feat: add cdktf cli

- changes base image to `node:alpine` - moves `TF_HTTP_*` exports to entrypoint Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/262100

feat: add cdktf cli
- changes base image to `node:alpine` - moves `TF_HTTP_*` exports to entrypoint Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/262100
fa5e8eac · Matt Kasa · 1716ab1f · fa5e8eac · fa5e8eac · fa5e8eac
Commit fa5e8eac authored 4 years ago by Matt Kasa
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,6 +5,7 @@ variables:
  RELEASE_IMAGE_NAME: "$CI_REGISTRY_IMAGE/releases/$TERRAFORM_VERSION"
  TF_ADDRESS: "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$CI_PIPELINE_IID-$STATE_NAME"
  TFPLANTOOL_VERSION: "v0.1.0"
+  BASE: "node:alpine"

 .versions:
  parallel:
@@ -46,7 +47,7 @@ build:
    - .versions
  stage: build
  script:
-    - docker image build --tag "$BUILD_IMAGE_NAME" --build-arg BASE=$TERRAFORM_BASE --build-arg TFPLANTOOL=$TFPLANTOOL_VERSION .
+    - docker image build --tag "$BUILD_IMAGE_NAME" --build-arg BASE=$BASE --build-arg TERRAFORM_BASE=$TERRAFORM_BASE --build-arg TFPLANTOOL=$TFPLANTOOL_VERSION .
    - docker image push "$BUILD_IMAGE_NAME"

 .test:
@@ -55,6 +56,7 @@ build:
    - terraform version
    - gitlab-terraform version
    - jq --version
+    - cdktf --version
    - cd tests
  cache:
    key: "$TERRAFORM_VERSION-$CI_COMMIT_REF_SLUG"

--- a/Dockerfile
+++ b/Dockerfile
 ARG BASE
+ARG TERRAFORM_BASE

 FROM golang:1.14 AS tfplantool

 ARG BASE
+ARG TERRAFORM_BASE
 ARG TFPLANTOOL

 WORKDIR /tfplantool

 RUN git clone --branch $TFPLANTOOL --depth 1 https://gitlab.com/mattkasa/tfplantool.git .
-RUN sed -i -e "/github\.com\/hashicorp\/terraform/s/ v.*\$/ v$(echo "$BASE" | sed -e "s/^.*://")/" go.mod
+RUN sed -i -e "/github\.com\/hashicorp\/terraform/s/ v.*\$/ v$(echo "$TERRAFORM_BASE" | sed -e "s/^.*://")/" go.mod
 RUN go get -d -v ./...
 RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o tfplantool .

+FROM $TERRAFORM_BASE AS terraform
+
+ARG BASE
+
 FROM $BASE

-RUN apk add --no-cache jq
+RUN apk add --no-cache ca-certificates jq

+COPY --from=terraform /bin/terraform /bin/terraform
 COPY --from=tfplantool /tfplantool/tfplantool /usr/bin/tfplantool

 COPY src/bin/gitlab-terraform.sh /usr/bin/gitlab-terraform
 RUN chmod +x /usr/bin/gitlab-terraform

-# Override ENTRYPOINT since hashicorp/terraform uses `terraform`
-ENTRYPOINT []
+RUN npm install -g cdktf-cli && npm cache clean --force
+
+COPY src/bin/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
--- a/src/bin/entrypoint.sh
+++ b/src/bin/entrypoint.sh
+#!/bin/sh -e
+
+# If TF_USERNAME is unset then default to GITLAB_USER_LOGIN
+export TF_USERNAME="${TF_USERNAME:-${GITLAB_USER_LOGIN}}"
+
+# If TF_PASSWORD is unset then default to gitlab-ci-token/CI_JOB_TOKEN
+if [ -z "${TF_PASSWORD}" ]; then
+  export TF_USERNAME="gitlab-ci-token"
+  export TF_PASSWORD="${CI_JOB_TOKEN}"
+fi
+
+# If TF_ADDRESS is unset but TF_STATE_NAME is provided, then default to GitLab backend in current project
+if [ -n "${TF_STATE_NAME}" ]; then
+  export TF_ADDRESS="${TF_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}}"
+fi
+
+# Set variables for the HTTP backend to default to TF_* values
+export TF_HTTP_ADDRESS="${TF_HTTP_ADDRESS:-${TF_ADDRESS}}"
+export TF_HTTP_LOCK_ADDRESS="${TF_HTTP_LOCK_ADDRESS:-${TF_ADDRESS}/lock}"
+export TF_HTTP_LOCK_METHOD="${TF_HTTP_LOCK_METHOD:-POST}"
+export TF_HTTP_UNLOCK_ADDRESS="${TF_HTTP_UNLOCK_ADDRESS:-${TF_ADDRESS}/lock}"
+export TF_HTTP_UNLOCK_METHOD="${TF_HTTP_UNLOCK_METHOD:-DELETE}"
+export TF_HTTP_USERNAME="${TF_HTTP_USERNAME:-${TF_USERNAME}}"
+export TF_HTTP_PASSWORD="${TF_HTTP_PASSWORD:-${TF_PASSWORD}}"
+export TF_HTTP_RETRY_WAIT_MIN="${TF_HTTP_RETRY_WAIT_MIN:-5}"
+
+exec "$@"
--- a/src/bin/gitlab-terraform.sh
+++ b/src/bin/gitlab-terraform.sh
@@ -21,30 +21,6 @@ JQ_PLAN='
  }
 '

-# If TF_USERNAME is unset then default to GITLAB_USER_LOGIN
-TF_USERNAME="${TF_USERNAME:-${GITLAB_USER_LOGIN}}"
-
-# If TF_PASSWORD is unset then default to gitlab-ci-token/CI_JOB_TOKEN
-if [ -z "${TF_PASSWORD}" ]; then
-  TF_USERNAME="gitlab-ci-token"
-  TF_PASSWORD="${CI_JOB_TOKEN}"
-fi
-
-# If TF_ADDRESS is unset but TF_STATE_NAME is provided, then default to GitLab backend in current project
-if [ -n "${TF_STATE_NAME}" ]; then
-  TF_ADDRESS="${TF_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}}"
-fi
-
-# Set variables for the HTTP backend to default to TF_* values
-export TF_HTTP_ADDRESS="${TF_HTTP_ADDRESS:-${TF_ADDRESS}}"
-export TF_HTTP_LOCK_ADDRESS="${TF_HTTP_LOCK_ADDRESS:-${TF_ADDRESS}/lock}"
-export TF_HTTP_LOCK_METHOD="${TF_HTTP_LOCK_METHOD:-POST}"
-export TF_HTTP_UNLOCK_ADDRESS="${TF_HTTP_UNLOCK_ADDRESS:-${TF_ADDRESS}/lock}"
-export TF_HTTP_UNLOCK_METHOD="${TF_HTTP_UNLOCK_METHOD:-DELETE}"
-export TF_HTTP_USERNAME="${TF_HTTP_USERNAME:-${TF_USERNAME}}"
-export TF_HTTP_PASSWORD="${TF_HTTP_PASSWORD:-${TF_PASSWORD}}"
-export TF_HTTP_RETRY_WAIT_MIN="${TF_HTTP_RETRY_WAIT_MIN:-5}"
-
 apply() {
  if ! terraform_is_at_least 0.13.2; then
    tfplantool -f "${plan_cache}" backend set -k password -v "${TF_PASSWORD}"