automated commit

Signed-off-by: Public copy <41898282+github-actions[bot]@users.noreply.github.com>

images/nginx/config/main.tf

@@ -6,13 +6,87 @@ terraform {
 
 variable "extra_packages" {
   description = "The additional packages to install (e.g. nginx-mainline)."
+  type        = list(string)
+  default     = []
 }
 
-data "apko_config" "this" {
-  config_contents = file("${path.module}/template.apko.yaml")
-  extra_packages  = var.extra_packages
+variable "entrypoint" {
+  description = "The entrypoint for the image."
+  type        = string
+  default     = "/usr/sbin/nginx"
+}
+
+variable "command" {
+  description = "The command to be run as part of the entrypoint."
+  type        = string
+  default     = "-c /etc/nginx/nginx.conf -e /dev/stderr -g \"daemon off;\""
+}
+
+variable "extra_paths" {
+  description = "Extra paths to mount in the image."
+  default     = []
+}
+
+variable "uid" {
+  description = "UID of the user the image should run as."
+  type        = number
+  default     = 65532
+}
+
+variable "gid" {
+  description = "UID of the user the image should run as."
+  type        = number
+  default     = 65532
+}
+
+module "accts" {
+  source = "../../../tflib/accts"
+  name   = "nginx"
+  uid    = var.uid
+  gid    = var.gid
 }
 
 output "config" {
-  value = jsonencode(data.apko_config.this.config)
+  value = jsonencode({
+    contents = { packages = var.extra_packages }
+
+    accounts = module.accts.block
+
+    paths = concat([
+      {
+        path        = "/var/lib/nginx"
+        type        = "directory"
+        uid         = var.uid
+        gid         = var.gid
+        permissions = 493 // 0755
+        recursive   = true
+      },
+      {
+        path = "/var/lib/nginx/tmp"
+        uid  = var.uid
+        gid  = var.gid
+        type = "directory"
+        # Wide permissions required for running with tmpfs. Seems to be related to Docker bug https://github.com/moby/moby/issues/40881
+        permissions : 511 // 0777
+        recursive = true
+      },
+      {
+        path = "/var/run"
+        uid  = var.uid
+        gid  = var.gid
+        type = "directory"
+        # Wide permissions required for running with tmpfs. Seems to be related to Docker bug https://github.com/moby/moby/issues/40881
+        permissions = 511 // 0777
+        recursive   = false
+      },
+    ], var.extra_paths)
+
+    entrypoint = {
+      command = var.entrypoint
+    }
+
+    cmd = var.command
+
+    stop-signal = "SIGQUIT"
+  })
 }

images/nginx/main.tf

@@ -10,7 +10,7 @@ variable "target_repository" {
 
 module "latest-config" {
   source         = "./config"
-  extra_packages = ["nginx-mainline", "nginx-mainline-package-config", "docker-nginx"]
+  extra_packages = ["nginx-mainline", "nginx-mainline-package-config"]
 }
 
 module "latest" {

images/nginx/tests/main.tf

@@ -101,38 +101,3 @@ EOT
     },
   ]
 }
-
-resource "imagetest_feature" "check-template" {
-  name    = "check template"
-  harness = imagetest_harness_docker.docker
-
-  steps = [
-    {
-      name = "Copy template file"
-      cmd  = <<EOT
-cp /tests/new.conf.template /data
-EOT
-    },
-    {
-      name = "Check templated startup"
-      cmd  = <<EOT
-cleanup () {
-  docker logs $CONTAINER_NAME
-  docker rm -f $CONTAINER_NAME
-  docker network rm $NETWORK_NAME
-}
-
-trap cleanup EXIT
-
-CONTAINER_NAME="nginx-template-$RANDOM_PET_SUFFIX"
-NETWORK_NAME="nginx-template-$RANDOM_PET_SUFFIX"
-NGINX_PORT=8888
-
-docker network create $NETWORK_NAME
-
-docker run -d --name $CONTAINER_NAME --network $NETWORK_NAME --env PORT=$NGINX_PORT -v $VOLUME_ID:/etc/nginx/templates/ $IMAGE_NAME
-docker run --rm --network $NETWORK_NAME cgr.dev/chainguard/curl:latest http://$CONTAINER_NAME:$NGINX_PORT
-EOT
-    },
-  ]
-}