Docker image for terragrunt

All #awesome-ci Docker images

ansible • ansible-lint • awesome-ci • black • checkmake • eslint • file-lint • gofmt • goimports • golint • jsonlint • linkcheck • mypy • phpcbf • phpcs • phplint • php-cs-fixer • pycodestyle • pydocstyle • pylint • terraform-docs • terragrunt • terragrunt-fmt • yamlfmt • yamllint

All #awesome-ci Makefiles

Visit cytopia/makefiles for seamless project integration, minimum required best-practice code linting and CI.

View Dockerfile on GitHub.

Tiny Alpine-based multistage-build dockerized version of Terragrunt^[1] and its compatible version of Terraform^[2].

• _{[1] Official project: https://github.com/gruntwork-io/terragrunt}
• _{[2] Official project: https://github.com/hashicorp/terraform}

Available Docker image versions

Rolling releases

The following Docker image tags are rolling releases and built and updated nightly. This means they always contain the latest stable version as shown below.

Docker tag	Terraform version	Terragrunt version
latest	latest stable	latest stable
0.13-0.26	latest stable 0.13.x	latest stable 0.26.x
0.13-0.25	latest stable 0.13.x	latest stable 0.25.x
0.13-0.24	latest stable 0.13.x	latest stable 0.24.x
0.13-0.23	latest stable 0.13.x	latest stable 0.23.x
0.12-0.26	latest stable 0.12.x	latest stable 0.26.x
0.12-0.25	latest stable 0.12.x	latest stable 0.25.x
0.12-0.24	latest stable 0.12.x	latest stable 0.24.x
0.12-0.23	latest stable 0.12.x	latest stable 0.23.x
0.12-0.22	latest stable 0.12.x	latest stable 0.22.x
0.12-0.21	latest stable 0.12.x	latest stable 0.21.x
0.12-0.20	latest stable 0.12.x	latest stable 0.20.x
0.12-0.19	latest stable 0.12.x	latest stable 0.19.x
0.11-0.18	latest stable 0.11.x	latest stable 0.18.x

Point in time releases

If you want to ensure to have reproducible Terraform/Terragrunt executions you should use a git tag from this repository. Tags are incremented for each new version, but never updated itself. This means you will have to take care yourself and update your CI tools every time a new tag is being released.

Docker tag	docker-terragrunt	Terraform version	Terragrunt version
latest-<tag>	Tag: <tag>	latest stable during tag creation	latest stable during tag creation
0.13-0.26-<tag>	Tag: <tag>	latest stable 0.13.x during tag creation	latest stable 0.26.x during tag creation
0.13-0.25-<tag>	Tag: <tag>	latest stable 0.13.x during tag creation	latest stable 0.25.x during tag creation
0.13-0.24-<tag>	Tag: <tag>	latest stable 0.13.x during tag creation	latest stable 0.24.x during tag creation
0.13-0.23-<tag>	Tag: <tag>	latest stable 0.13.x during tag creation	latest stable 0.23.x during tag creation
0.12-0.26-<tag>	Tag: <tag>	latest stable 0.12.x during tag creation	latest stable 0.26.x during tag creation
0.12-0.25-<tag>	Tag: <tag>	latest stable 0.12.x during tag creation	latest stable 0.25.x during tag creation
0.12-0.24-<tag>	Tag: <tag>	latest stable 0.12.x during tag creation	latest stable 0.24.x during tag creation
0.12-0.23-<tag>	Tag: <tag>	latest stable 0.12.x during tag creation	latest stable 0.23.x during tag creation
0.12-0.22-<tag>	Tag: <tag>	latest stable 0.12.x during tag creation	latest stable 0.22.x during tag creation
0.12-0.21-<tag>	Tag: <tag>	latest stable 0.12.x during tag creation	latest stable 0.21.x during tag creation
0.12-0.20-<tag>	Tag: <tag>	latest stable 0.12.x during tag creation	latest stable 0.20.x during tag creation
0.12-0.19-<tag>	Tag: <tag>	latest stable 0.12.x during tag creation	latest stable 0.19.x during tag creation
0.11-0.18-<tag>	Tag: <tag>	latest stable 0.11.x during tag creation	latest stable 0.18.x during tag creation

Where <tag> refers to the chosen git tag from this repository.

Docker mounts

The working directory inside the Docker container is /data/ and should be mounted to your local filesystem where your Terragrant project resides. (See Examples for mount location usage.)

Usage

docker run --rm -v $(pwd):/data cytopia/terragrunt terragrunt <ARGS>
docker run --rm -v $(pwd):/data cytopia/terragrunt terraform <ARGS>

Environment variables

The following environment variables will ease your life when mounting directories into the docker container by maintaining file system permissions.

Variables	Default	Description
RUN_NON_ROOT	0	Set to 1 to run commands as user instead of root.
UID	1000	Set to the uid of your local user (id -u) if you want to run as non root.
GID	1000	Set to the gid of your local user (id -g) if you want to run as non root.

Examples

1. Simple: Provision single sub-project on AWS

1.1 Project overview

Let's assume your Terragrunt project setup is as follows:

/my/tf                                              # Terragrunt project root
├── backend-app
│   ├── main.tf
│   └── terragrunt.hcl
├── frontend-app
│   ├── main.tf
│   └── terragrunt.hcl
├── mysql                                           # MySQL sub-project directory
│   ├── main.tf
│   └── terragrunt.hcl
├── redis
│   ├── main.tf
│   └── terragrunt.hcl
└── vpc
    ├── main.tf
    └── terragrunt.hcl

The MySQL sub-project you want to provision is at the releative path mysql/.

1.2 To consider

1. Mount the terragrunt root project dir (/my/tf/) into /data/ into the container
2. Use the workding dir (-w or --workdir) to point to your project inside the container
3. Add AWS credentials from your environment to the container

1.3 Docker commands

# Initialize the MySQL project
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
  -u $(id -u):$(id -g) \
  -v /my/tf:/data \
  -w /data/mysql \
  cytopia/terragrunt terragrunt init

# Plan the MySQL project
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
  -u $(id -u):$(id -g) \
  -v /my/tf:/data \
  -w /data/mysql \
  cytopia/terragrunt terragrunt plan

# Apply the MySQL project
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
  -u $(id -u):$(id -g) \
  -v /my/tf:/data \
  -w /data/mysql \
  cytopia/terragrunt terragrunt --terragrunt-non-interactive apply

2. Complex: Provision single sub-project on AWS

2.1 Project overview

Let's assume your Terragrunt project setup is as follows:

/my/tf                                              # Terragrunt project root
└── envs
    └── aws
        ├── dev
        │   ├── eu-central-1
        │   │   ├── infra
        │   │   │   └── vpc-k8s                     # VPC sub-project directory
        │   │   │       ├── terraform.tfvars
        │   │   │       └── terragrunt.hcl
        │   │   ├── microservices
        │   │   │   └── api-gateway
        │   │   │       ├── terraform.tfvars
        │   │   │       └── terragrunt.hcl
        │   │   └── region.tfvars
        │   ├── global
        │   │   └── region.tfvars
        │   └── terragrunt.hcl
        └── _provider_include
            └── include_providers.tf

The VPC sub-project you want to provision is at the relative path envs/aws/dev/eu-centra-1/infra/vpc-k8s/.

2.2 To consider

1. Mount the terragrunt root project dir (/my/tf/) into /data/ into the container
2. Use the workding dir (-w or --workdir) to point to your project inside the container
3. Add AWS credentials from your environment to the container

2.3 Docker commands

# Initialize the VPC project
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
  -u $(id -u):$(id -g) \
  -v /my/tf:/data \
  -w /data/envs/aws/dev/eu-central-1/infra/vpc-k8s \
  cytopia/terragrunt terragrunt init

# Plan the VPC project
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
  -u $(id -u):$(id -g) \
  -v /my/tf:/data \
  -w /data/envs/aws/dev/eu-central-1/infra/vpc-k8s \
  cytopia/terragrunt terragrunt plan

# Apply the VPC project
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
  -u $(id -u):$(id -g) \
  -v /my/tf:/data \
  -w /data/envs/aws/dev/eu-central-1/infra/vpc-k8s \
  cytopia/terragrunt terragrunt --terragrunt-non-interactive apply

Related #awesome-ci projects

Docker images

Save yourself from installing lot's of dependencies and pick a dockerized version of your favourite linter below for reproducible local or remote CI tests:

GitHub	DockerHub	Type	Description
awesome-ci		Basic	Tools for git, file and static source code analysis
file-lint		Basic	Baisc source code analysis
linkcheck		Basic	Search for URLs in files and validate their HTTP status code
ansible		Ansible	Multiple versions and flavours of Ansible
ansible-lint		Ansible	Lint Ansible
gofmt		Go	Format Go source code [1]
goimports		Go	Format Go source code [1]
golint		Go	Lint Go code
eslint		Javascript	Lint Javascript code
jsonlint		JSON	Lint JSON files [1]
checkmake		Make	Lint Makefiles
phpcbf		PHP	PHP Code Beautifier and Fixer
phpcs		PHP	PHP Code Sniffer
phplint		PHP	PHP Code Linter [1]
php-cs-fixer		PHP	PHP Coding Standards Fixer
black		Python	The uncompromising Python code formatter
mypy		Python	Static source code analysis
pycodestyle		Python	Python style guide checker
pydocstyle		Python	Python docstyle checker
pylint		Python	Python source code, bug and quality checker
terraform-docs		Terraform	Terraform doc generator (TF 0.12 ready) [1]
terragrunt		Terraform	Terragrunt and Terraform
terragrunt-fmt		Terraform	terraform fmt for Terragrunt files [1]
yamlfmt		Yaml	Format Yaml files [1]
yamllint		Yaml	Lint Yaml files

^[1] Uses a shell wrapper to add enhanced functionality not available by original project.

Makefiles

Visit cytopia/makefiles for dependency-less, seamless project integration and minimum required best-practice code linting for CI. The provided Makefiles will only require GNU Make and Docker itself removing the need to install anything else.

License

MIT License

Copyright (c) 2019 cytopia