hongkongkiwi/dockerfile_download_verify_file

## dockerfile_download_verify_file
# You can set a version as a build argument to overwrite the detection
FROM ubuntu:latest

ARG TERRAFORM_VERSION=

# This example uses wget, so make sure it's installed first, could be adapted to use curl
RUN if [ -z $TERRAFORM_VERSION ]; then echo "Finding latest Terraform Version..."; TERRAFORM_VERSION=$(curl -s "https://github.com/hashicorp/terraform/releases/latest/download" 2>&1 | grep -Po [0-9]+\.[0-9]+\.[0-9]+); else echo "Terraform version passed in build argument v${TERRAFORM_VERSION}"; fi && \
    echo "Downloading Terraform v${TERRAFORM_VERSION}..." && \
    wget -O "/tmp/terraform_${TERRAFORM_VERSION}_linux_${PLATFORM_ARCH}.zip" -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${PLATFORM_ARCH}.zip" && \
    wget -O "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS" -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS" && \
    wget -O "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig" -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig" && \
    unzip -q -d "/tmp" "/tmp/terraform_${TERRAFORM_VERSION}_linux_${PLATFORM_ARCH}.zip" && \
    cd /tmp && \
    echo "Verifying Authenticity Of Downloaded Files..." && \
    gpg --no-verbose --quiet --keyserver keyserver.ubuntu.com --recv-keys "${HASHICORP_KEY_ID}" && \
    gpg --no-verbose --quiet --verify "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig" "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS" 2>&1 && \
    sha256sum --check --status --ignore-missing "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS" && \
    echo "Installing Terraform into /usr/bin" && \
    mv "/tmp/terraform" "/usr/bin/terraform" && \
    chmod +x "/usr/bin/terraform" && \
    /usr/bin/terraform --version 1>/dev/null && \
    echo "Cleaning up temp files" && \
    rm -f "/tmp/terraform_${TERRAFORM_VERSION}_linux_${PLATFORM_ARCH}.zip" \
          "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS"*
	# You can set a version as a build argument to overwrite the detection
	FROM ubuntu:latest

	ARG TERRAFORM_VERSION=

	# This example uses wget, so make sure it's installed first, could be adapted to use curl
	RUN if [ -z $TERRAFORM_VERSION ]; then echo "Finding latest Terraform Version..."; TERRAFORM_VERSION=$(curl -s "https://github.com/hashicorp/terraform/releases/latest/download" 2>&1 \| grep -Po [0-9]+\.[0-9]+\.[0-9]+); else echo "Terraform version passed in build argument v${TERRAFORM_VERSION}"; fi && \
	echo "Downloading Terraform v${TERRAFORM_VERSION}..." && \
	wget -O "/tmp/terraform_${TERRAFORM_VERSION}_linux_${PLATFORM_ARCH}.zip" -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${PLATFORM_ARCH}.zip" && \
	wget -O "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS" -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS" && \
	wget -O "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig" -q "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig" && \
	unzip -q -d "/tmp" "/tmp/terraform_${TERRAFORM_VERSION}_linux_${PLATFORM_ARCH}.zip" && \
	cd /tmp && \
	echo "Verifying Authenticity Of Downloaded Files..." && \
	gpg --no-verbose --quiet --keyserver keyserver.ubuntu.com --recv-keys "${HASHICORP_KEY_ID}" && \
	gpg --no-verbose --quiet --verify "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig" "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS" 2>&1 && \
	sha256sum --check --status --ignore-missing "/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS" && \
	echo "Installing Terraform into /usr/bin" && \
	mv "/tmp/terraform" "/usr/bin/terraform" && \
	chmod +x "/usr/bin/terraform" && \
	/usr/bin/terraform --version 1>/dev/null && \
	echo "Cleaning up temp files" && \
	rm -f "/tmp/terraform_${TERRAFORM_VERSION}_linux_${PLATFORM_ARCH}.zip" \
	"/tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS"*