This repository is a collection of container images we use internally for continuous integration/delivery pipelines.

Daily builds are run against these images and automatically sent to our public ECR repository at

https://gallery.ecr.aws/govtechsg/cicd-images/

• Alpine Linux (alpine)
• Ansible (ansible)
• Atlantis (atlantis)
• Amazon Web Services CLI (awscli): no longer maintained; use the official image from AWS, https://hub.docker.com/r/amazon/aws-cli
• Cypress (cypress)
• Docker-in-Docker (dind)
• Google Kubernetes Engine CLI (gkecli)
• Karma Test Runner (karma)
• Kubernetes Client (kubectl)
• Node.js (node)
• Pandoc-Node (pandoc-node)
• Pivotal Tracker Commit json (pivotaltracker-commit)
• Playwright (playwright)
• Robot Selenium Generic Image (chrome-oracle-py)
• Sqlplus (sqlplus)
• Trinity (awscli + docker + kubectl)
• Version Tagging Scripts (vtscripts)
• K6 load testing (k6)

The images are found in the Public ECR, and the names of the different types of images are added as a tag. For example given a type of image called xyz, it will be available under the repository URL public.ecr.aws/govtechsg/cicd-images:xyz-latest. Specific versions can be found in https://gallery.ecr.aws/govtechsg/cicd-images/

All images will contain some tools essential for most operations that will happen in a continuous integration/delivery pipeline. These tools are:

• bash
• curl
• jq
• vim
• git

Canonical Tag: alpine-<ALPINE_VERSION>
Latest URL: govtechsg/cicd-images:alpine-latest

We use Alpine for our production deployments, only makes sense to run stuff in Alpine. This image contains common tools in pipelines and should serve most general needs. If you need more pacakges, feel free to submit a pull request with the required APK packages.

Canonical Tag: ansible-<ANSIBLE_VERSION>
Latest URL: govtechsg/cicd-images:ansible-latest

This image also contains Ansible-lint and Boto3 so you can lint your Ansible playbooks and use Ansible playbooks to automate stuff on AWS respectively

Canonical Tag: atlantis-<ANSIBLE_VERSION>
Latest URL: govtechsg/cicd-images:atlantis-latest

Canonical Tag: cypress-<REPO_VERSION>
Latest URL: govtechsg/cicd-images:cypress-latest

• Playwright is an automation tool used for the integration tests (similar to Cypress)
• We decided to use Playwright to simulate concurrent sessions which Cypress cannot simulate due to it's architectural limitation
• This concurrent session tests are required to test the Singpass single active session rule
• More info about Playwright: https://playwright.dev/docs/intro

Canonical Tag: pandoc-<REPO_VERSION
Latest URL: govtechsg/cicd-images:pandoc-latest

• Pandoc is a conversion library used to convert markdown files to PPTX
• We use Pandoc to generate our sprint review slides by automating the process of pulling data from our Pivotal story board
• More info about Pandoc: https://pandoc.org/getting-started.html

Canonical Tag: dephash-<REPO_VERSION>
Latest URL: govtechsg/cicd-images:dephash-latest

See https://github.com/govtechsg/version-tagging-scripts for more information on using this. Commands are symbolic linked to the system variable directory so you can use the following commands:

• dephash ./path/to/file --npm
• dephash ./path/to/file --npm --prod
• dephash ./path/to/file --npm --dev
• dephash ./path/to/file --yarn

Canonical Tag: dind-<DOCKER_VERSION>
Latest URL: govtechsg/cicd-images:dind-latest

To use this image, you will need to configure this image so that the host file at path /var/run/docker.sock is mapped to the /var/run/docker.sock in the container. (This is a privilege mode and not recommended for production use.)

• https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/
• https://www.develves.net/blogs/asd/2016-05-27-alternative-to-docker-in-docker/
• https://getintodevops.com/blog/the-simple-way-to-run-docker-in-docker-for-ci

Canonical Tag: gkecli-<GOOGLE_SDK_VERSION>
Latest URL: govtechsg/cicd-images:gkecli-latest

An additional child image, or a script should be added to this to set Google credentials and retrieve the Kubernetes configurations.

• https://cloud.google.com/kubernetes-engine/docs/quickstart

Canonical Tag: karma-<CHROMIUM_VERSION>
Latest URL: govtechsg/cicd-images:karma-latest

Karma is not included in the karma image, this image only provides the base for it to run ChromeHeadless. Remember to include the --no-sandbox flag in the Karma configuration.

Canonical Tag: kubectl-<KUBECTL_VERSION>
Latest URL: govtechsg/cicd-images:kubectl-latest

For use when there's a deployment to a Kubernetes deployment.

Canonical Tag: node-<NODE_VERSION>
Latest URL: govtechsg/cicd-images:node<NODE_MAJOR_VERSION>-latest

All LTS versions of Node, and the latest major version (LTS or otherwise) are builit.

• https://github.com/nodejs/Release

Canonical Tag: pivotaltracker-commit-ruby-<VERSION_RUBY>_code-><VERSION_CODE>
Latest URL: govtechsg/cicd-images:pivotaltracker-commit-latest

Canonical Tag: chrome-oracle-py-<ORACLE_VERSION>-<PYTHON_VERSION>
Latest URL: govtechsg/cicd-images:chrome-oracle-py-<ORACLE_VERSION>-<PYTHON_VERSION>-latest

Python Versions:

• 2.7
• 3.6
• 3.7

Oracle Versions:

• 12.2.0.1.0

• Versions available are listed here. The downloaded python image version will be as follows: python:${PYTHON_VERSION}-slim-stretch
• For use as a base image for robot regression frameworks.
  1. pip freeze > requirements.txt in regression project folder
  2. Add this instruction to your regression Dockerfile

     COPY requirements.txt ./
     RUN pip install -r requirements.txt
     

     Or just just mount requirements.txt to container and include pip install -r requirements.txt in your entrypoint.

Canonical Tag: sqlplus-<ORACLE_VERSION>
Latest URL: govtechsg/cicd-images:sqlplus-<ORACLE_VERSION>-latest

Oracle Versions:

• 12.2

Canonical Tag: trinity-<AWS_CLI_VERSION>-<DOCKER_VERSION>-<KUBECT_VERSION>
Latest URL: govtechsg/cicd-images:trinity-latest

Canonical Tag: vtscripts-<VTSCRIPTS>
Latest URL: govtechsg/cicd-images:vtscripts-latest

See https://github.com/govtechsg/version-tagging-scripts for more information on using this. Commands are symbolic linked to the system variable directory so you can use the following commands:

• init -q
• get-branch -q
• get-latest -q
• get-next -q
• iterate -q

Canonical Tag: k6-<K6_VERSION>
Latest URL: govtechsg/cicd-images:k6-latest

Canonical Tag: trivy-<TRIVY_VERSION>-<AWS_CLI_VERSION>
Latest URL: govtechsg/cicd-images:trivy-latest

This image helps to implement the load testing using K6. Check here for more info https://k6.io/docs/

NOTE: Using Dockerhub flow for local testing, actual flow is using AWS ECR.

Images specified here can be uploaded to other repositories if you so wish. The commands are:

The build script creates the build for the specified image:

DH_REPO=__URL_TO_REPO__
IMAGE_NAME=__DIRECTORY_NAME__
./.scripts/.build.sh "${DH_REPO}" "${IMAGE_NAME}"

An example to upload to a DockerHub at yourusername/yourimage:dind-latest:

DH_REPO="yourusername/yourimage"
IMAGE_NAME="dind"
./.scripts/.build.sh "${DH_REPO}" "${IMAGE_NAME}"

The publish script in each directory sends your built image to DockerHub and relies on the ./.scripts/.build.sh script being run prior to it. The general format of usage:

DH_REPO=__URL_TO_REPO__
IMAGE_NAME=__DIRECTORY_NAME__
./${IMAGE_NAME}/.publish.sh "${DH_REPO}:${IMAGE_NAME}"

A corresponding example to upload to a DockerHub repository at yourusername/yourimage:dind-latest:

DH_REPO="yourusername/yourimage"
IMAGE_NAME="dind"
./${IMAGE_NAME}/.publish.sh "${DH_REPO}:${IMAGE_NAME}"

Each directory and type of image has its own publish script because of the different ways they are versioned.