From b7d4904e7efcdf491714055e3c01dbdb4f493421 Mon Sep 17 00:00:00 2001
From: Simon Rondelez <simonrondelez@me.com>
Date: Wed, 12 Jun 2024 15:07:54 +0200
Subject: [PATCH] feat: Add Terragrunt runner image (#51)

* Create docker image for terragrunt runner

* Wrap up terragunt container
---
 .../workflows/publish-terragrunt-image.yml    | 41 ++++++++++++++++
 README.md                                     | 11 +++++
 terragrunt/Dockerfile                         | 48 +++++++++++++++++++
 3 files changed, 100 insertions(+)
 create mode 100644 .github/workflows/publish-terragrunt-image.yml
 create mode 100644 terragrunt/Dockerfile

diff --git a/.github/workflows/publish-terragrunt-image.yml b/.github/workflows/publish-terragrunt-image.yml
new file mode 100644
index 0000000..b9f138a
--- /dev/null
+++ b/.github/workflows/publish-terragrunt-image.yml
@@ -0,0 +1,41 @@
+name: Publish Terragrunt Image
+
+on:
+  push:
+    paths:
+      - "terragrunt/**"
+      - ".github/workflows/publish-terragrunt-image.yml"
+    branches:
+      - master
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/terragrunt
+
+jobs:
+  build-latest:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU #emulation support with QEMU to be able to build against more platforms.
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push the container to GitHub Container Registry using the latest tag
+        uses: docker/build-push-action@v5.3.0
+        with:
+          context: .
+          file: terragrunt/Dockerfile
+          platforms: |
+            linux/amd64
+            linux/arm64
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          push: true
+          provenance: false
diff --git a/README.md b/README.md
index 4ae007f..45a4cdc 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,17 @@ This is a Docker image for [Teleport](https://gravitational.com/teleport/)
 
 This will build a Teleport image from the Debian base image. This Dockerfile expects the released Teleport binaries in `teleport/teleport` folder.
 
+## Terragrunt
+
+This is a Docker image that contains all the tools needed to run Terragrunt in Skyscrapers:
+
+* [AWS CLI](https://aws.amazon.com/cli/)
+* [Helm](https://helm.sh/)
+* [Kubectl](https://kubernetes.io/docs/reference/kubectl/overview/)
+* [OpenTofu](https://github.com/opentofu/opentofu)
+* [Sops](https://github.com/mozilla/sops)
+* [Terragrunt](https://terragrunt.gruntwork.io/)
+
 ## volume-populator
 
 This container is used to populate volumes from configmaps. Useful in Kubernetes as an init container to populate a volume with data before the application starts.
diff --git a/terragrunt/Dockerfile b/terragrunt/Dockerfile
new file mode 100644
index 0000000..ffda367
--- /dev/null
+++ b/terragrunt/Dockerfile
@@ -0,0 +1,48 @@
+# Versions
+ARG ALPINE_VERSION=3.20
+ARG TOFU_VERSION=1.6.2
+ARG SOPS_VERSION=v3.8.1
+
+FROM ghcr.io/getsops/sops:${SOPS_VERSION}-alpine as sops
+FROM ghcr.io/opentofu/opentofu:${TOFU_VERSION} as tofu
+
+FROM alpine:${ALPINE_VERSION} as build
+
+ARG TARGETARCH=arm64
+ARG TERRAGRUNT_VERSION=v0.58.6
+ARG KUBECTL_VERSION=v1.30.0
+ARG HELM_VERSION=v3.15.1
+
+RUN apk update && \
+  apk add curl ca-certificates
+
+RUN curl -L \
+  https://github.com/gruntwork-io/terragrunt/releases/download/${TERRAGRUNT_VERSION}/terragrunt_linux_amd64 -o terragrunt && \
+  chmod +x terragrunt && \
+  mv terragrunt /usr/local/bin/
+RUN terragrunt --version
+
+RUN curl -L -o kubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl && \
+  curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl.sha256" && \
+  echo "$(cat kubectl.sha256)  kubectl" | sha256sum -c && \
+  chmod +x kubectl && \
+  mv kubectl /usr/local/bin/kubectl
+
+RUN curl -LO https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz && \
+  curl -LO https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz.sha256sum && \
+  sha256sum -c helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz.sha256sum && \
+  tar -xvzf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz && \
+  chmod +x linux-${TARGETARCH}/helm && \
+  mv linux-${TARGETARCH}/helm /usr/local/bin/helm
+
+FROM alpine:${ALPINE_VERSION}
+
+RUN apk update && \
+  apk add aws-cli jq yq-go git
+RUN aws --version
+
+COPY --from=sops /usr/local/bin/sops /usr/local/bin/sops
+COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu
+COPY --from=build /usr/local/bin/terragrunt /usr/local/bin/terragrunt
+COPY --from=build /usr/local/bin/kubectl /usr/local/bin/kubectl
+COPY --from=build /usr/local/bin/helm /usr/local/bin/helm