cloudposse · osterman · Jun 26, 2024 · Jun 14, 2024 · Jun 14, 2024 · Jun 14, 2024
@@ -6,6 +6,13 @@ on:
 
   workflow_dispatch:
 
+permissions:
+  attestations: write
+  contents: write
+  id-token: write
+  pull-requests: write
+  packages: write
+
 concurrency:
   group: ${{ github.workflow }}
   cancel-in-progress: false
@@ -27,3 +34,35 @@ jobs:
           formula-path: Formula/a/atmos.rb
         env:
           COMMITTER_TOKEN: ${{ secrets.GH_BOT_TOKEN }}
+
+  docker:
+    name: "Build and push Docker image for Atmos CLI"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout source code at current commit"
+        uses: actions/checkout@v4
+
+      - name: "Docker Build"
+        id: build
+        uses: cloudposse/github-action-docker-build-push@main
+        with:
+          registry: ghcr.io
+          organization: "${{ github.event.repository.owner.login }}"
+          repository: "${{ github.event.repository.name }}"
+          login: "${{ github.actor }}"
+          password: "${{ secrets.GITHUB_TOKEN }}"
+          platforms: linux/amd64,linux/arm64
+          file: Dockerfile
+          build-args: |
+            ATMOS_VERSION=${{ github.event.release.tag_name }}
+
+      - name: "Verify Image"
+        run: |
+            docker pull ${{ steps.build.outputs.image }}:${{ steps.build.outputs.tag}}
+
+      - name: "Job Summary"
+        run: |
+          echo "## Docker Image Summary" >> $GITHUB_STEP_SUMMARY
+          echo '```json' >> $GITHUB_STEP_SUMMARY
+          docker inspect ${{ steps.build.outputs.image }}:${{ steps.build.outputs.tag}}  >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
@@ -86,6 +86,40 @@ jobs:
       format: binary
     secrets: inherit
 
+  docker:
+    name: "Docker Lint"
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - uses: hadolint/[email protected]
+      id: hadolint
+      with:
+        dockerfile: Dockerfile
+        failure-threshold: warning
+        format: sarif
+        output-file: hadolint.sarif
+
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v3
+      if: always()
+      with:
+        # Path to SARIF file relative to the root of the repository
+        sarif_file: hadolint.sarif
+        # Optional category for the results (used to differentiate multiple results for one commit)
+        category: hadolint
+        wait-for-processing: true
+
+    - name: "Job Summary"
+      if: always()
+      run: |
+        echo "## Docker Lint (${{ steps.hadolint.outcome }})" >> $GITHUB_STEP_SUMMARY
+        echo '```' >> $GITHUB_STEP_SUMMARY
+        echo "${HADOLINT_RESULTS}"  >> $GITHUB_STEP_SUMMARY
+        echo '```' >> $GITHUB_STEP_SUMMARY
+
   # run localstack demo tests
   localstack:
     name: "[localstack] ${{ matrix.demo-folder }}"

@@ -0,0 +1,41 @@
+# Use a base image with platform specification
+FROM --platform=$BUILDPLATFORM debian:bookworm-slim
+
+# Define the arguments for Atmos version and platforms
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+ARG ATMOS_VERSION
+
+SHELL ["/bin/bash", "-c"]
+
+# Check if ATMOS_VERSION is set
+RUN if [ -z "$ATMOS_VERSION" ]; then echo "ERROR: ATMOS_VERSION argument must be set" && exit 1; fi
+
+# Update the package list and install curl and git
+RUN apt-get update && apt-get install -y curl git
+
+# Install the Cloud Posse Debian repository
+RUN curl -1sLf 'https://dl.cloudsmith.io/public/cloudposse/packages/cfg/setup/bash.deb.sh' | bash
+
+# Install OpenTofu
+RUN curl -1sSLf 'https://get.opentofu.org/install-opentofu.sh' | bash -s -- --root-method none --install-method deb
+
+# Install Kustomize binary (required by Helmfile)
+RUN curl -1sSLf "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"  | bash -s -- /usr/local/bin
+
+# Install toolchain used with Atmos
+RUN apt-get -y install terraform kubectl helmfile helm
+
+# Install the helm-diff plugin required by Helmfile
+RUN helm plugin install https://github.com/databus23/helm-diff
+
+# Install Atmos from the GitHub Release
+RUN case ${TARGETPLATFORM} in \
+        "linux/amd64") OS=linux; ARCH=amd64 ;; \
+        "linux/arm64") OS=linux; ARCH=arm64 ;; \
+        *) echo "Unsupported platform: ${TARGETPLATFORM}" && exit 1 ;; \
+    esac && \
+    ATMOS_VERSION=${ATMOS_VERSION#v} && \
+    echo "Downloading Atmos v${ATMOS_VERSION} for ${OS}/${ARCH}" && \
+    curl -1sSLf "https://github.com/cloudposse/atmos/releases/download/v${ATMOS_VERSION}/atmos_${ATMOS_VERSION}_${OS}_${ARCH}" -o /usr/local/bin/atmos && \
+    chmod +x /usr/local/bin/atmos