Add Atlantis image per skyscrapers/platform#1204 (#52)

skyscrapers · Jun 12, 2024 · c75ef02 · c75ef02
1 parent b7d4904
commit c75ef02
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 0 deletions.
diff --git a/.github/workflows/publish-atlantis-image.yml b/.github/workflows/publish-atlantis-image.yml
@@ -0,0 +1,70 @@
+name: Publish Atlantis Image
+
+on:
+  push:
+    paths:
+      - "atlantis/**"
+      - ".github/workflows/publish-atlantis-image.yml"
+    branches:
+      - master
+  schedule:
+    - cron: "0 0 * * *" # Run every day at midnight
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/atlantis
+
+jobs:
+  build-latest:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU #emulation support with QEMU to be able to build against more platforms.
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Fetch latest release from upstream
+        id: fetch_release
+        run: |
+          latest_release=$(curl --silent "https://api.github.com/repos/runatlantis/atlantis/releases/latest" | jq -r .tag_name)
+          echo "Latest upstream release: $latest_release"
+          echo "::set-output name=upstream_release::$latest_release"
+      - name: Get the latest release from our repository
+        id: get_current_release
+        run: |
+          latest_tag=$(curl --silent -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://ghcr.io/v2/skyscrapers/atlantis/tags/list" | jq -r '.tags[]' | grep -v latest | sort -rV | head -n 1)
+          echo "Current release: $latest_tag"
+          echo "::set-output name=current_release::$latest_tag"
+      - name: Compare releases
+        id: compare_releases
+        run: |
+          if [ "${{ steps.fetch_release.outputs.upstream_release }}" != "${{ steps.get_current_release.outputs.current_release }}" ]; then
+            echo "New release found: ${{ steps.fetch_release.outputs.upstream_release }}"
+            echo "::set-output name=new_release::true"
+          else
+            echo "No new release found"
+            echo "::set-output name=new_release::false"
+          fi
+      - name: Build and push the container to GitHub Container Registry using the latest tag
+        if: steps.compare_releases.outputs.new_release == 'true'
+        uses: docker/build-push-action@v5.3.0
+        with:
+          context: .
+          file: atlantis/Dockerfile
+          build-args: |
+            ATLANTIS_VERSION=${{ steps.fetch_release.outputs.upstream_release }}
+          platforms: |
+            linux/amd64
+            linux/arm64
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.fetch_release.outputs.upstream_release }}
+          push: true
+          provenance: false
diff --git a/README.md b/README.md
@@ -13,6 +13,10 @@ Our layer adds our most used tools onto the official image.
 
 The image is build with GitHub actions and pushed to the `ghcr.io/skyscrapers/actions-runner` repository.
 
+## Atlantis
+
+This is a Docker image for [Atlantis](https://www.runatlantis.io/). We put our layer on top of the official Atlantis image that inludes our tools from our Terragrunt image.
+
 ## packer g10k
 
 This is a Docker image containing the following tools:

diff --git a/atlantis/Dockerfile b/atlantis/Dockerfile
@@ -0,0 +1,18 @@
+ARG ATLANTIS_VERSION=v0.28.1
+FROM ghcr.io/runatlantis/atlantis:${ATLANTIS_VERSION}
+
+USER root
+
+COPY --from=ghcr.io/skyscrapers/terragrunt:latest /usr/local/bin/sops /usr/local/bin/sops
+COPY --from=ghcr.io/skyscrapers/terragrunt:latest /usr/local/bin/tofu /usr/local/bin/tofu
+COPY --from=ghcr.io/skyscrapers/terragrunt:latest /usr/local/bin/terragrunt /usr/local/bin/terragrunt
+
+# Note: when atlantis moves to Alpine 3.20 update yq to yq-go: https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.20.0#yq
+RUN apk update && \
+  apk add aws-cli jq yq git
+RUN aws --version && \
+  terragrunt --version && \
+  sops --version && \
+  tofu --version
+
+USER atlantis