Dockerfile.base

FROM debian:bullseye-20220622-slim
RUN apt-get update \
	&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
	apt-utils \
	bash \
	ca-certificates \
	curl \
	git \
	git-lfs \
	gnupg \
	groff \
	jq \
	less \
	libcap2 \
	openssh-client \
	openssl \
	python3 \
	python3-pip \
	python3-pycryptodome \
	python3-requests \
	python3-yaml \
	unzip \
	&& rm -rf /var/lib/apt/lists/*

ENV TENV_LATEST_VERSION=v3.2.10
RUN curl -O -L "https://github.com/tofuutils/tenv/releases/download/${TENV_LATEST_VERSION}/tenv_${TENV_LATEST_VERSION}_amd64.deb" && \
    dpkg -i "tenv_${TENV_LATEST_VERSION}_amd64.deb"

ENV INFRACOST_VERSION v0.10.29
RUN curl -fsSL -o /tmp/infracost-linux-amd64.tar.gz "https://github.com/terrateamio/packages/raw/main/infracost/infracost-${INFRACOST_VERSION}-linux-amd64.tar.gz" \
    && tar -C /tmp -xzf /tmp/infracost-linux-amd64.tar.gz \
    && mv /tmp/infracost-linux-amd64 /usr/local/bin/infracost \
    && rm -f /tmp/infracost-linux-amd64.tar.gz

ENV CONFTEST_VERSION 0.56.0
RUN mkdir /tmp/conftest \
    && curl -fsSL -o /tmp/conftest/conftest.tar.gz "https://github.com/terrateamio/packages/raw/main/conftest/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
    && tar -C /tmp/conftest -xzf /tmp/conftest/conftest.tar.gz \
    && mv /tmp/conftest/conftest /usr/local/bin/conftest \
    && rm -rf /tmp/conftest

ENV AWSCLI_VERSION 2.13.26
RUN mkdir /tmp/awscli \
    && curl -fsSL -o /tmp/awscli/awscli.zip "https://github.com/terrateamio/packages/raw/main/aws/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip" \
    && unzip -q /tmp/awscli/awscli.zip -d /tmp/awscli/ \
    && /tmp/awscli/aws/install > /dev/null \
    && rm -rf /tmp/awscli

ENV CHECKOV_VERSION=2.5.10
RUN pip3 install checkov==${CHECKOV_VERSION}

ENV RESOURCELY_VERSION=1.0.45

COPY ./bin/ /usr/local/bin
COPY proxy/bin /usr/local/proxy/bin
COPY conftest-wrapper /usr/local/bin/conftest-wrapper
COPY checkov-wrapper /usr/local/bin/checkov-wrapper
COPY cdktf-setup.sh /cdktf-setup.sh
COPY gcloud-cli-setup.sh /gcloud-cli-setup.sh
COPY azure-cli-setup.sh /azure-cli-setup.sh

# 2025-02-03 HCP removed its public key file from the internet for a few hours,
# which broke runs.  So we include the key file to protect against HCP outages.
RUN mkdir /usr/local/share/keys
COPY keys/hashicorp-pgp-key.txt /usr/local/share/keys
ENV TFENV_HASHICORP_PGP_KEY=/usr/local/share/keys/hashicorp-pgp-key.txt