jswank/dagger-tofu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dagger-tofu/gcp.go
Jason Swank dbeb905844 initial revision
2026-05-25 09:22:36 -04:00

64 lines
2.2 KiB
Go
Raw Permalink Blame History

// GCP container helpers for the OpenTofu Dagger module.
package main
import (
"dagger/iac/internal/dagger"
)
// Helper to construct the base Container with the source code and GCP credentials.
func (m *Iac) baseContainer(
source *dagger.Directory,
gcpCreds *dagger.Secret,
projectID string,
baseImage string,
) *dagger.Container {
// 1. Start from a clean alpine:3 base image (or user-customized alpine)
if baseImage == "" {
baseImage = "alpine:3"
}
container := dag.Container().From(baseImage)
// 2. Add the required packages (git, curl, and bash are needed for module installations, ca-certificates for secure TLS, libc6-compat for glibc compatibility)
container = container.WithExec([]string{
"apk", "add", "--no-cache", "git", "curl", "ca-certificates", "bash", "libc6-compat",
})
// Set BINSTALLER_BIN so that the standard install scripts place binaries in /usr/local/bin
container = container.WithEnvVariable("BINSTALLER_BIN", "/usr/local/bin")
// 3. Securely install OpenTofu into the container using the standard install script and symlink it to tofu
container = container.
WithExec([]string{
"sh", "-c", "curl -sSL https://jswank.github.io/install/tofu-install.sh | bash",
})
// 4. Securely install tflint into the container using the standard install script
container = container.WithExec([]string{
"sh", "-c", "curl -sSL https://jswank.github.io/install/tflint-install.sh | bash",
})
// 5. Securely install validator into the container using the standard install script
container = container.WithExec([]string{
"sh", "-c", "curl -sSL https://jswank.github.io/install/validator-install.sh | bash",
})
// 6. Set working directory to /workspace and copy the IaC files
container = container.
WithWorkdir("/workspace").
WithDirectory("/workspace", source)
// Mount credentials and set the standard GOOGLE_APPLICATION_CREDENTIALS environment variable
if gcpCreds != nil {
credsPath := "/gcp-creds.json"
container = container.
WithMountedSecret(credsPath, gcpCreds).
WithEnvVariable("GOOGLE_APPLICATION_CREDENTIALS", credsPath)
}
if projectID != "" {
container = container.WithEnvVariable("GCP_PROJECT", projectID)
}
return container
}
Reference in New Issue View Git Blame Copy Permalink