo "$FILE does not exist in the repo $PWD."
fi
Raw
repo-post-checkout.sh
#!/bin/bash
## This should be placed in folder `atlantis-git-hooks/repo-post-checkout.sh` in your Environments repo (where Terragrunt code lives).
## Make sure to give execution permissions.
result=${PWD##*/}
if [ $result = "default" ]; then
echo "Default Workspace. Atlantis Config will be generated."
exec terragrunt-atlantis-config generate --ignore-parent-terragrunt --autoplan --workflow terragrunt --parallel --create-workspace --create-project-name --output ./atlantis.yaml
else
echo "Not the Default Workspace. Will clone atlantis.yaml from default workspace and will skip re-generating it."
ln -s ../default/atlantis.yaml atlantis.yaml
fi
Raw
repos.yaml
terragrunt:
plan:
steps:
- env:
name: TERRAGRUNT_TFPATH
command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
- run: node ~/terragrunt_light.js plan $PLANFILE
apply:
steps:
- env:
name: TERRAGRUNT_TFPATH
command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
- run: node ~/terragrunt_light.js apply $PLANFILE
Raw
terragrunt_light.js
/**
* Wrapper around terragrunt to display output succinctly on Atlantis.
*
* Terragrunt is notoriously verbose, which can cause Atlantis to output
* hundreds of comments on single PRs, which can be annoying.
*
* This script will output just the final plan for resources to update on
* successful terragrunt runs, but will output all terragrunt output on
* errors.
*/
const shell = require('shelljs');
const path = require('path');
/**
* Promisifies shelljs.exec
*
* @param {string} command - Command to execute in the local shell
*/
async function run(command) {
return new Promise((resolve) => {
shell.exec(command, { silent: true }, (code, stdout, stderr) => {
resolve({ code, stdout, stderr });
});
});
}
/**
* Runs a plan via terragrunt. Output is only shown on error
*
* @param {string} file - name of the plan file to show the output of
*/
async function runPlan(file) {
const { code, stderr } = await run(`terragrunt plan -no-color -out=${file}`);
if (code != 0) {
console.log(stderr);
throw Error(`Failed to run plan in ${shell.pwd()}`);
}
}
/**
* Prints a representation of the terraform plan output to the console
*
* @param {string} file - name of the plan file to show the output of
*/
async function printPlanFile(file) {
const { dir, base } = path.parse(file);
shell.cd(dir);
const { stdout } = await run(`terragrunt show -no-color ${base}`);
console.log(stdout);
}
/**
* Runs an apply via terragrunt. Output is only shown on error
*
* @param {string} file - name of the plan file to be used for apply
*/
async function runAndPrintApply(file) {
const { code, stdout, stderr } = await run(`terragrunt apply -no-color ${file}`);
if (code != 0) {
console.log(stderr);
throw Error(`Failed to run apply in ${shell.pwd()}`);
} else {
console.log(stdout);
shell.rm(file)
}
}
/**
* Main function
*/
async function main() {
var args = process.argv.slice(2);
var command = args[0];
var planFilePath = args[1];
if (command.toString().trim() === 'apply') {
await runAndPrintApply(planFilePath);
} else {
await runPlan(planFilePath);
await printPlanFile(planFilePath);
}
}
/**
* Run the program, exiting with a status code of 1 on any error
*/
main().catch((err) => {
console.error(err);
process.exit(1);
});
@angeloskaltsikis
Copy link
Author

Hey @evanstoddard23,
You are welcome.
Damn, i missed that part.
So in the gitconfig key in values.yaml of Atlantis helm chart you will have to add the following before the url at the same level with them.

  # Indicates the hooks path that should run on all Git Repos in Atlantis
  [core]
    hooksPath = /home/atlantis/hooks

For example

# gitconfig: |
  [core]
    hooksPath = /home/atlantis/hooks
  [url "https://[email protected]"]
    insteadOf = https://github.com

I will add that here as well.
Thanks for finding this omission. 😄

Btw it seems that since pre_workflow_hooks have been added to Atlantis more people run the generator using those.
You can read more here but unfortunately, I cannot help with those.

@angeloskaltsikis
Copy link
Author

Any luck @evanstoddard23 ?
Please let me know so I can update both the Gist & the blogpost to include that.
TIA

@evanstoddard23
Copy link

Hey @angeloskaltsikis, thanks for that!

As I'm deploying on ECS fargate, I ended up adding this to my Dockerfile: RUN git config --system core.hooksPath /home/atlantis/hooks and it's working great now!

I actually started with the pre_worflow_hooks and found it to be lacking in some regards. Since I'm using multiple workspaces (via the transcendio generator) to enable parallelism, I found it would generate the atlantis.yaml file in my default workspace but then as it created other directories for the other workspaces the atlantis.yaml would no longer be in the directory path and the apply steps would fail. Not completely sure if I was using it all correctly, but your solution is working great.

Also, the node script to cleanup the output is very nice! Thanks so much for sharing all this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment