jswank/dagger-tofu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial revision

Browse Source
This commit is contained in:
Jason Swank
2026-05-25 09:22:36 -04:00
commit dbeb905844
5 changed files with 1011 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
gcp.go Normal file
View File

@@ -0,0 +1,63 @@
// GCP container helpers for the OpenTofu Dagger module.
package main
import (
"dagger/iac/internal/dagger"
)
// Helper to construct the base Container with the source code and GCP credentials.
func (m *Iac) baseContainer(
source *dagger.Directory,
gcpCreds *dagger.Secret,
projectID string,
baseImage string,
) *dagger.Container {
// 1. Start from a clean alpine:3 base image (or user-customized alpine)
if baseImage == "" {
baseImage = "alpine:3"
}
container := dag.Container().From(baseImage)
// 2. Add the required packages (git, curl, and bash are needed for module installations, ca-certificates for secure TLS, libc6-compat for glibc compatibility)
container = container.WithExec([]string{
"apk", "add", "--no-cache", "git", "curl", "ca-certificates", "bash", "libc6-compat",
})
// Set BINSTALLER_BIN so that the standard install scripts place binaries in /usr/local/bin
container = container.WithEnvVariable("BINSTALLER_BIN", "/usr/local/bin")
// 3. Securely install OpenTofu into the container using the standard install script and symlink it to tofu
container = container.
WithExec([]string{
"sh", "-c", "curl -sSL https://jswank.github.io/install/tofu-install.sh | bash",
})
// 4. Securely install tflint into the container using the standard install script
container = container.WithExec([]string{
"sh", "-c", "curl -sSL https://jswank.github.io/install/tflint-install.sh | bash",
})
// 5. Securely install validator into the container using the standard install script
container = container.WithExec([]string{
"sh", "-c", "curl -sSL https://jswank.github.io/install/validator-install.sh | bash",
})
// 6. Set working directory to /workspace and copy the IaC files
container = container.
WithWorkdir("/workspace").
WithDirectory("/workspace", source)
// Mount credentials and set the standard GOOGLE_APPLICATION_CREDENTIALS environment variable
if gcpCreds != nil {
credsPath := "/gcp-creds.json"
container = container.
WithMountedSecret(credsPath, gcpCreds).
WithEnvVariable("GOOGLE_APPLICATION_CREDENTIALS", credsPath)
}
if projectID != "" {
container = container.WithEnvVariable("GCP_PROJECT", projectID)
}
return container
}