ajinkya101/Dockerfile

## Dockerfile
# Infracost Tool Demonstration

# Importing official atlantis docker image
FROM runatlantis/atlantis:v0.17.0

RUN apk update && apk upgrade

# Python
RUN apk add bash py-pip

# Azure cli setup
RUN apk add py-pip
RUN apk add --virtual=build gcc libffi-dev musl-dev openssl-dev make python3-dev linux-headers

ENV AZURE_CLI_VERSION 2.18.0
RUN pip3 --no-cache-dir install azure-cli==${AZURE_CLI_VERSION}

# Install required packages
RUN apk --update --no-cache add ca-certificates openssl openssh-client curl git

# The jq package provided by alpine:3.13 (jq 1.6-rc1) is flagged as a
# high severity vulnerability, so we install the latest release ourselves
# Reference: https://nvd.nist.gov/vuln/detail/CVE-2016-4074 (this is present on jq-1.6-rc1 as well)
RUN \
    # Install jq-1.6 (final release)
    curl -s -L -o /tmp/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
    mv /tmp/jq /usr/local/bin/jq && \
    chmod +x /usr/local/bin/jq

RUN \
  # Install latest infracost version
  curl -s -L https://github.com/infracost/infracost/releases/latest/download/infracost-linux-amd64.tar.gz | tar xz -C /tmp && \
  mv /tmp/infracost-linux-amd64 /usr/bin/infracost && \
  # Fetch the atlantis_diff.sh script that runs infracost
  curl -s -L -o /home/atlantis/infracost_atlantis_diff.sh https://raw.githubusercontent.com/infracost/infracost/master/scripts/ci/atlantis_diff.sh && \
  chmod +x /home/atlantis/infracost_atlantis_diff.sh && \
  chown atlantis:atlantis /home/atlantis/infracost_atlantis_diff.sh && \
  ln -s /home/atlantis/infracost_atlantis_diff.sh /infracost_atlantis_diff.sh

ENV INSTALL_DIR=/opt/nu-atlantis
ENV TERRAFORM_VERSION=0.15.5
ENV INFRACOST_API_KEY=*******
ENV INFRACOST_TERRAFORM_BINARY=/opt/nu-atlantis/terraform

# Terraform installation steps
RUN mkdir -p ${INSTALL_DIR}
RUN rm -rf /usr/local/bin/terraform && \
    curl -s -Lo terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
    unzip terraform.zip && \
    rm -rf terraform.zip && \
    chmod +x terraform && \
    mv terraform ${INSTALL_DIR}/ && \
    chown atlantis:atlantis ${INSTALL_DIR}/terraform

USER atlantis
ENV INSTALL_DIR=/opt/nu-atlantis \
    PATH=${PATH}:${INSTALL_DIR} \
    ATLANTIS_HIDE_PREV_PLAN_COMMENTS=true \
    ATLANTIS_WRITE_GIT_CREDS=true \
    ATLANTIS_AUTOMERGE=true \
    TFMASK_VALUES_REGEX="(?i)^.*[^a-zA-Z](oauth|secret|token|password|key|result).*$" \
    TF_CLI_ARGS="-no-color" \
    WORKDIR=/home/atlantis
WORKDIR ${WORKDIR}

# Atlantis server start command
COPY files/ ${WORKDIR}
CMD ["atlantis", "server", "--repo-config", "repos.yaml", "--gh-user", "*******", "--gh-token", "*******", "--repo-allowlist", "*******", "--gh-webhook-secret", "*******", "&"]
	# Infracost Tool Demonstration

	# Importing official atlantis docker image
	FROM runatlantis/atlantis:v0.17.0

	RUN apk update && apk upgrade

	# Python
	RUN apk add bash py-pip

	# Azure cli setup
	RUN apk add py-pip
	RUN apk add --virtual=build gcc libffi-dev musl-dev openssl-dev make python3-dev linux-headers

	ENV AZURE_CLI_VERSION 2.18.0
	RUN pip3 --no-cache-dir install azure-cli==${AZURE_CLI_VERSION}

	# Install required packages
	RUN apk --update --no-cache add ca-certificates openssl openssh-client curl git

	# The jq package provided by alpine:3.13 (jq 1.6-rc1) is flagged as a
	# high severity vulnerability, so we install the latest release ourselves
	# Reference: https://nvd.nist.gov/vuln/detail/CVE-2016-4074 (this is present on jq-1.6-rc1 as well)
	RUN \
	# Install jq-1.6 (final release)
	curl -s -L -o /tmp/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
	mv /tmp/jq /usr/local/bin/jq && \
	chmod +x /usr/local/bin/jq

	RUN \
	# Install latest infracost version
	curl -s -L https://github.com/infracost/infracost/releases/latest/download/infracost-linux-amd64.tar.gz \| tar xz -C /tmp && \
	mv /tmp/infracost-linux-amd64 /usr/bin/infracost && \
	# Fetch the atlantis_diff.sh script that runs infracost
	curl -s -L -o /home/atlantis/infracost_atlantis_diff.sh https://raw.githubusercontent.com/infracost/infracost/master/scripts/ci/atlantis_diff.sh && \
	chmod +x /home/atlantis/infracost_atlantis_diff.sh && \
	chown atlantis:atlantis /home/atlantis/infracost_atlantis_diff.sh && \
	ln -s /home/atlantis/infracost_atlantis_diff.sh /infracost_atlantis_diff.sh

	ENV INSTALL_DIR=/opt/nu-atlantis
	ENV TERRAFORM_VERSION=0.15.5
	ENV INFRACOST_API_KEY=*******
	ENV INFRACOST_TERRAFORM_BINARY=/opt/nu-atlantis/terraform

	# Terraform installation steps
	RUN mkdir -p ${INSTALL_DIR}
	RUN rm -rf /usr/local/bin/terraform && \
	curl -s -Lo terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
	unzip terraform.zip && \
	rm -rf terraform.zip && \
	chmod +x terraform && \
	mv terraform ${INSTALL_DIR}/ && \
	chown atlantis:atlantis ${INSTALL_DIR}/terraform

	USER atlantis
	ENV INSTALL_DIR=/opt/nu-atlantis \
	PATH=${PATH}:${INSTALL_DIR} \
	ATLANTIS_HIDE_PREV_PLAN_COMMENTS=true \
	ATLANTIS_WRITE_GIT_CREDS=true \
	ATLANTIS_AUTOMERGE=true \
	TFMASK_VALUES_REGEX="(?i)^.[^a-zA-Z](oauth\|secret\|token\|password\|key\|result).$" \
	TF_CLI_ARGS="-no-color" \
	WORKDIR=/home/atlantis
	WORKDIR ${WORKDIR}

	# Atlantis server start command
	COPY files/ ${WORKDIR}
	CMD ["atlantis", "server", "--repo-config", "repos.yaml", "--gh-user", "*****", "--gh-token", "***", "--repo-allowlist", "***", "--gh-webhook-secret", "*****", "&"]