A Docker image to build with Terraform and the AWS CLI on CI servers (like Bitbucket or GitHub Actions)

These images are available in Docker Hub.

Images are also published to the GitHub Container Repository, but those images are intended only for use in this project's CI pipeline. Docker Hub has a much cleaner version history.

This image can be used as the container in a GitHub action like this:

jobs:
  my_job:
    runs-on: ubuntu-latest # Use Ubuntu to spin up the Action's Docker container
    container: jdlubrano/terraform-aws-ci:latest # Or use a stable v*.*.* tag
    steps:
      - uses: actions/checkout@v2
      - name: My Terraform step
        run: terraform init
      - name: My AWS CLI step
        run: aws --version

This image can be used in a Bitbucket pipeline like this:

image: jdlubrano/terraform-aws-ci:latest # Or use a stable v*.*.* tag

pipelines:
  default:
    - step:
        name: My Terraform step
        script:
          - terraform init
    - step:
        name: My AWS step
        script:
          - aws --version

You can, of course, also use this image for a specific build step, too:

pipelines:
  default:
    - step:
        name: My Terraform and AWS steps
        image: jdlubrano/terraform-aws-ci:latest # Or use a stable v*.*.* tag
        script:
          - terraform init
          - aws --version

These images are scanned by Snyk on a nightly basis. A new patch version will be released as quickly as possible when a fix for any security vulnerability becomes available.

One way to build a new Docker image that includes updated security patches is to push an empty commit and then push a new patch-level tag.

git commit --allow-empty -m "Empty commit to pick up security patches"
git push origin main
# ...wait for passing build
git tag ...
git push --tags