Build apko images with terraform.
This repository contains a terraform module to facilitate building an image with apko and signing the supply chain metadata with ambient credentials (e.g. github actions workload identity).
Currently the following supply chain metadata is surfaced:
- The images are signed by the workload,
- The SPDX SBOM are attestated by the workload.
Requirements
No requirements.
Providers
| Name | Version |
|---|---|
| apko | n/a |
| cosign | n/a |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| apko_build.this | resource |
| cosign_attest.apko-configuration | resource |
| cosign_attest.sboms | resource |
| cosign_attest.slsa-provenance | resource |
| cosign_sign.signature | resource |
| apko_config.this | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| config | The apko configuration file to build and publish. | any |
n/a | yes |
| default_annotations | Default annotations to apply to this image. | map(string) |
{} |
no |
| extra_packages | Additional packages to install into this image. | list(string) |
[] |
no |
| target_repository | The docker repo into which the image and attestations should be published. | any |
n/a | yes |
Outputs
| Name | Description |
|---|---|
| arch_to_image | n/a |
| archs | n/a |
| config | n/a |
| image_ref | n/a |