fix: restore tree dropped by 6d224861; land stem95su gdrive-sync (10m) [ci skip]
6d224861 came from a --no-checkout worktree whose empty index made the
commit drop every file except two. This restores 05b50d2b's full tree and
correctly adds stacks/stem95su/gdrive-sync.tf + the service-catalog stem95su
entry. Forward-only (parent=6d224861, no force-push); [ci skip] since the
live infra was never applied from the broken commit.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>This commit is contained in:
Viktor Barzin
parent
6d224861c4
commit
fd0f4a0365
1166 changed files with 358546 additions and 0 deletions
55
ci/Dockerfile
Normal file
55
ci/Dockerfile
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
FROM alpine:3.20
|
||||
|
||||
# Pin versions to match CI requirements
|
||||
ARG TERRAFORM_VERSION=1.5.7
|
||||
ARG TERRAGRUNT_VERSION=0.99.4
|
||||
ARG SOPS_VERSION=3.9.4
|
||||
ARG KUBECTL_VERSION=1.34.0
|
||||
ARG VAULT_VERSION=1.18.1
|
||||
|
||||
# Install system packages (single layer).
|
||||
# python3: required by scripts/check-ingress-auth-comments.py, invoked
|
||||
# by scripts/tg before every plan/apply.
|
||||
RUN apk add --no-cache \
|
||||
bash curl git git-crypt jq openssh-client openssl python3 unzip \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
|
||||
# Terraform
|
||||
RUN curl -fsSL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" \
|
||||
-o /tmp/terraform.zip \
|
||||
&& unzip /tmp/terraform.zip -d /usr/local/bin/ \
|
||||
&& rm /tmp/terraform.zip \
|
||||
&& terraform version
|
||||
|
||||
# Terragrunt
|
||||
RUN curl -fsSL "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" \
|
||||
-o /usr/local/bin/terragrunt \
|
||||
&& chmod +x /usr/local/bin/terragrunt \
|
||||
&& terragrunt --version
|
||||
|
||||
# SOPS (for state encryption)
|
||||
RUN curl -fsSL "https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.amd64" \
|
||||
-o /usr/local/bin/sops \
|
||||
&& chmod +x /usr/local/bin/sops
|
||||
|
||||
# kubectl
|
||||
RUN curl -fsSL "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" \
|
||||
-o /usr/local/bin/kubectl \
|
||||
&& chmod +x /usr/local/bin/kubectl
|
||||
|
||||
# Vault CLI — required by scripts/tg for Tier 1 stack PG credential reads
|
||||
# and Tier 0 advisory locks. Pinned to server version (1.18.1). Without this
|
||||
# the CI pipeline surfaces the misleading "Cannot read PG credentials" error
|
||||
# because scripts/tg swallows stderr ("vault: not found").
|
||||
RUN curl -fsSL "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" \
|
||||
-o /tmp/vault.zip \
|
||||
&& unzip /tmp/vault.zip -d /usr/local/bin/ \
|
||||
&& rm /tmp/vault.zip \
|
||||
&& vault version
|
||||
|
||||
# Provider cache directory (shared across stacks)
|
||||
ENV TF_PLUGIN_CACHE_DIR=/tmp/terraform-plugin-cache
|
||||
ENV TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=1
|
||||
RUN mkdir -p /tmp/terraform-plugin-cache
|
||||
|
||||
WORKDIR /workspace
|
||||
Loading…
Add table
Add a link
Reference in a new issue