Ready-to-use Docker container image for AWS CodeBuild/CodePipeline, Bitbucket Pipelines, CircleCI, GitHub Actions, GitLab runner jobs and Google Cloud Build.
Image:
cyclenerd/cloud-tools-container:latest
Multiarch support:
amd64: Intel or AMD 64-Bit CPU (x86-64)arm64: Arm-based 64-Bit CPU (i.e. Apple silicon, AWS Graviton, Ampere Altra)
Note
This project leverages GitHub Actions (https://github.com/Cyclenerd/cloud-tools-container/actions) for streamlined automated builds and deployments. The Container image is rebuilt on a weekly basis, every Monday.
This Docker container image is based on the Ubuntu 24.04 release (ubuntu:noble).
The following software is included and tested:
- Ansible infrastructure as configuration (IaC) software tool (
ansibleandansible-playbook) - AWS command line interface (CLI) tools (
aws) - Firebase command line interface (CLI) tools (
firebase) - fuego command line firestore client (
fuego) - Hetzner Cloud CLI (
hcloud) - GCR Cleaner deletes old container images on registries (
gcr-cleaner-cli) - Google Cloud command line interface (CLI) tools (
gcloud,gsutilandbq) - Open Policy Agent general-purpose policy engine, context-aware policy enforcement (
opa) - Packer (
packer) - ShellCheck analysis and linting tool for Shell/Bash scripts (
shellcheck) - skopeo command line utility that performs various operations on container images and repositories (
skopeo) - Terraform infrastructure as configuration (IaC) software tool (
terraform)- terraform-docs generates documentation from Terraform modules (
terraform-docs) - Terragrunt thin wrapper that provides extra tools (
terragrunt) - tflint linting tool for Terraform code (
tflint) - tfsec analysis security scanner for Terraform code (
tfsec)
- terraform-docs generates documentation from Terraform modules (
- Kubernetes
- Helm package manager for Kubernetes (
helm) - Kubernetes cluster manager command line tool for communicating with a Kubernetes cluster (
kubectl)
- Helm package manager for Kubernetes (
- Vault password manager and authentication tool (
vault) - yq command-line YAML, JSON and XML processor (
yq) - Base packages
- GNU bash 5 (
bash) - apt-utils
- Advanced Packaging Tool package manager (
apt,apt-get)
- Advanced Packaging Tool package manager (
- build-essential
- GNU C compiler
gcc - make utility for directing compilation (
make)
- GNU C compiler
- Common CA certificates
- curl tool for transferring data with URL syntax (
curl) - DiG DNS lookup utility (
dig) - FIGlet prints its input using large characters (
figlet) - git distributed revision control system (
git) - jq JSON processor (
jq) - Mutt command line email client (
mutt) - Node.js JavaScript runtime environment (
node)- npm package manager for the JavaScript (
npm)
- npm package manager for the JavaScript (
- OpenSSL cryptography toolkit (
openssl) - OpenSSH remote login client (
ssh) - Perl 5 programming language (
perl)- cpanm modules installer for Perl (
cpanm)
- cpanm modules installer for Perl (
- Python 3 programming language (
python3)- pip package installer for Python (
pip3)
- pip package installer for Python (
- Go programming language (
go) - GNU tar archiving utility (
tar) - De-archiver for .zip files (
unzip) - Archiver for .zip files (
zip)
- GNU bash 5 (
Runs a command in the container, pulling the image if needed and starting the container.
Docker run command:
docker run cyclenerd/cloud-tools-container:latest aws --versionPodman run command:
podman run docker.io/cyclenerd/cloud-tools-container:latest aws --versionExample configurations for various CI/CD tools.
AWS CodeBuild configuration:
{
"environment": {
"type": "LINUX_CONTAINER",
"image": "cyclenerd/cloud-tools-container:latest",
"computeType": "BUILD_GENERAL1_SMALL"
},
}Google Cloud Build (cloudbuild.yaml) configuration file:
steps:
- name: 'cyclenerd/cloud-tools-container:latest'
entrypoint: 'gcloud'
args: ['--version']GitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Service Account Key:
variables:
GOOGLE_APPLICATION_CREDENTIALS: "/tmp/service_account_key.json"
default:
image: cyclenerd/cloud-tools-container:latest
before_script:
# Login
- echo "$YOUR_GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY" > "$GOOGLE_APPLICATION_CREDENTIALS"
- gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS"
stages:
- auth
gcloud-auth-list:
stage: auth
script:
- gcloud auth listGitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Workload Identity Federation login:
variables:
WIF_PROVIDER: projects/1057256049272/locations/global/workloadIdentityPools/gitlab-com/providers/gitlab-com-oidc
SERVICE_ACCOUNT: gitlab-ci@nkn-it-wif-demo.iam.gserviceaccount.com
GOOGLE_CREDENTIALS: gcp_temp_cred.json
default:
image: cyclenerd/cloud-tools-container:latest
before_script:
# Login
- echo "${CI_JOB_JWT_V2}" > gitlab_jwt_token.txt
- gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
--service-account="${SERVICE_ACCOUNT}"
--output-file=${GOOGLE_CREDENTIALS}
--credential-source-file=gitlab_jwt_token.txt
- gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
stages:
- auth
gcloud-auth-list:
stage: auth
script:
- gcloud auth listBitbucket pipeline configuration (bitbucket-pipelines.yml) with Google Cloud Workload Identity Federation login:
image: cyclenerd/cloud-tools-container:latest
pipelines:
default:
- step:
name: "Workload Identity Federation"
# Enable OIDC
oidc: true
max-time: 5
script:
# Set variables
- export WIF_PROVIDER='projects/753695557698/locations/global/workloadIdentityPools/bitbucket-org/providers/bitbucket-org-oidc'
- export SERVICE_ACCOUNT='bitbucket-pipeline@nkn-it-wif-demo-0.iam.gserviceaccount.com'
- export GOOGLE_CREDENTIALS='gcp_temp_cred.json'
# Configure Workload Identity Federation via a credentials file.
- echo ${BITBUCKET_STEP_OIDC_TOKEN} > .ci_job_jwt_file
- gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
--service-account="${SERVICE_ACCOUNT}"
--output-file="${GOOGLE_CREDENTIALS}"
--credential-source-file=.ci_job_jwt_file
- gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
# Now you can run gcloud commands authenticated as the impersonated service account.GitHub Actions configuration:
jobs:
cloud-tools-container:
runs-on: 'ubuntu-latest'
# Use container to run the steps in a job
container:
image: 'docker://cyclenerd/cloud-tools-container:latest'
steps:
- name: "Terraform"
run: terraform --versionCircleCI configuration:
jobs:
cloud-tools-container:
docker:
- image: cyclenerd/cloud-tools-container:latest
steps:
- run:
name: Google Cloud CLI
command: gcloud --versionMulti-Platform Image (AMD64 and ARM64)
To build a container image that can run on both AMD64 and ARM64 architectures, use the following command:
podman manifest create "cloud-tools-container"
podman build . \
--manifest "cloud-tools-container" \
--platform "linux/amd64,linux/arm64" \
--tag "cloud-tools-container:multi"Platform-Specific Images
Create a container image only for Intel or AMD 64-Bit CPU (x86-64):
podman build . \
--platform "linux/amd64" \
--tag "cloud-tools-container:amd64"Create a container image only for Arm-based 64-Bit CPU:
podman build . \
--platform "linux/arm64" \
--tag "cloud-tools-container:arm64"(Alternative) Combining Images into a Multi-Platform Image
To combine platform-specific images into one multi-platform image:
podman manifest create "cloud-tools-container:multi" \
--amend "cloud-tools-container:amd64" \
--amend "cloud-tools-container:arm64"
podman manifest inspect "cloud-tools-container:multi" | jqHave a patch that will benefit this project? Awesome! Follow these steps to have it accepted.
- Please read how to contribute.
- Fork this Git repository and make your changes.
- Create a Pull Request.
- Incorporate review feedback to your changes.
- Accepted!
All files in this repository are under the Apache License, Version 2.0 unless noted otherwise.