Merge branch 'master' of github.com:runatlantis/atlantis into docker-…

…multi-platform * 'master' of github.com:runatlantis/atlantis: docker(testing): updating image build process docs: fix policy check documentation examples (#1945) build: make multi-platform image for testing-env
runatlantis · Dec 17, 2021 · bf00fcf · bf00fcf
2 parents dbb2809 + ec4d77f
commit bf00fcf
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 33 deletions.
diff --git a/.github/workflows/testing-env-image.yml b/.github/workflows/testing-env-image.yml
@@ -3,33 +3,41 @@ name: testing-env-image
 on:
   push:
     paths:
-      - 'testing/**'
-      - '.github/workflows/testing-env-image.yml'
+      - "testing/**"
+      - ".github/workflows/testing-env-image.yml"
     branches:
-      - 'master'
+      - "master"
   workflow_dispatch:
 
-defaults:
-  run:
-    working-directory: testing
-
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v1
+      with:
+        image: tonistiigi/binfmt:latest
+        platforms: arm64,arm
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+
     - name: Login to Packages Container registry
       uses: docker/login-action@v1
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
+
     - run: echo "TODAY=$(date +"%Y.%m.%d")" >> $GITHUB_ENV
-    - name: build testing-env:${{env.TODAY}} image
-      run: |
-        docker build -t ghcr.io/runatlantis/testing-env:${{env.TODAY}} .
-    - name: publish testing-env:${{env.TODAY}} image
-      run: |
-        docker push ghcr.io/runatlantis/testing-env:${{env.TODAY}}
-        docker tag ghcr.io/runatlantis/testing-env:${{env.TODAY}} ghcr.io/runatlantis/testing-env:latest
-        docker push ghcr.io/runatlantis/testing-env:latest
+    - name: Build and push testing-env:${{env.TODAY}} image
+      uses: docker/build-push-action@v2
+      with:
+        context: testing
+        platforms: linux/arm64/v8,linux/amd64,linux/arm/v7
+        push: true
+        tags: |
+           ghcr.io/runatlantis/testing-env:${{env.TODAY}}
+           ghcr.io/runatlantis/testing-env:latest
diff --git a/runatlantis.io/docs/policy-checking.md b/runatlantis.io/docs/policy-checking.md
@@ -64,19 +64,19 @@ policies
   owners:
     users:
       - example-dev
-    policy_sets:
-      - name: example-conf-tests
-        path: /home/atlantis/conftest_policies  # Consider seperate vcs & mount into container
-        source: local
+  policy_sets:
+    - name: example-conf-tests
+      path: /home/atlantis/conftest_policies  # Consider seperate vcs & mount into container
+      source: local
 workflows:
   custom:
     plan:
       steps:
         - init
         - plan
-    policy_check
+    policy_check:
      steps:
-       - policy_check
+       - policy_check:
            extra_args: ["-p /home/atlantis/conftest_policies/", "--all-namespaces"]
 ```
 

diff --git a/testing/Dockerfile b/testing/Dockerfile
@@ -1,22 +1,26 @@
-FROM circleci/golang:1.17
+FROM golang:1.17
+
+RUN apt-get update && apt-get install unzip
 
 # Install Terraform
 ENV TERRAFORM_VERSION=1.1.1
-RUN curl -LOks https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
-    sudo mkdir -p /usr/local/bin/tf/versions/${TERRAFORM_VERSION} && \
-    sudo unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin/tf/versions/${TERRAFORM_VERSION} && \
-    sudo ln -s /usr/local/bin/tf/versions/${TERRAFORM_VERSION}/terraform /usr/local/bin/terraform && \
-    rm terraform_${TERRAFORM_VERSION}_linux_amd64.zip
+RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv8) ARCH="arm64" ;; esac && \
+    wget -nv -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${ARCH}.zip && \
+    mkdir -p /usr/local/bin/tf/versions/${TERRAFORM_VERSION} && \
+    unzip terraform.zip -d /usr/local/bin/tf/versions/${TERRAFORM_VERSION} && \
+    ln -s /usr/local/bin/tf/versions/${TERRAFORM_VERSION}/terraform /usr/local/bin/terraform && \
+    rm terraform.zip
 
 # Install conftest
 ENV CONFTEST_VERSION=0.28.3
-RUN curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz && \
+RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv8) ARCH="arm64" ;; esac && \
+    curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_${ARCH}.tar.gz && \
     curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/checksums.txt && \
-    sed -n "/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz/p" checksums.txt | sha256sum -c && \
-    sudo mkdir -p /usr/local/bin/cft/versions/${CONFTEST_VERSION} && \
-    sudo tar -C  /usr/local/bin/cft/versions/${CONFTEST_VERSION} -xzf conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz && \
-    sudo ln -s /usr/local/bin/cft/versions/${CONFTEST_VERSION}/conftest /usr/local/bin/conftest${CONFTEST_VERSION} && \
-    rm conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz && \
+    sed -n "/conftest_${CONFTEST_VERSION}_Linux_${ARCH}.tar.gz/p" checksums.txt | sha256sum -c && \
+    mkdir -p /usr/local/bin/cft/versions/${CONFTEST_VERSION} && \
+    tar -C  /usr/local/bin/cft/versions/${CONFTEST_VERSION} -xzf conftest_${CONFTEST_VERSION}_Linux_${ARCH}.tar.gz && \
+    ln -s /usr/local/bin/cft/versions/${CONFTEST_VERSION}/conftest /usr/local/bin/conftest${CONFTEST_VERSION} && \
+    rm conftest_${CONFTEST_VERSION}_Linux_${ARCH}.tar.gz && \
     rm checksums.txt
 
 RUN go get golang.org/x/tools/cmd/goimports