ci/add circle ci (#11)

* fix: added hadolint * chore: updated vscode * chore: updated dockerignore * ci: added circleci
chrisleekr · Sep 2, 2023 · 87fb631 · 87fb631
1 parent 0bf9eab
commit 87fb631
Show file tree

Hide file tree

Showing 7 changed files with 107 additions and 9 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,78 @@
+version: 2.1
+
+orbs:
+  docker: circleci/docker@2.2.0
+
+jobs:
+  lint:
+    docker:
+      - image: $DOCKER_REGISTRY_DOMAIN/chrisleekr/multicloud-k8s-iac:build-<< pipeline.trigger_parameters.gitlab.commit_sha >>
+        auth:
+          username: $DOCKER_LOGIN
+          password: $DOCKER_PASSWORD
+    resource_class: small
+    working_directory: /srv
+    steps:
+      - run:
+          name: Lint Helm
+          command: |
+            ./scripts/validate-helm.sh
+      - run:
+          name: Lint Terraform
+          command: |
+            ./scripts/validate-terraform.sh
+  build-production:
+    docker:
+      - image: cimg/base:stable
+    steps:
+      - checkout
+      - run:
+          name: Download utilities
+          command: |
+            sudo apt update
+            sudo apt install qemu qemu-user-static
+      - setup_remote_docker:
+          docker_layer_caching: true
+      - run:
+          name: docker login
+          command: |
+            docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD $DOCKER_REGISTRY_DOMAIN
+      - run:
+          name: Setup Qemu
+          command: |
+            docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+            docker context create dind
+            docker buildx create --driver docker-container --use dind --driver-opt image=moby/buildkit:buildx-stable-1,network=host --name buildkit-<< pipeline.trigger_parameters.gitlab.commit_sha >>
+      - run:
+          name: Build production image
+          command: |
+            docker buildx build --progress plain --platform linux/amd64,linux/arm64 --pull --tag $DOCKER_REGISTRY_DOMAIN/chrisleekr/multicloud-k8s-iac:latest --push .
+
+
+workflows:
+  build-docker-image:
+    jobs:
+      - docker/hadolint:
+          dockerfiles: Dockerfile
+          checkout: true
+          executor-class: small
+          hadolint-tag: latest-debian
+      - docker/publish:
+          requires:
+            - docker/hadolint
+          dockerfile: Dockerfile
+          registry: $DOCKER_REGISTRY_DOMAIN
+          cache_from: $DOCKER_REGISTRY_DOMAIN/chrisleekr/multicloud-k8s-iac:cache
+          image: chrisleekr/multicloud-k8s-iac
+          tag: cache,build-<< pipeline.trigger_parameters.gitlab.commit_sha >>
+          extra_build_args: '--build-arg BUILDKIT_INLINE_CACHE=1'
+          use-buildkit: true
+      - lint:
+          requires:
+            - docker/publish
+      - build-production:
+          requires:
+            - lint
+          filters:
+            branches:
+              only: master
diff --git a/.dockerignore b/.dockerignore
@@ -22,3 +22,7 @@ yarn-error.log*
 .git
 
 .env
+.circleci
+.github
+.husky
+.vscode
diff --git a/.hadolint.yaml b/.hadolint.yaml
@@ -0,0 +1 @@
+strict-labels: true
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -9,6 +9,7 @@
     "timonwong.shellcheck",
     "foxundermoon.shell-format",
     "DavidAnson.vscode-markdownlint",
-    "GitHub.vscode-github-actions"
+    "GitHub.vscode-github-actions",
+    "exiasr.hadolint"
   ]
 }
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -7,14 +7,18 @@
   "cSpell.words": [
     "Autoscaler",
     "BUILDARCH",
+    "buildkit",
     "BUILDPLATFORM",
     "buildx",
     "chrislee",
     "chrisleekr",
+    "commitlint",
     "containerised",
     "dind",
+    "dockerfiles",
     "gcloud",
     "Grafana",
+    "hadolint",
     "innodbcluster",
     "interruptible",
     "kubectl",
@@ -24,8 +28,11 @@
     "multiarch",
     "multicloud",
     "popd",
+    "precommit",
     "Presslabs",
     "pushd",
+    "tfbackend",
+    "tflint",
     "vuejs"
   ],
   "search.exclude": {

diff --git a/Dockerfile b/Dockerfile
@@ -13,6 +13,10 @@ ARG TERRAFORM_VERSION=1.5.3
 # BUILDPLATFORM=linux/arm64/v8, BUILDARCH=arm64
 RUN echo "BUILDPLATFORM=$BUILDPLATFORM, BUILDARCH=$BUILDARCH"
 
+SHELL ["/bin/ash", "-o", "pipefail", "-c"]
+
+# Change to tmp folder
+WORKDIR /tmp
 # Install dependencies
 RUN set -eux; \
     \
@@ -23,10 +27,8 @@ RUN set -eux; \
     yq=4.33.3-r2 \
     jq=1.6-r3 \
     git=2.40.1-r0 \
-    python3=3.11.4-r0 \
+    python3=3.11.5-r0 \
     && \
-    # Change to tmp folder
-    cd /tmp && \
     \
     # Install kubectl
     curl -L https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${BUILDARCH}/kubectl \
@@ -42,7 +44,7 @@ RUN set -eux; \
     helm version && \
     \
     # Install Terraform
-    wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${BUILDARCH}.zip && \
+    curl -LO https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${BUILDARCH}.zip && \
     unzip terraform_${TERRAFORM_VERSION}_linux_${BUILDARCH}.zip && \
     rm terraform_${TERRAFORM_VERSION}_linux_${BUILDARCH}.zip && \
     mv terraform /usr/local/bin/terraform && \
@@ -69,6 +71,7 @@ RUN apk add --no-cache \
     rm -rf /var/cache/apk/*
 
 # Install gcloud - Separate layer to speed up builds
+WORKDIR /
 ENV PATH /google-cloud-sdk/bin:$PATH
 RUN export GOOGLE_CLOUD_SDK_ARCH="x86_64"; \
     if [ "$BUILDARCH" = "arm64" ]; then \
@@ -82,13 +85,13 @@ RUN export GOOGLE_CLOUD_SDK_ARCH="x86_64"; \
     gcloud --version && \
     gcloud components install gke-gcloud-auth-plugin && \
     # Google Cloud CLI cleanup
-    rm -rf $(find google-cloud-sdk/ -regex ".*/__pycache__") \
-    google-cloud-sdk/.install/.backup \
+    find google-cloud-sdk/ -regex ".*/__pycache__" -print0 | xargs -0 rm -rf && \
+    rm -rf google-cloud-sdk/.install/.backup \
     google-cloud-sdk/bin/anthoscli \
     google-cloud-sdk/lib/googlecloudsdk/third_party/apis
 
-COPY container-files/ /
-
 WORKDIR /srv
 
+COPY container-files/ /
+
 COPY . .
diff --git a/package.json b/package.json
@@ -16,6 +16,7 @@
     "prepare": "husky install",
     "precommit": "lint-staged",
     "lint:gcp": "tflint gcp",
+    "lint:dockerfile": "hadolint Dockerfile",
     "docker:build": "./scripts/docker-build.sh",
     "docker:run": "./scripts/docker-run.sh",
     "docker:shell": "docker exec -it \"multicloud-k8s-iac\" /bin/bash",
@@ -42,6 +43,9 @@
     }
   },
   "lint-staged": {
+    "Dockerfile": [
+      "npm run lint:dockerfile"
+    ],
     "*.{tf,hcl,tfbackend}": [
       "cd ./workspaces && terraform fmt -recursive && cd ..",
       "cd ./workspaces && terraform validate && cd ..",
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,3 +22,7 @@ yarn-error.log* @@
     .git
     .env
+    .circleci
+    .github
+    .husky
+    .vscode