Initial setup

Rudimentary Dockerfile for terraform.

Basic repository set up.

.config

@@ -0,0 +1,2 @@
+export GITHUB_OWNER=ministryofjustice
+export version=v1.1.8

.github/CODEOWNERS

@@ -1,3 +1 @@
-# Add a team or username to this file
-# Example:
-# *   @ministryofjustice/operations-engineering
+* @ministryofjustice/nvvs-devops-admins

.github/workflows/release.yml

@@ -0,0 +1,43 @@
+name: release
+
+on:
+  push:
+    tags: ['v*.*.*'] # only a valid semver tag
+    branches:
+      - 'initial-setup'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: '${{ github.repository_owner }}/nvvs/terraform'
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker Login
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}

.tflint.hcl.source

@@ -0,0 +1,10 @@
+config {
+  module = true
+  force = false
+}
+
+plugin "aws" {
+  enabled = true
+  version = "${TFLINT_AWS_RULESET_VERSION}"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}

Dockerfile

@@ -0,0 +1,31 @@
+FROM alpine:edge
+
+ARG PLATFORM=linux_amd64
+ARG TF_VERSION=1.1.8
+ARG TFLINT_VERSION=0.48.0
+ARG TFLINT_AWS_RULESET_VERSION=0.22.1
+
+ARG TF_DIST_FILENAME="terraform_${TF_VERSION}_${PLATFORM}.zip"
+ARG TF_DIST_CHECKSUM_FILENAME="terraform_${TF_VERSION}_SHA256SUMS"
+
+LABEL org.opencontainers.image.description="Hashicorp Terraform and tflint" \
+      org.opencontainers.image.authors="Ministry of Justice - NVVS DevOps" \
+      org.opencontainers.image.url="https://github.com/ministryofjustice/nvvs/terraform" \
+      org.opencontainers.image.source="[email protected]:ministryofjustice/nvvs-containers.git" \
+      org.opencontainers.image.licenses="MIT"
+
+COPY .tflint.hcl.source /root/
+
+RUN wget https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_DIST_FILENAME} \
+  && wget https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_DIST_CHECKSUM_FILENAME} \
+  && set -o pipefail && grep ${PLATFORM} ${TF_DIST_CHECKSUM_FILENAME} | sha256sum -c - \
+  && unzip ${TF_DIST_FILENAME} -d /usr/local/bin \
+  && rm ${TF_DIST_FILENAME} ${TF_DIST_CHECKSUM_FILENAME} \
+  && wget https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/tflint_${PLATFORM}.zip \
+  && wget https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/checksums.txt \
+  && set -o pipefail && grep ${PLATFORM} checksums.txt | sha256sum -c - \
+  && unzip tflint_${PLATFORM}.zip -d /usr/local/bin \
+  && rm tflint_${PLATFORM}.zip checksums.txt \
+  && apk update && apk --no-cache add make gettext bash \
+  && envsubst < /root/.tflint.hcl.source > /root/.tflint.hcl \
+  && tflint --init

Makefile

@@ -0,0 +1,20 @@
+.DEFAULT_GOAL := help
+include .config
+export
+
+.PHONY: debug
+debug: ## debug
+	echo ${version}
+
+.PHONY: tag
+tag: ## Tag git repo
+	git tag -a ${version} -m "Bump ${version}"
+	git push origin main --follow-tags
+
+.PHONY: tag
+build: ## Build Docker image
+	echo "[${version}]"
+	docker build --tag ghcr.io/${GITHUB_OWNER}/nvvs/terraform:${version} .
+
+help:
+	@grep -h -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'