Update Debian base image, terraform version and dependencies (#51)

* remove generated container struture test config * add support for tf 1.0.2 * rename local dev script * correct typos in dockerignore config * move to debian bullseye base iamge, update dependancies and related tests * correct some comment and filters in actions * update readme Co-authored-by: bgauduch <user.personal@users.noreply.github.com>
zenika-open-source · Sep 14, 2021 · 8c12279 · 8c12279
1 parent 71112e5
commit 8c12279
Show file tree

Hide file tree

Showing 11 changed files with 44 additions and 91 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,5 +1,5 @@
 # explicitely exclude all files from the build context
-# (each file needed in the Dockefile need to be included manually)
+# (each file needed in the Dockefile needs to be included manually)
 *
 
 # Specific to Terraform installation

diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -16,6 +16,7 @@ on:
       - "hashicorp.asc"
       - "tests/*"
       - ".dockerignore"
+      - "hadolint.yaml"
       - ".github/workflows/build-test.yml"
 
 env:

diff --git a/.github/workflows/dockerhub-description-update.yml b/.github/workflows/dockerhub-description-update.yml
@@ -1,4 +1,7 @@
 name: dockerhub-description-update
+
+# trigger on any push on master
+# only for readme related modifications
 on:
   push:
     branches:

diff --git a/.github/workflows/lint-dockerfile.yml b/.github/workflows/lint-dockerfile.yml
@@ -2,7 +2,7 @@ name: lint-dockerfile
 
 # trigger on any push
 # but not on master or tags
-# and only for dockerfile modifications
+# and only for dockerfile related modifications
 on:
   push:
     tags-ignore:

diff --git a/.github/workflows/push-latest.yml b/.github/workflows/push-latest.yml
@@ -1,7 +1,7 @@
 name: push-latest
 
 # trigger on push to master
-# only on image-related modifications
+# only on Dockerfile related modifications
 on:
   push:
     branches:
@@ -12,6 +12,7 @@ on:
       - "hashicorp.asc"
       - "tests/**"
       - ".dockerignore"
+      - "hadolint.yaml"
       - ".github/workflows/push-latest.yml"
 
 env:

diff --git a/Dockerfile b/Dockerfile
@@ -1,17 +1,17 @@
 # Setup build arguments with default versions
 ARG AWS_CLI_VERSION
 ARG TERRAFORM_VERSION
-ARG PYTHON_MAJOR_VERSION=3.7
-ARG DEBIAN_VERSION=buster-20210511-slim
+ARG PYTHON_MAJOR_VERSION=3.9
+ARG DEBIAN_VERSION=bullseye-20210902-slim
 
 # Download Terraform binary
 FROM debian:${DEBIAN_VERSION} as terraform
 ARG TERRAFORM_VERSION
 RUN apt-get update
-RUN apt-get install --no-install-recommends -y curl=7.64.0-4+deb10u2
-RUN apt-get install --no-install-recommends -y ca-certificates=20200601~deb10u2
-RUN apt-get install --no-install-recommends -y unzip=6.0-23+deb10u2
-RUN apt-get install --no-install-recommends -y gnupg=2.2.12-1+deb10u1
+RUN apt-get install --no-install-recommends -y curl=7.74.0-1.3+b1
+RUN apt-get install --no-install-recommends -y ca-certificates=20210119
+RUN apt-get install --no-install-recommends -y unzip=6.0-26
+RUN apt-get install --no-install-recommends -y gnupg=2.2.27-2
 WORKDIR /workspace
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
@@ -28,9 +28,9 @@ FROM debian:${DEBIAN_VERSION} as aws-cli
 ARG AWS_CLI_VERSION
 ARG PYTHON_MAJOR_VERSION
 RUN apt-get update
-RUN apt-get install -y --no-install-recommends python3=${PYTHON_MAJOR_VERSION}.3-1
-RUN apt-get install -y --no-install-recommends python3-pip=18.1-5
-RUN pip3 install --no-cache-dir setuptools==57.0.0
+RUN apt-get install -y --no-install-recommends python3=${PYTHON_MAJOR_VERSION}.2-3
+RUN apt-get install -y --no-install-recommends python3-pip=20.3.4-4
+RUN pip3 install --no-cache-dir setuptools==58.0.4
 RUN pip3 install --no-cache-dir awscli==${AWS_CLI_VERSION}
 
 # Build final image
@@ -39,10 +39,10 @@ LABEL maintainer="bgauduch@github"
 ARG PYTHON_MAJOR_VERSION
 RUN apt-get update \
   && apt-get install -y --no-install-recommends \
-    ca-certificates=20200601~deb10u2 \
-    git=1:2.20.1-2+deb10u3 \
-    jq=1.5+dfsg-2+b1 \
-    python3=${PYTHON_MAJOR_VERSION}.3-1 \
+    ca-certificates=20210119\
+    git=1:2.30.2-1 \
+    jq=1.6-2.1 \
+    python3=${PYTHON_MAJOR_VERSION}.2-3 \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* \
   && update-alternatives --install /usr/bin/python python /usr/bin/python${PYTHON_MAJOR_VERSION} 1

diff --git a/README.md b/README.md
@@ -2,8 +2,8 @@
 [![build-test](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/build-test.yml/badge.svg)](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/build-test.yml)
 [![push-latest](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/push-latest.yml/badge.svg)](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/push-latest.yml)
 [![release](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/release.yml/badge.svg)](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/release.yml)
-[![dockerhub-description-update](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/dockerhub-description-update.yml/badge.svg)](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/dockerhub-description-update.yml)
 
+[![dockerhub-description-update](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/dockerhub-description-update.yml/badge.svg)](https://github.com/zenika-open-source/terraform-aws-cli/actions/workflows/dockerhub-description-update.yml)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Docker Pulls](https://img.shields.io/docker/pulls/zenika/terraform-aws-cli.svg)](https://hub.docker.com/r/zenika/terraform-aws-cli/)
 
@@ -16,11 +16,11 @@ Supported versions are listed in the [`supported_versions.json`](https://github.
 
 The following image tag strategy is applied:
 * `zenika/terraform-aws-cli:latest` - build from master
-  * Included CLI versions are the newest in the [`supported_versions.json` ](https://github.com/Zenika/terraform-aws-cli/blob/master/supported_versions.json) file.<>
+  * Included CLI versions are the newest in the [`supported_versions.json` ](https://github.com/Zenika/terraform-aws-cli/blob/master/supported_versions.json) file.
 * `zenika/terraform-aws-cli:release-S.T_terraform-UU.VV.WW_awscli-XX.YY.ZZ` - build from releases
   * `release-S.T` is the release tag
-  * `terraform-UU.VV.WWW` is the Terraform version included in the image
-  * `awscli-XX.YY.ZZ` is the AWS CLI version included in the image
+  * `terraform-UU.VV.WWW` is the **Terraform** version included in the image
+  * `awscli-XX.YY.ZZ` is the **AWS CLI** version included in the image
 
 Please report to the [releases page](https://github.com/Zenika/terraform-aws-cli/releases) for the changelogs.
 
@@ -34,14 +34,11 @@ This image gives you the flexibility to be used for development or as a base ima
 ## 🔧 What's inside ?
 Tools included:
 
-* [AWS CLI](https://aws.amazon.com/fr/cli/)
-  * Included version indicated in the image tag: `awscli-XX.YY.ZZ`
 * [Terraform CLI](https://www.terraform.io/docs/commands/index.html)
-  * Included version indicated in the image tag: `terraform-XX.YY.ZZ`
-  * See available versions on the [project release page](https://github.com/hashicorp/terraform/releases)
-* [Git](https://git-scm.com/) for Terraform remote module usage, see available versions on the [Debian Packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=git)
+* [AWS CLI](https://aws.amazon.com/fr/cli/)
+* [Git](https://git-scm.com/) for Terraform remote module usage
 * [Python 3](https://www.python.org/)
-* [jq](https://stedolan.github.io/jq/) to process JSON returned by AWS, see available versions on the [Debian Packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=jq)
+* [jq](https://stedolan.github.io/jq/) to process JSON returned by AWS
 * This image uses a non-root user with a UID and GID of 1001 to conform with docker security best practices.
 
 ## 🚀 Usage
@@ -69,7 +66,7 @@ It will :
 
 ```bash
 # launch build script
-./build.sh
+./dev.sh
 ```
 
 Optionally, it is possible to choose the tools desired versions :
@@ -80,7 +77,7 @@ AWS_CLI_VERSION=1.18.189
 TERRAFORM_VERSION=0.14.0
 
 # launch the build script with parameters
-./build.sh $AWS_CLI_VERSION $TERRAFORM_VERSION
+./dev.sh $AWS_CLI_VERSION $TERRAFORM_VERSION
 ```
 
 ## 🙏 Contributions
@@ -89,20 +86,21 @@ Do not hesitate to contribute by [filling an issue](https://github.com/Zenika/te
 ## ⬆️ Dependencies upgrades checklist
 
 * Supported versions:
-  * check AWS CLI version, available on the [project release page](https://github.com/aws/aws-cli/releases)
-  * check Terraform CLI version (keep all minor versions from 0.11), available on the [project release page](https://github.com/hashicorp/terraform/releases)
+  * check available **AWS CLI** version on the [project release page](https://github.com/aws/aws-cli/releases)
+  * check available **Terraform CLI** version (keep all minor versions from 0.11) available on the [project release page](https://github.com/hashicorp/terraform/releases)
 * Dockerfile:
-  * check base image version on DockerHub
+  * check **base image** version on DockerHub
   * check OS package versions on Debian package repository
-    * Available Git versions on the [Debian Packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=git)
-    * Available Python versions on the [Debian packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=python3)
+    * Available **Git** versions on the [Debian Packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=git)
+    * Available **Python** versions on the [Debian packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=python3)
+    * Available **JQ** versions on the [Debian Packages repository](https://packages.debian.org/search?suite=buster&arch=any&searchon=names&keywords=jq)
     * same process for all other packages
-  * check Pip package versions on [pypi](https://pypi.org/)
+  * check **Pip** package versions on [pypi](https://pypi.org/)
 * Github actions:
   * check [runner version](https://github.com/actions/virtual-environments#available-environments)
-  * check each action release versions
+  * check **each action release** versions
 * Build scripts:
-  * check container tags:
+  * check **container tags**:
     * [Hadolint releases](https://github.com/hadolint/hadolint/releases)
     * [Container-structure-test](https://github.com/GoogleContainerTools/container-structure-test/releases)
 * Readme:

diff --git a/build.sh → dev.sh b/build.sh → dev.sh
diff --git a/supported_versions.json b/supported_versions.json
@@ -5,9 +5,9 @@
     "0.13.7",
     "0.14.11",
     "0.15.5",
-    "1.0.0"
+    "1.0.6"
   ],
   "awscli_version": [
-    "1.19.95"
+    "1.20.41"
   ]
 }
diff --git a/tests/container-structure-tests.yml b/tests/container-structure-tests.yml
diff --git a/tests/container-structure-tests.yml.template b/tests/container-structure-tests.yml.template
@@ -11,17 +11,17 @@ commandTests:
   - name: "Check Python version"
     command: "python"
     args: ["--version"]
-    expectedOutput: ["Python 3.7.3"]
+    expectedOutput: ["Python 3.9.2"]
 
   - name: "Check Git version"
     command: "git"
     args: ["--version"]
-    expectedOutput: ["git version 2.20.1"]
+    expectedOutput: ["git version 2.30.2"]
 
   - name: "Check JQ version"
     command: "jq"
     args: ["--version"]
-    expectedOutput: ["jq-1.5"]
+    expectedOutput: ["jq-1.6"]
 
   - name: "Check Terraform CLI version"
     command: "terraform"