Migrate to TENV

.config/.pre-commit-config.yaml

@@ -3,8 +3,13 @@ exclude: '(^.+\.log$)'
 default_language_version:
   python: python3
 repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.16.1
+    hooks:
+      - id: gitleaks
+
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.2.0
+    rev: v4.6.0
     hooks:
       - id: check-yaml
       - id: end-of-file-fixer
@@ -25,8 +30,4 @@ repos:
         args:
           - --allow-missing-credentials
 
-  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.74.2
-    hooks:
-      - id: terraform_validate
-      - id: terraform_fmt
+

.github/workflows/build_docker.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        image: [ TFEnv, TFlint, TerraformDocs ]  # Specify the Docker images you want to build
+        image: [ TEnv, TFlint, TerraformDocs ]  # Specify the Docker images you want to build
 
     steps:
     - name: Checkout repository

automation/TEnv/Dockerfile

@@ -0,0 +1,64 @@
+ARG ALPINE_VERSION=3.20
+FROM "alpine:${ALPINE_VERSION}"
+
+# Runtime dependencies
+RUN apk add --no-cache --purge \
+    curl \
+    aws-cli \
+    python3 py3-pip \
+    git \
+    wget \
+    openssh-client \
+    make \
+    zip zip-doc \
+    curl curl-doc \
+    build-base gcc-doc \
+    libffi-dev zlib-dev linux-headers \
+    openssl \
+    jq \
+    ;
+
+RUN apk --update --no-cache --allow-untrusted --repository http://dl-cdn.alpinelinux.org/alpine/edge/community add \
+    corkscrew \
+    && rm -rf /var/cache/apk/* \
+          /tmp/* \
+          /var/tmp/*
+
+ARG TENV_VERSION=3.2.4
+
+VOLUME /var/tenv
+
+RUN wget -O /tmp/tenv.apk "https://github.com/tofuutils/tenv/releases/download/v${TENV_VERSION}/tenv_v${TENV_VERSION}_386.apk" \
+    && apk add --allow-untrusted /tmp/tenv.apk \
+    && mkdir -p /var/tenv \
+    && chmod -R 777 /var/tenv \
+    && rm /tmp/tenv.apk
+
+RUN apk add --no-cache --purge \
+                git \
+                bash \
+                build-base \
+                libffi-dev \
+                openssl-dev \
+                bzip2-dev \
+                zlib-dev \
+                xz-dev \
+                readline-dev \
+                sqlite-dev \
+                tk-dev \
+                linux-headers \
+                vim \
+                ;
+
+# install pyenv pyenv-doctor pyenv-installer pyenv-update pyenv-virtualenv pyenv-which-ext
+RUN curl https://raw.githubusercontent.com/pyenv/pyenv-installer/master/bin/pyenv-installer | bash
+RUN mv /root/.pyenv /pyenv
+# these need to go into your .bashrc
+# ENV PYENV_ROOT "/pyenv"
+# ENV PATH "$PYENV_ROOT/bin:$PATH"
+# RUN eval "$(pyenv init -)"
+# RUN eval "$(pyenv virtualenv-init -)"
+# RUN pyenv install 3.8 3.9 3.10 3.11 3.12
+# ENV PATH "$PYENV_ROOT/bin:$PYENV_ROOT/shims:$PATH"
+
+ENTRYPOINT ["/usr/bin/tenv"]

automation/jinja2/compute_deps.py

@@ -5,7 +5,7 @@
 
 
 default_exec_order = 0
-        
+
 def get_current_exec_order(exec_plan:list, plan_name:str):
     for i in range(len(exec_plan)):
         for item in exec_plan[i]:
@@ -42,7 +42,7 @@ def build_exec_plan(plans:list):
                     plan_exec_order = dependency_exec_order + 1
                     changed = True
     return exec_plan
-                
+
 def print_exec_plan(exec_plan:list):
     for exec_order in range(len(exec_plan)):
         print(f"order[{exec_order}]: {exec_plan[exec_order]}")
@@ -72,14 +72,14 @@ def main():
 
     # Parse YAML file and create an object
     config_data = parse_yaml_file(args.config_file)
-    
+
     # generate execution plan
     plans = config_data.get('plans',[])
     exec_plan = build_exec_plan(plans=plans)
-    
+
     # Combine environment variables and YAML data
     context = {**os.environ, **config_data, **{"plans_execution_plan":exec_plan}}
-    
+
     # Render Jinja template
     rendered_content = render_template(args.template_file, context)
     with open(args.output_file, 'w') as output_file:
@@ -88,4 +88,4 @@ def main():
     print(f"Template successfully rendered and saved to {args.output_file}")
 
 if __name__ ==  "__main__":
-    main()
+    main()

automation/jinja2/render.py

@@ -53,7 +53,7 @@ def rend_template(self):
             var_data = yaml.full_load(f)
         # compute execution plan
         for idx in range(len(var_data['plans'])):
-            var_data['plans'][idx] = var_data['plans'][idx] if var_data['plans'][idx].startswith('name: ') else {
+            var_data['plans'][idx] = var_data['plans'][idx] if isinstance(var_data['plans'][idx], dict) and 'name' in var_data['plans'][idx] else {
                 'name': var_data['plans'][idx]} # this is for backward compatiblity
         exec_plan = compute_deps.build_exec_plan(plans=var_data['plans'])
         var_data['exec_plan'] = exec_plan

automation/jinja2/templates/.env.dist.j2

@@ -40,8 +40,8 @@ GIT_DEPTH={{ GIT_DEPTH | default(20) }}
 ########################################################################################################################
 DOCKER_REGISTRY={{ DOCKER_REGISTRY | default("", true)  }}
 BASH_VERSION_TAG={{ BASH_VERSION_TAG | default("5", true) }}
-TFENV_VERSION={{ TFENV_VERSION | default("3.0.0", true) }}
-TFENV_IMAGE_TAG={{ TFENV_IMAGE_TAG | default("latest", true) }}
+TENV_VERSION={{ TENV_VERSION | default("3.0.0", true) }}
+TENV_IMAGE_TAG={{ TENV_IMAGE_TAG | default("latest", true) }}
 TERRAFORM_DOCS_IMAGE_TAG={{ TERRAFORM_DOCS_IMAGE_TAG | default("latest", true) }}
 PRECOMMIT_IMAGE_TAG={{ PRECOMMIT_IMAGE_TAG | default("latest", true) }}
 TFLINT_IMAGE_TAG={{ TFLINT_IMAGE_TAG  | default("latest", true)}}
@@ -56,6 +56,7 @@ TRIVY_IMAGE_TAG={{ TRIVY_IMAGE_TAG | default("latest", true) }}
 TERRASCAN_IMAGE_TAG={{ TERRASCAN_IMAGE_TAG | default("latest", true) }}
 TERRAFORM_VERSION_CHECK_IMAGE_TAG={{ TERRAFORM_VERSION_CHECK_IMAGE_TAG | default("latest", true) }}
 SCOUTSUITE_VERSION={{ SCOUTSUITE_VERSION | default("latest", true) }}
+TENV_TOOL={{ TENV_TOOL | default("terraform", true) }}
 
 ########################################################################################################################
 # Terraform Logs
@@ -116,7 +117,7 @@ ACCOUNT_ID={{ ACCOUNT_ID }}
 {% if DEFAULT_UPGRADE is not defined or DEFAULT_UPGRADE == false %}
 TERRAFORM_UPGRADE_FLAG=
 {% endif %}
-TFENV_TERRAFORM_VERSION={{ terraform_version | default("", true) }}
+TENV_TERRAFORM_VERSION={{ terraform_version | default("", true) }}
 
 {% if CUSTOM_ENV is defined %}
 ########################################################################################################################

automation/jinja2/templates/.gitlab-ci.yml.j2

@@ -26,7 +26,7 @@ variables:
   # Docker Image Tag
   TFLINT_IMAGE_TAG: "{{ environ('TFLINT_IMAGE_TAG') }}"
   PRECOMMIT_IMAGE_TAG: "{{ environ('PRECOMMIT_IMAGE_TAG') }}"
-  TFENV_IMAGE_TAG: "{{ environ('TFENV_IMAGE_TAG') }}"
+  TENV_IMAGE_TAG: "{{ environ('TENV_IMAGE_TAG') }}"
   DRIFTCTL_IMAGE_TAG: "{{ environ('DRIFTCTL_IMAGE_TAG') }}"
 
   ### global variables ###
@@ -38,8 +38,9 @@ variables:
   DEFAULT_TRIVY_CONFIG: "{{ environ('DEFAULT_TRIVY_CONFIG') }}"
   DEFAULT_TERRASCAN_CONFIG: "{{ environ('DEFAULT_TERRASCAN_CONFIG') }}"
   DEFAULT_TERRAFORM_DOCS_CONFIG: "{{ environ('DEFAULT_TERRAFORM_DOCS_CONFIG') }}"
+  TENV_TOOL: "{{ TENV_TOOL }}"
 
-  TFENV_TERRAFORM_VERSION: "{{ environ('TFENV_TERRAFORM_VERSION') }}"
+  TENV_TERRAFORM_VERSION: "{{ environ('TENV_TERRAFORM_VERSION') }}"
   TERRAFORM_UPGRADE_FLAG: "{{ environ('TERRAFORM_UPGRADE_FLAG') }}"
 
   # NEED TO BE CHANGED FOR EACH PROJECT
@@ -154,10 +155,10 @@ stages:
 
 .terraform-base: &terraform_base
   image:
-    name: ${DOCKER_REGISTRY}tfenv:${TFENV_IMAGE_TAG}
+    name: ${DOCKER_REGISTRY}tenv:${TENV_IMAGE_TAG}
     entrypoint:
       - '/usr/bin/env'
-      - 'PATH=/pyenv/bin:/pyenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/tfenv/bin/'
+      - 'PATH=/pyenv/bin:/pyenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
   <<: *base
 
 {% if  GITLAB_JOBS["terraform-trivy"]  %}
@@ -169,14 +170,14 @@ stages:
     name: aquasec/trivy:latest
     entrypoint:
       - '/usr/bin/env'
-      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/tfenv/bin/'
+      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
   <<: *base
 
 {% endif %}
 {% if  GITLAB_JOBS["terraform-lint"]  %}
 .terraform-lint:
   image:
-    name: ${DOCKER_REGISTRY}tfenv:${TFENV_IMAGE_TAG}
+    name: ${DOCKER_REGISTRY}tenv:${TENV_IMAGE_TAG}
     entrypoint:
       - '/usr/bin/env'
       - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
@@ -632,4 +633,4 @@ delete_{{ plan_slug }}:
     - make destroyauto_{{ plan_slug }}
 
 {% endfor %} {# exec_batch #}
-{% endfor %} {# delete_exec_plan #}
+{% endfor %} {# delete_exec_plan #}

configure.yaml.dist

@@ -20,11 +20,11 @@ PROJECT_DIR:
 # Docker Compose image tags to use
 ########################################################################################################################
 # docker-compose.yaml terraform image
-BASH_VERSION_TAG: 5
-TFENV_VERSION: 3.0.0
+ALPINE_VERSION_TAG: 3.20
+TENV_VERSION: 3.2.4
 # Tools image versions
 DOCKER_REGISTRY: public.ecr.aws/h1a2u4u1/
-TFENV_IMAGE_TAG: STARTER_KIT_CURRENT_VERSION
+TENV_IMAGE_TAG: STARTER_KIT_CURRENT_VERSION
 TFLINT_IMAGE_TAG: STARTER_KIT_CURRENT_VERSION
 TERRAFORM_DOCS_IMAGE_TAG: STARTER_KIT_CURRENT_VERSION
 PRECOMMIT_IMAGE_TAG: v1.89.0
@@ -40,6 +40,7 @@ TERRASCAN_IMAGE_TAG: latest
 TERRAFORM_VERSION_CHECK_IMAGE_TAG: latest
 SCOUTSUITE_VERSION: latest
 
+TENV_TOOL: terraform
 ########################################################################################################################
 # Docker Compose custom volumes
 ########################################################################################################################

docker-compose.yml

@@ -3,19 +3,18 @@
 services:
   terraform:
     container_name: ${COMPOSE_PROJECT_NAME}_terraform
-    image: ${DOCKER_REGISTRY}tfenv:${TFENV_IMAGE_TAG}
+    image: ${DOCKER_REGISTRY}tenv:${TENV_IMAGE_TAG}
 #    build:
-#      dockerfile: automation/TFEnv/Dockerfile
+#      dockerfile: automation/TEnv/Dockerfile
 #      args:
-#        - TFENV_VERSION=${TFENV_VERSION}
-#        - BASH_VERSION=${BASH_VERSION_TAG}
-#    image: tfenv:${BASH_VERSION_TAG}-${TFENV_VERSION}
+#        - TENV_VERSION=${TENV_VERSION}
+#        - ALPINE_VERSION_TAG=${ALPINE_VERSION_TAG}
+#    image: tenv:${ALPINE_VERSION_TAG}-${TENV_VERSION}
     user: ${MY_UID}:${MY_GID}
     environment:
       AWS_ACCESS_KEY_ID: "${AWS_ACCESS_KEY_ID}"
       AWS_SECRET_ACCESS_KEY: "${AWS_SECRET_ACCESS_KEY}"
       AWS_SESSION_TOKEN: "${AWS_SESSION_TOKEN}"
-      TFENV_TERRAFORM_VERSION: "${TFENV_TERRAFORM_VERSION}"
     env_file:
       - .env
     working_dir: ${DOCKER_WORKDIR}