Skip to content

Commit

Permalink
fix(docker): fix docker runtime issue (runatlantis#2106)
Browse files Browse the repository at this point in the history
* debug setup

* Revert "fix(docker): download Terraform and conftest versions maching image architecture (runatlantis#2101)"

This reverts commit 579e583.

* Revert "fix(docker): fix installation of git-lfs in armv7 image (runatlantis#2100)"

This reverts commit 8af7883.

* Revert "fix(docker): fix base image for multi-platform build (runatlantis#2099)"

This reverts commit 571543f.

* Revert "debug setup"

This reverts commit 274501a.
  • Loading branch information
chenrui333 authored and krrrr38 committed Dec 16, 2022
1 parent cd00e9c commit 903cd64
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 59 deletions.
32 changes: 9 additions & 23 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,48 +9,34 @@ RUN CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -v -o atlantis .
# The runatlantis/atlantis-base is created by docker-base/Dockerfile.
FROM ghcr.io/runatlantis/atlantis-base:2022.03.02 AS base

# Get the architecture the image is being built for
ARG TARGETPLATFORM

# install terraform binaries
ENV DEFAULT_TERRAFORM_VERSION=1.1.6

# In the official Atlantis image we only have the latest of each Terraform version.
RUN AVAILABLE_TERRAFORM_VERSIONS="0.11.15 0.12.31 0.13.7 0.14.11 0.15.5 1.0.11 ${DEFAULT_TERRAFORM_VERSION}" && \
case ${TARGETPLATFORM} in \
"linux/amd64") TERRAFORM_ARCH=amd64 ;; \
"linux/arm64") TERRAFORM_ARCH=arm64 ;; \
"linux/arm/v7") TERRAFORM_ARCH=arm ;; \
esac && \
RUN AVAILABLE_TERRAFORM_VERSIONS="0.8.8 0.9.11 0.10.8 0.11.15 0.12.31 0.13.7 0.14.11 0.15.5 1.0.11 ${DEFAULT_TERRAFORM_VERSION}" && \
for VERSION in ${AVAILABLE_TERRAFORM_VERSIONS}; do \
curl -LOs https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_${TERRAFORM_ARCH}.zip && \
curl -LOs https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip && \
curl -LOs https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_SHA256SUMS && \
sed -n "/terraform_${VERSION}_linux_${TERRAFORM_ARCH}.zip/p" terraform_${VERSION}_SHA256SUMS | sha256sum -c && \
sed -n "/terraform_${VERSION}_linux_amd64.zip/p" terraform_${VERSION}_SHA256SUMS | sha256sum -c && \
mkdir -p /usr/local/bin/tf/versions/${VERSION} && \
unzip terraform_${VERSION}_linux_${TERRAFORM_ARCH}.zip -d /usr/local/bin/tf/versions/${VERSION} && \
unzip terraform_${VERSION}_linux_amd64.zip -d /usr/local/bin/tf/versions/${VERSION} && \
ln -s /usr/local/bin/tf/versions/${VERSION}/terraform /usr/local/bin/terraform${VERSION} && \
rm terraform_${VERSION}_linux_${TERRAFORM_ARCH}.zip && \
rm terraform_${VERSION}_linux_amd64.zip && \
rm terraform_${VERSION}_SHA256SUMS; \
done && \
ln -s /usr/local/bin/tf/versions/${DEFAULT_TERRAFORM_VERSION}/terraform /usr/local/bin/terraform

ENV DEFAULT_CONFTEST_VERSION=0.30.0

RUN AVAILABLE_CONFTEST_VERSIONS="${DEFAULT_CONFTEST_VERSION}" && \
case ${TARGETPLATFORM} in \
"linux/amd64") CONFTEST_ARCH=x86_64 ;; \
"linux/arm64") CONFTEST_ARCH=arm64 ;; \
# There is currently no compiled version of conftest for armv7
"linux/arm/v7") CONFTEST_ARCH=x86_64 ;; \
esac && \
for VERSION in ${AVAILABLE_CONFTEST_VERSIONS}; do \
curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${VERSION}/conftest_${VERSION}_Linux_${CONFTEST_ARCH}.tar.gz && \
curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${VERSION}/conftest_${VERSION}_Linux_x86_64.tar.gz && \
curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${VERSION}/checksums.txt && \
sed -n "/conftest_${VERSION}_Linux_${CONFTEST_ARCH}.tar.gz/p" checksums.txt | sha256sum -c && \
sed -n "/conftest_${VERSION}_Linux_x86_64.tar.gz/p" checksums.txt | sha256sum -c && \
mkdir -p /usr/local/bin/cft/versions/${VERSION} && \
tar -C /usr/local/bin/cft/versions/${VERSION} -xzf conftest_${VERSION}_Linux_${CONFTEST_ARCH}.tar.gz && \
tar -C /usr/local/bin/cft/versions/${VERSION} -xzf conftest_${VERSION}_Linux_x86_64.tar.gz && \
ln -s /usr/local/bin/cft/versions/${VERSION}/conftest /usr/local/bin/conftest${VERSION} && \
rm conftest_${VERSION}_Linux_${CONFTEST_ARCH}.tar.gz && \
rm conftest_${VERSION}_Linux_x86_64.tar.gz && \
rm checksums.txt; \
done

Expand Down
51 changes: 15 additions & 36 deletions docker-base/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -17,40 +17,21 @@ RUN addgroup atlantis && \
chmod g=u /home/atlantis/ && \
chmod g=u /etc/passwd

# Install gosu and git-lfs.
# Install dumb-init, gosu and git-lfs.
ENV DUMB_INIT_VERSION=1.2.5
ENV GOSU_VERSION=1.14
ENV GIT_LFS_VERSION=3.1.2

# Automatically populated with the architecture the image is being built for.
ARG TARGETPLATFORM

# Install packages needed for running Atlantis.
RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap dumb-init && \
# Install packages needed for building dependencies.
apk add --no-cache --virtual .build-deps gnupg openssl && \
RUN apk add --no-cache ca-certificates gnupg curl git unzip bash openssh libcap openssl && \
curl -L -s --output /bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64" && \
chmod +x /bin/dumb-init && \
mkdir -p /tmp/build && \
cd /tmp/build && \

# git-lfs
case ${TARGETPLATFORM} in \
"linux/amd64") GIT_LFS_ARCH=amd64 ;; \
"linux/arm64") GIT_LFS_ARCH=arm64 ;; \
"linux/arm/v7") GIT_LFS_ARCH=arm ;; \
esac && \
curl -L -s --output git-lfs.tar.gz "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-${GIT_LFS_ARCH}-v${GIT_LFS_VERSION}.tar.gz" && \
curl -L -s --output git-lfs.tar.gz "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-amd64-v${GIT_LFS_VERSION}.tar.gz" && \
tar -xf git-lfs.tar.gz && \
chmod +x git-lfs && \
mv git-lfs /usr/bin/git-lfs && \
git-lfs --version && \

# gosu
case ${TARGETPLATFORM} in \
"linux/amd64") GOSU_ARCH=amd64 ;; \
"linux/arm64") GOSU_ARCH=arm64 ;; \
"linux/arm/v7") GOSU_ARCH=armhf ;; \
esac && \
curl -L -s --output gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCH}" && \
curl -L -s --output gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCH}.asc" && \
curl -L -s --output gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64" && \
curl -L -s --output gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64.asc" && \
for server in $(shuf -e ipv4.pool.sks-keyservers.net \
hkp://p80.pool.sks-keyservers.net:80 \
keyserver.ubuntu.com \
Expand All @@ -61,15 +42,13 @@ RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap dumb-i
gpg --batch --verify gosu.asc gosu && \
chmod +x gosu && \
cp gosu /bin && \
gosu --version && \

# Cleanup
cd /tmp && \
rm -rf /tmp/build && \
gpgconf --kill dirmngr && \
gpgconf --kill gpg-agent && \
apk del .build-deps && \
rm -rf /root/.gnupg
cd /tmp && \
rm -rf /tmp/build && \
gpgconf --kill dirmngr && \
gpgconf --kill gpg-agent && \
apk del gnupg openssl && \
rm -rf /root/.gnupg && \
rm -rf /var/cache/apk/*

# Set up nsswitch.conf for Go's "netgo" implementation
# - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275
Expand Down

0 comments on commit 903cd64

Please sign in to comment.