github.com/rstandt/terraform@v0.12.32-0.20230710220336-b1063613405c/scripts/docker-release/Dockerfile-release

github.com/rstandt/terraform@v0.12.32-0.20230710220336-b1063613405c/scripts/docker-release/Dockerfile-release (about)

     1  # This Dockerfile is not intended for general use, but is rather used to
     2  # package up official Terraform releases (from releases.hashicorp.com) to
     3  # release on Dockerhub as the "light" release images.
     4  #
     5  # The main Dockerfile in the root of the repository is more generally-useful,
     6  # since it is able to build a docker image of the current state of the work
     7  # tree, without any dependency on there being an existing release on
     8  # releases.hashicorp.com.
     9  
    10  FROM alpine:latest as build
    11  LABEL maintainer="HashiCorp Terraform Team <terraform@hashicorp.com>"
    12  
    13  # This is intended to be run from the hooks/build script, which sets this
    14  # appropriately based on git tags.
    15  ARG TERRAFORM_VERSION=UNSPECIFIED
    16  
    17  COPY releases_public_key .
    18  
    19  # What's going on here?
    20  # - Download the indicated release along with its checksums and signature for the checksums
    21  # - Verify that the checksums file is signed by the Hashicorp releases key
    22  # - Verify that the zip file matches the expected checksum
    23  # - Extract the zip file so it can be run
    24  
    25  RUN apk add --no-cache git curl openssh gnupg && \
    26      curl -O https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
    27      curl -O https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig && \
    28      curl -O https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS && \
    29      gpg --import releases_public_key && \
    30      gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS && \
    31      grep linux_amd64 terraform_${TERRAFORM_VERSION}_SHA256SUMS >terraform_${TERRAFORM_VERSION}_SHA256SUMS_linux_amd64 && \
    32      sha256sum -cs terraform_${TERRAFORM_VERSION}_SHA256SUMS_linux_amd64 && \
    33      unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /bin && \
    34      rm -f terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS*
    35  
    36  FROM alpine:latest as final
    37  ARG TERRAFORM_VERSION=UNSPECIFIED
    38  LABEL "com.hashicorp.terraform.version"="${TERRAFORM_VERSION}"
    39  
    40  RUN apk add --no-cache git openssh
    41  
    42  COPY --from=build ["/bin/terraform", "/bin/terraform"]
    43  
    44  ENTRYPOINT ["/bin/terraform"]