Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: use opentofu binary in harness terraform image #217

Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

build: use opentofu binary in harness terraform image #217

wants to merge 19 commits into from

Conversation

seemywingz
Copy link
Contributor

@seemywingz seemywingz commented Jun 12, 2024
edited
Loading

To avoid violating Terraform's BSL license, we are using the OpenTofu binary in the Harness Image

@linear Linear
Copy link

linear bot commented Jun 12, 2024

PROD-2223 use opentofu binary in terraform dockerfile

@seemywingz seemywingz changed the title enhancement: use opentofu binary in harness terraform image build: use opentofu binary in harness terraform image Jun 12, 2024
@seemywingz seemywingz requested review from floreks, michaeljguarino and a team June 17, 2024 16:46
michaeljguarino
michaeljguarino reviewed Jun 17, 2024
View reviewed changes
.github/workflows/publish-harness.yaml
tag: '1.1'
- full: 1.0.11
- tofu: 1.6.2
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are these versions actually aligned? Looks like the tofu version is always 1.6.2?

Copy link
Contributor Author

@seemywingz seemywingz Jun 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, according to OpenTofu Migration Docs

When migrating from Terraform 1.5.x or lower, please migrate to OpenTofu 1.6.2 first

But with a caveat:

This migration guide is only valid for Terraform 1.5.7. If you are on a Terraform version below 1.5.7, please upgrade to at least Terraform version 1.5.7 before proceeding with the migration by following the Terraform upgrade guide. If you are on a higher Terraform version, please select the appropriate migration guide for your Terraform version.

@seemywingz
add Terraform Version to publish-harness-terraform version matrix
21c85fa 
and use that to conditionally determine which dockerfile to use
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 21, 2024
View reviewed changes
dockerfiles/harness/oppentofu.Dockerfile Fixed Show fixed Hide fixed
dockerfiles/harness/oppentofu.Dockerfile Fixed Show fixed Hide fixed
dockerfiles/harness/oppentofu.Dockerfile Fixed Show fixed Hide fixed
dockerfiles/harness/oppentofu.Dockerfile Fixed Show fixed Hide fixed
dockerfiles/harness/oppentofu.Dockerfile Fixed Show fixed Hide fixed
@michaeljguarino
Copy link
Member

Have you tested any runs w/ the tofu versions yet?

@seemywingz
Copy link
Contributor Author

I tested manually. by that I mean downloading the image, volume mounting the .tf files and running terraform plan

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 19, 2024
View reviewed changes
dockerfiles/harness/opentofu.Dockerfile Fixed Show fixed Hide fixed
dockerfiles/harness/opentofu.Dockerfile
@@ -0,0 +1,11 @@
ARG TOFU_IMAGE_TAG=1.7.1

Check notice

Code scanning / Trivy

No HEALTHCHECK defined Low

Artifact: dockerfiles/harness/opentofu.Dockerfile
Type: dockerfile
Vulnerability DS026
Severity: LOW
Message: Add HEALTHCHECK instruction in your Dockerfile
Link: DS026
dockerfiles/harness/opentofu.Dockerfile Fixed Show fixed Hide fixed
dockerfiles/harness/opentofu.Dockerfile Fixed Show fixed Hide fixed
dockerfiles/harness/opentofu.Dockerfile Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 7, 2025
View reviewed changes
dockerfiles/harness/opentofu.Dockerfile
ARG HARNESS_BASE_IMAGE_REPO=harness-base
ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG

FROM $TOFU_IMAGE AS tofu

Check warning

Code scanning / Trivy

':latest' tag used Medium

Artifact: dockerfiles/harness/opentofu.Dockerfile
Type: dockerfile
Vulnerability DS001
Severity: MEDIUM
Message: Specify a tag in the 'FROM' statement for image '1.7.1'
Link: DS001
dockerfiles/harness/opentofu.Dockerfile
ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG

FROM $TOFU_IMAGE AS tofu
FROM $HARNESS_BASE_IMAGE AS final

Check warning

Code scanning / Trivy

':latest' tag used Medium

Artifact: dockerfiles/harness/opentofu.Dockerfile
Type: dockerfile
Vulnerability DS001
Severity: MEDIUM
Message: Specify a tag in the 'FROM' statement for image 'harness-base'
Link: DS001
dockerfiles/harness/opentofu.Dockerfile
ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG

FROM $TOFU_IMAGE AS tofu
FROM $HARNESS_BASE_IMAGE AS final

Check warning

Code scanning / Trivy

':latest' tag used Medium

Artifact: dockerfiles/harness/opentofu.Dockerfile
Type: dockerfile
Vulnerability DS001
Severity: MEDIUM
Message: Specify a tag in the 'FROM' statement for image 'sha-1eca71e'
Link: DS001
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaeljguarino michaeljguarino michaeljguarino left review comments

@floreks floreks Awaiting requested review from floreks

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seemywingz @michaeljguarino