Ready-to-use Docker container image for AWS CodeBuild/CodePipeline, Bitbucket Pipelines, CircleCI, GitHub Actions, GitLab runner jobs and Google Cloud Build.

Image:

cyclenerd/cloud-tools-container:latest

Multiarch support:

• amd64 : Intel or AMD 64-Bit CPU (x86-64)
• arm64 : Arm-based 64-Bit CPU (i.e. Apple silicon, AWS Graviton, Ampere Altra)

This project uses GitHub Actions for automated builds and deployments. The image is regularly rebuilt on the 15th of each month.

This Docker container image is based on the Ubuntu 23.10 release (ubuntu:mantic).

The following software is included and tested:

• Ansible (ansible and ansible-playbook)
• AWS CLI (aws)
• fuego command line firestore client (fuego)
• GCR Cleaner deletes old container images on registries (gcr-cleaner-cli)
• Google Cloud CLI (gcloud, gsutil and bq)
• Open Policy Agent general-purpose policy engine, context-aware policy enforcement (opa)
• Packer (packer)
• Sentinel (sentinel)
• ShellCheck analysis and linting tool for Shell/Bash scripts (shellcheck)
• skopeo command line utility that performs various operations on container images and repositories (skopeo)
• Terraform (terraform)
  • terraform-docs generates documentation from Terraform modules (terraform-docs)
  • Terragrunt thin wrapper that provides extra tools (terragrunt)
  • tflint linting tool for Terraform code (tflint)
  • tfsec analysis security scanner for Terraform code (tfsec)
• Kubernetes
  • Helm (helm)
  • Kubernetes cluster manager (kubectl)
• Vault (vault)
• Base packages
  • GNU bash 5 (bash)
  • apt-utils
    • Advanced Packaging Tool package manager (apt, apt-get)
  • build-essential
    • GNU C compiler gcc
    • make utility for directing compilation (make)
  • Common CA certificates
  • curl tool for transferring data with URL syntax (curl)
  • DiG DNS lookup utility (dig)
  • FIGlet prints its input using large characters (figlet)
  • git distributed revision control system (git)
  • jq JSON processor (jq)
  • Mutt command line email client (mutt)
  • OpenSSL cryptography toolkit (openssl)
  • OpenSSH remote login client (ssh)
  • Perl 5 (perl)
    • cpanm modules installer for Perl (cpanm)
  • Python 3 (python3)
    • pip package installer for Python (pip3)
  • Go programming language (go)
  • GNU tar archiving utility (tar)
  • De-archiver for .zip files (unzip)
  • Archiver for .zip files (zip)

Runs a command in the container, pulling the image if needed and starting the container.

Docker run command:

docker run cyclenerd/cloud-tools-container:latest aws --version

Podman run command:

podman run docker.io/cyclenerd/cloud-tools-container:latest aws --version

Example configurations for various CI/CD tools.

AWS CodeBuild configuration:

{
  "environment": {
    "type": "LINUX_CONTAINER",
    "image": "cyclenerd/cloud-tools-container:latest",
    "computeType": "BUILD_GENERAL1_SMALL"
  },
}

Google Cloud Build (cloudbuild.yml) configuration file:

steps:
  - name: 'cyclenerd/cloud-tools-container:latest'
    entrypoint: 'gcloud'
    args: ['--version']

GitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Service Account Key:

variables:
  GOOGLE_APPLICATION_CREDENTIALS: "/tmp/service_account_key.json"

default:
  image: cyclenerd/cloud-tools-container:latest
  before_script:
    # Login
    - echo "$YOUR_GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY" > "$GOOGLE_APPLICATION_CREDENTIALS"
    - gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS"

stages:
  - auth

gcloud-auth-list:
  stage: auth
  script:
    - gcloud auth list

GitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Workload Identity Federation login:

variables:
  WIF_PROVIDER: projects/1057256049272/locations/global/workloadIdentityPools/gitlab-com/providers/gitlab-com-oidc
  SERVICE_ACCOUNT: [email protected]
  GOOGLE_CREDENTIALS: gcp_temp_cred.json

default:
  image: cyclenerd/cloud-tools-container:latest
  before_script:
    # Login
    - echo "${CI_JOB_JWT_V2}" > gitlab_jwt_token.txt
    - gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
      --service-account="${SERVICE_ACCOUNT}"
      --output-file=${GOOGLE_CREDENTIALS}
      --credential-source-file=gitlab_jwt_token.txt
    - gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
stages:
  - auth

gcloud-auth-list:
  stage: auth
  script:
    - gcloud auth list

Bitbucket pipeline configuration (bitbucket-pipelines.yml) with Google Cloud Workload Identity Federation login:

image: cyclenerd/cloud-tools-container:latest

pipelines:
  default:
    - step:
        name: "Workload Identity Federation"
        # Enable OIDC
        oidc: true
        max-time: 5
        script:
          # Set variables
          - export WIF_PROVIDER='projects/753695557698/locations/global/workloadIdentityPools/bitbucket-org/providers/bitbucket-org-oidc'
          - export SERVICE_ACCOUNT='[email protected]'
          - export GOOGLE_CREDENTIALS='gcp_temp_cred.json'
          # Configure Workload Identity Federation via a credentials file.
          - echo ${BITBUCKET_STEP_OIDC_TOKEN} > .ci_job_jwt_file
          - gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
            --service-account="${SERVICE_ACCOUNT}"
            --output-file="${GOOGLE_CREDENTIALS}"
            --credential-source-file=.ci_job_jwt_file
          - gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
          # Now you can run gcloud commands authenticated as the impersonated service account.

GitHub Actions configuration:

jobs:
  cloud-tools-container:
    runs-on: 'ubuntu-latest'
    # Use container to run the steps in a job
    container:
      image: 'docker://cyclenerd/cloud-tools-container:latest'
    steps:
      - name: "Terraform"
        run: terraform --version

CircleCI configuration:

jobs:
  cloud-tools-container:
    docker:
      - image: cyclenerd/cloud-tools-container:latest
    steps:
      - run:
          name: Google Cloud CLI
          command: gcloud --version

Have a patch that will benefit this project? Awesome! Follow these steps to have it accepted.

1. Please read how to contribute.
2. Fork this Git repository and make your changes.
3. Create a Pull Request.
4. Incorporate review feedback to your changes.
5. Accepted!

All files in this repository are under the Apache License, Version 2.0 unless noted otherwise.