Ready-to-use Docker container image for AWS CodeBuild/CodePipeline, Bitbucket Pipelines, CircleCI, GitHub Actions, GitLab runner jobs and Google Cloud Build.
Image:
cyclenerd/cloud-tools-container:latest
Multiarch support:
amd64: Intel or AMD 64-Bit CPU (x86-64)arm64: Arm-based 64-Bit CPU (i.e. Apple silicon, AWS Graviton, Ampere Altra)
This project uses GitHub Actions for automated builds and deployments. The image is regularly rebuilt on the 15th of each month.
This Docker container image is based on the Ubuntu 24.04 release (ubuntu:noble).
The following software is included and tested:
- Ansible infrastructure as configuration (IaC) software tool (
ansibleandansible-playbook) - AWS command line interface (CLI) tools (
aws) - Firebase command line interface (CLI) tools (
firebase) - fuego command line firestore client (
fuego) - GCR Cleaner deletes old container images on registries (
gcr-cleaner-cli) - Google Cloud command line interface (CLI) tools (
gcloud,gsutilandbq) - Open Policy Agent general-purpose policy engine, context-aware policy enforcement (
opa) - Packer (
packer) - ShellCheck analysis and linting tool for Shell/Bash scripts (
shellcheck) - skopeo command line utility that performs various operations on container images and repositories (
skopeo) - Terraform infrastructure as configuration (IaC) software tool (
terraform)- terraform-docs generates documentation from Terraform modules (
terraform-docs) - Terragrunt thin wrapper that provides extra tools (
terragrunt) - tflint linting tool for Terraform code (
tflint) - tfsec analysis security scanner for Terraform code (
tfsec)
- terraform-docs generates documentation from Terraform modules (
- Kubernetes
- Helm package manager for Kubernetes (
helm) - Kubernetes cluster manager command line tool for communicating with a Kubernetes cluster (
kubectl)
- Helm package manager for Kubernetes (
- Vault password manager and authentication tool (
vault) - Base packages
- GNU bash 5 (
bash) - apt-utils
- Advanced Packaging Tool package manager (
apt,apt-get)
- Advanced Packaging Tool package manager (
- build-essential
- GNU C compiler
gcc - make utility for directing compilation (
make)
- GNU C compiler
- Common CA certificates
- curl tool for transferring data with URL syntax (
curl) - DiG DNS lookup utility (
dig) - FIGlet prints its input using large characters (
figlet) - git distributed revision control system (
git) - jq JSON processor (
jq) - Mutt command line email client (
mutt) - Node.js JavaScript runtime environment (
node)- npm package manager for the JavaScript (
npm)
- npm package manager for the JavaScript (
- OpenSSL cryptography toolkit (
openssl) - OpenSSH remote login client (
ssh) - Perl 5 programming language (
perl)- cpanm modules installer for Perl (
cpanm)
- cpanm modules installer for Perl (
- Python 3 programming language (
python3)- pip package installer for Python (
pip3)
- pip package installer for Python (
- Go programming language (
go) - GNU tar archiving utility (
tar) - De-archiver for .zip files (
unzip) - Archiver for .zip files (
zip)
- GNU bash 5 (
Runs a command in the container, pulling the image if needed and starting the container.
Docker run command:
docker run cyclenerd/cloud-tools-container:latest aws --versionPodman run command:
podman run docker.io/cyclenerd/cloud-tools-container:latest aws --versionExample configurations for various CI/CD tools.
AWS CodeBuild configuration:
{
"environment": {
"type": "LINUX_CONTAINER",
"image": "cyclenerd/cloud-tools-container:latest",
"computeType": "BUILD_GENERAL1_SMALL"
},
}Google Cloud Build (cloudbuild.yaml) configuration file:
steps:
- name: 'cyclenerd/cloud-tools-container:latest'
entrypoint: 'gcloud'
args: ['--version']GitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Service Account Key:
variables:
GOOGLE_APPLICATION_CREDENTIALS: "/tmp/service_account_key.json"
default:
image: cyclenerd/cloud-tools-container:latest
before_script:
# Login
- echo "$YOUR_GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY" > "$GOOGLE_APPLICATION_CREDENTIALS"
- gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS"
stages:
- auth
gcloud-auth-list:
stage: auth
script:
- gcloud auth listGitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Workload Identity Federation login:
variables:
WIF_PROVIDER: projects/1057256049272/locations/global/workloadIdentityPools/gitlab-com/providers/gitlab-com-oidc
SERVICE_ACCOUNT: gitlab-ci@nkn-it-wif-demo.iam.gserviceaccount.com
GOOGLE_CREDENTIALS: gcp_temp_cred.json
default:
image: cyclenerd/cloud-tools-container:latest
before_script:
# Login
- echo "${CI_JOB_JWT_V2}" > gitlab_jwt_token.txt
- gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
--service-account="${SERVICE_ACCOUNT}"
--output-file=${GOOGLE_CREDENTIALS}
--credential-source-file=gitlab_jwt_token.txt
- gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
stages:
- auth
gcloud-auth-list:
stage: auth
script:
- gcloud auth listBitbucket pipeline configuration (bitbucket-pipelines.yml) with Google Cloud Workload Identity Federation login:
image: cyclenerd/cloud-tools-container:latest
pipelines:
default:
- step:
name: "Workload Identity Federation"
# Enable OIDC
oidc: true
max-time: 5
script:
# Set variables
- export WIF_PROVIDER='projects/753695557698/locations/global/workloadIdentityPools/bitbucket-org/providers/bitbucket-org-oidc'
- export SERVICE_ACCOUNT='bitbucket-pipeline@nkn-it-wif-demo-0.iam.gserviceaccount.com'
- export GOOGLE_CREDENTIALS='gcp_temp_cred.json'
# Configure Workload Identity Federation via a credentials file.
- echo ${BITBUCKET_STEP_OIDC_TOKEN} > .ci_job_jwt_file
- gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
--service-account="${SERVICE_ACCOUNT}"
--output-file="${GOOGLE_CREDENTIALS}"
--credential-source-file=.ci_job_jwt_file
- gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
# Now you can run gcloud commands authenticated as the impersonated service account.GitHub Actions configuration:
jobs:
cloud-tools-container:
runs-on: 'ubuntu-latest'
# Use container to run the steps in a job
container:
image: 'docker://cyclenerd/cloud-tools-container:latest'
steps:
- name: "Terraform"
run: terraform --versionCircleCI configuration:
jobs:
cloud-tools-container:
docker:
- image: cyclenerd/cloud-tools-container:latest
steps:
- run:
name: Google Cloud CLI
command: gcloud --versionMulti-Platform Image (AMD64 and ARM64)
To build a container image that can run on both AMD64 and ARM64 architectures, use the following command:
podman manifest create "cloud-tools-container"
podman build . \
--manifest "cloud-tools-container" \
--platform "linux/amd64,linux/arm64" \
--tag "cloud-tools-container:multi"Platform-Specific Images
Create a container image only for Intel or AMD 64-Bit CPU (x86-64):
podman build . \
--platform "linux/amd64" \
--tag "cloud-tools-container:amd64"Create a container image only for Arm-based 64-Bit CPU:
podman build . \
--platform "linux/arm64" \
--tag "cloud-tools-container:arm64"(Alternative) Combining Images into a Multi-Platform Image
To combine platform-specific images into one multi-platform image:
podman manifest create "cloud-tools-container:multi" \
--amend "cloud-tools-container:amd64" \
--amend "cloud-tools-container:arm64"
podman manifest inspect "cloud-tools-container:multi" | jqHave a patch that will benefit this project? Awesome! Follow these steps to have it accepted.
- Please read how to contribute.
- Fork this Git repository and make your changes.
- Create a Pull Request.
- Incorporate review feedback to your changes.
- Accepted!
All files in this repository are under the Apache License, Version 2.0 unless noted otherwise.