HomeDevopsLab · kkrolikowski · Aug 3, 2025 · Aug 3, 2025 · Aug 3, 2025
diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
@@ -0,0 +1,140 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "v*"
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: iac-tools
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata
+        if: startsWith(github.ref, 'refs/tags/')
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=sha,prefix={{branch}}-
+
+      - name: Build and push Docker image
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  test:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.event_name == 'pull_request'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build test image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          load: true
+          tags: test-image
+          cache-from: type=gha
+
+      - name: Test Terraform
+        run: |
+          echo "Testing Terraform installation..."
+          docker run --rm test-image terraform --version
+
+      - name: Test Terragrunt
+        run: |
+          echo "Testing Terragrunt installation..."
+          docker run --rm test-image terragrunt --version
+
+      - name: Test Ansible
+        run: |
+          echo "Testing Ansible installation..."
+          docker run --rm test-image ansible --version
+
+      - name: Test Git
+        run: |
+          echo "Testing Git installation..."
+          docker run --rm test-image git --version
+
+  security-scan:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.event_name == 'pull_request'
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build image for scanning
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          load: true
+          tags: scan-image
+          cache-from: type=gha
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: "scan-image"
+          format: "sarif"
+          output: "trivy-results.sarif"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: "trivy-results.sarif"
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,29 @@
+FROM ubuntu:24.04
+LABEL maintainer="Krzysztof Królikowski <kkrolikowski@gmail.com>"
+LABEL description="Docker image for a basic Ubuntu setup with IAC tools"
+LABEL version="1.0"
+
+ENV DEBIAN_FRONTEND="noninteractive"
+ENV TERRAGRUNT_VERSION="v0.77.22"
+ENV TF_VERSION="1.11.4"
+ENV ARCH="amd64"
+ENV OS="linux"
+ENV BINARY_NAME="terragrunt_${OS}_${ARCH}"
+ENV PATH="$PATH:/root/.local/bin"
+
+RUN apt-get update && \
+    apt-get install -y \
+    git \
+    curl \
+    unzip \
+    pipx && \
+    rm -rf /var/lib/apt/lists/*
+RUN curl -L "https://github.com/gruntwork-io/terragrunt/releases/download/${TERRAGRUNT_VERSION}/${BINARY_NAME}" -o "${BINARY_NAME}" && \
+    chmod +x "${BINARY_NAME}" && \
+    mv "${BINARY_NAME}" /usr/local/bin/terragrunt
+RUN curl -L "https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_${OS}_${ARCH}.zip" -o terraform.zip && \
+    unzip terraform.zip && \
+    mv terraform /usr/local/bin/ && \
+    rm terraform.zip && \
+    chmod +x /usr/local/bin/terraform
+RUN pipx install --include-deps ansible
diff --git a/README.md b/README.md
@@ -0,0 +1,126 @@
+# IAC Tools Docker Image
+
+A Docker image containing essential Infrastructure as Code (IAC) tools for automating infrastructure management and deployment.
+
+## Overview
+
+This Docker image is based on Ubuntu 24.04 and includes popular IAC tools commonly used in DevOps workflows:
+
+- **Terraform** - Infrastructure provisioning tool
+- **Terragrunt** - Terraform wrapper for managing multiple environments
+- **Ansible** - Configuration management and automation tool
+
+## Included Tools
+
+| Tool       | Version  | Description                                                                                      |
+| ---------- | -------- | ------------------------------------------------------------------------------------------------ |
+| Terraform  | 1.11.4   | Infrastructure as Code tool for building, changing, and versioning infrastructure                |
+| Terragrunt | v0.77.22 | Thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules |
+| Ansible    | Latest   | Automation platform for configuration management, application deployment, and task automation    |
+
+## Additional Packages
+
+- Git - Version control system
+- Curl - Command line tool for transferring data
+- Unzip - Archive extraction utility
+- Pipx - Tool for installing and running Python applications in isolated environments
+
+## Usage
+
+### Pull the image
+
+```bash
+# From Docker Hub (after CI/CD setup)
+docker pull <your-dockerhub-username>/iac-tools:latest
+
+# Or build locally
+docker build -t iac-tools:latest .
+```
+
+### Run the container
+
+```bash
+# Interactive shell
+docker run -it --rm iac-tools:latest /bin/bash
+
+# Mount your workspace
+docker run -it --rm -v $(pwd):/workspace -w /workspace iac-tools:latest /bin/bash
+
+# Run specific commands
+docker run --rm -v $(pwd):/workspace -w /workspace iac-tools:latest terraform --version
+docker run --rm -v $(pwd):/workspace -w /workspace iac-tools:latest terragrunt --version
+docker run --rm -v $(pwd):/workspace -w /workspace iac-tools:latest ansible --version
+```
+
+### Docker Compose
+
+You can also use this image with Docker Compose:
+
+```yaml
+version: "3.8"
+services:
+  iac-tools:
+    image: iac-tools:latest
+    volumes:
+      - .:/workspace
+    working_dir: /workspace
+    stdin_open: true
+    tty: true
+```
+
+## Building the Image
+
+### Local Build
+To build the image locally:
+
+```bash
+docker build -t iac-tools:latest .
+```
+
+### Automated CI/CD
+This repository includes a GitHub Actions workflow that automatically:
+- Builds multi-platform Docker images (amd64/arm64) on every push
+- Tests all included tools (Terraform, Terragrunt, Ansible, Git)
+- Performs security vulnerability scanning
+- Publishes to Docker Hub on main branch and tags
+
+See [GITHUB_ACTIONS_SETUP.md](GITHUB_ACTIONS_SETUP.md) for detailed setup instructions.
+
+## Environment Variables
+
+- `DEBIAN_FRONTEND=noninteractive` - Prevents interactive prompts during package installation
+- `TERRAGRUNT_VERSION=v0.77.22` - Specifies the Terragrunt version to install
+- `TF_VERSION=1.11.4` - Specifies the Terraform version to install
+- `ARCH=amd64` - Target architecture
+- `OS=linux` - Target operating system
+- `PATH` - Includes `/root/.local/bin` for pipx-installed tools
+
+## Use Cases
+
+This image is ideal for:
+
+- CI/CD pipelines requiring infrastructure automation
+- Development environments for IAC workflows
+- Consistent tooling across different environments
+- Containerized infrastructure deployments
+- Learning and experimenting with IAC tools
+
+## Security
+
+- The image runs as root user (default for this use case)
+- Base image is Ubuntu 24.04 with latest security updates
+- Only essential packages are installed to minimize attack surface
+
+## Maintenance
+
+- **Maintainer**: Krzysztof Królikowski <kkrolikowski@gmail.com>
+- **Version**: 1.0
+- **Base Image**: Ubuntu 24.04
+
+## License
+
+See the [LICENSE](LICENSE) file for license information.
+
+## Contributing
+
+Feel free to submit issues and enhancement requests!