From 53f75d94c42de44570ecc610834d0feaf00db8d2 Mon Sep 17 00:00:00 2001
From: Andre Leite <andrleite@gmail.com>
Date: Fri, 13 Sep 2024 10:45:52 -0300
Subject: [PATCH] [CLD-8329]Create custom image for atlantis tool to run
 terraform (#1)

* [CLD-8329]Create custom image for atlantis tool to run terraform

* [CLD-8329]Keep atlantis version in makefile only

* [CLD-8329]comment trivy block because there's no image in the registry yet

* [CLD-8329]uncomment trivy block

* [CLD-8329]comment trivy block because there's no image in the registry yet
---
 .github/actions/docker-build/action.yaml  | 27 ++++++++++++++++
 .github/actions/docker-prepare/action.yml | 11 +++++++
 .github/workflows/ci.yml                  | 25 +++++++++++++++
 .gitignore                                |  1 +
 Dockerfile                                | 16 ++++++++++
 Makefile                                  | 39 +++++++++++++++++++++++
 README.md                                 | 34 ++++++++++++++++++++
 scripts/push-image-pr.sh                  |  5 +++
 scripts/push-image.sh                     | 12 +++++++
 9 files changed, 170 insertions(+)
 create mode 100644 .github/actions/docker-build/action.yaml
 create mode 100644 .github/actions/docker-prepare/action.yml
 create mode 100644 .github/workflows/ci.yml
 create mode 100644 .gitignore
 create mode 100644 Dockerfile
 create mode 100644 Makefile
 create mode 100755 scripts/push-image-pr.sh
 create mode 100755 scripts/push-image.sh

diff --git a/.github/actions/docker-build/action.yaml b/.github/actions/docker-build/action.yaml
new file mode 100644
index 0000000..ef5c5ba
--- /dev/null
+++ b/.github/actions/docker-build/action.yaml
@@ -0,0 +1,27 @@
+name: docker-build
+description: Reusable action to build repos' docker images
+
+runs:
+  using: composite
+  steps:
+    - name: ci/prepare-docker-environment
+      uses: ./.github/actions/docker-prepare
+
+    # - name: cd/scan-docker-security
+    #   uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+    #   with:
+    #     image-ref: "mattermost/atlantis"
+    #     format: "table"
+    #     ignore-unfixed: true
+    #     vuln-type: "os,library"
+    #     severity: "CRITICAL"
+
+    - name: cd/push-image-pr
+      run: "make push-image-pr"
+      shell: bash
+      if: github.event_name == 'pull_request'
+
+    - name: cd/push-image
+      run: "make build"
+      shell: bash
+      if: github.event_name != 'pull_request'
diff --git a/.github/actions/docker-prepare/action.yml b/.github/actions/docker-prepare/action.yml
new file mode 100644
index 0000000..4659544
--- /dev/null
+++ b/.github/actions/docker-prepare/action.yml
@@ -0,0 +1,11 @@
+---
+name: "docker-prepare"
+description: "Install docker requirements"
+
+runs:
+  using: "composite"
+  steps:
+    - name: ci/setup-buildx
+      uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0
+      with:
+        version: v0.12.0
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..2c604cc
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,25 @@
+name: ci
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: ci/checkout-repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: ci/build-docker
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
+        uses: ./.github/actions/docker-build
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..722d5e7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.vscode
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..c042b35
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+ARG ATLANTIS_VERSION
+
+FROM ghcr.io/runatlantis/atlantis:${ATLANTIS_VERSION}
+
+USER root
+
+RUN apk --no-cache add \
+    jq~=1 \
+    yq~=4 \
+    kubectl~=1 \
+	aws-cli \
+	&& rm -rf /var/cache/apk/*
+
+USER atlantis
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["server"]
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..0a62f07
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,39 @@
+ATLANTIS_VERSION ?= v0.27.3
+MATTERMOST_ATLANTIS_IMAGE ?= mattermost/atlantis:test
+PLATFORMS ?= linux/amd64,linux/arm64
+MATTERMOST_ATLANTIS_REPO=mattermost/atlantis
+
+build-image:
+	@if [ -z "$(DOCKER_USERNAME)" ] || [ -z "$(DOCKER_PASSWORD)" ]; then \
+		echo "DOCKER_USERNAME and/or DOCKER_PASSWORD not set. Skipping Docker login."; \
+	else \
+		echo $(DOCKER_PASSWORD) | docker login --username $(DOCKER_USERNAME) --password-stdin; \
+	fi
+	docker buildx build \
+		--build-arg ATLANTIS_VERSION=$(ATLANTIS_VERSION) \
+		--platform=$(PLATFORMS) \
+		-t $(MATTERMOST_ATLANTIS_IMAGE) \
+		--push .
+
+build-image-with-tag:
+	@if [ -z "$(DOCKER_USERNAME)" ] || [ -z "$(DOCKER_PASSWORD)" ]; then \
+		echo "DOCKER_USERNAME and/or DOCKER_PASSWORD not set. Skipping Docker login."; \
+	else \
+		echo $(DOCKER_PASSWORD) | docker login --username $(DOCKER_USERNAME) --password-stdin; \
+	fi
+	docker buildx build \
+		--build-arg ATLANTIS_VERSION=$(ATLANTIS_VERSION) \
+		--platform=$(PLATFORMS) \
+		-t $(MATTERMOST_ATLANTIS_IMAGE) \
+		-t $(MATTERMOST_ATLANTIS_REPO):${TAG} \
+		--push .
+
+.PHONY: push-image-pr
+push-image-pr:
+	@echo Push Image PR
+	./scripts/push-image-pr.sh
+
+.PHONY: push-image
+push-image:
+	@echo Push Image
+	./scripts/push-image.sh
diff --git a/README.md b/README.md
index 6d17691..db4ed68 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,35 @@
 # mattermost-atlantis-docker
+
+This repository contains the necessary files to build a custom Docker image for the [Atlantis](https://github.com/runatlantis/atlantis) tool using Docker Buildx. It supports building multi-platform images and pushing them to Docker Hub.
+
+## Prerequisites
+
+Before you begin, ensure you have the following installed:
+
+- [Docker](https://www.docker.com/) with [Buildx](https://docs.docker.com/buildx/working-with-buildx/) enabled
+- Make sure you are logged into Docker Hub or have the credentials available for login
+
+## Environment Variables
+
+To push the image to Docker Hub, the following environment variables should be set:
+
+- `DOCKER_USERNAME`: Your Docker Hub username
+- `DOCKER_PASSWORD`: Your Docker Hub password or access token
+
+## Variables
+
+The Makefile accepts the following optional variables:
+
+- `ATLANTIS_VERSION`: The version of Atlantis to include in the Docker image. Defaults to `v0.27.3`.
+- `MATTERMOST_ATLANTIS_IMAGE`: The name of the Docker image to build. Defaults to `mattermost/atlantis:test`.
+- `PLATFORMS`: The platforms for which to build the image. Defaults to `linux/amd64,linux/arm64`.
+- `MATTERMOST_ATLANTIS_REPO`: The Docker repository where the image will be pushed. Defaults to `mattermost/atlantis`.
+
+## Makefile Targets
+
+### `build-image`
+
+This command builds the Docker image and pushes it to the Docker repository specified by `MATTERMOST_ATLANTIS_IMAGE`.
+
+```bash
+make build-image
diff --git a/scripts/push-image-pr.sh b/scripts/push-image-pr.sh
new file mode 100755
index 0000000..63af7b5
--- /dev/null
+++ b/scripts/push-image-pr.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+set -u
+
+make build-image
diff --git a/scripts/push-image.sh b/scripts/push-image.sh
new file mode 100755
index 0000000..48502db
--- /dev/null
+++ b/scripts/push-image.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+if [ -n "${TAG}" ]
+  then
+    echo "Pushing ${TAG} for release ..."
+else
+  echo "Pushing latest for ${GITHUB_REF_NAME} ..."
+  export TAG="latest"
+fi
+
+make build-image-with-tag