/build-env

Used for Bitrise build environment

Primary LanguageShellMIT LicenseMIT

Bitrise build env package

Bitrise building environment for internal services. Contains pre-installed tools to facilitate microservice & infrastructure workflows. Bitrise infrastructure is fully handled with official steplib cached.

Preinstalled packages

  • gcloud CLI
    • python
  • kubectl
  • go
  • tfswitch + terraform
  • bitrise CLI
  • nodejs
  • tfsec (github.com/tfsec/tfsec/cmd/tfsec)

Preinstalled GO packages

  • github.com/kisielk/errcheck
  • golang.org/x/lint/golint

Environment initializer Step

Beside preinstalled tools this package also contains an environment initializer step which takes care of multiple things. Every step is optional, depending on whether you specify or not the corresponging inputs:

  • GCLOUD_KEY: Setup and authenticate gcloud CLI from a service user key (optional)
  • GKE_CLUSTER: Setup a specific cluster to kubectl (optional)
  • GKE_CLUSTER_REGION: Region of specific cluster (only regional supported - optional)
  • TERRAFORM_DIR: Initializes terraform in a specific directory (optional)
  • TERRAFORM_SECRETS: Creates "secrets.auto.tfvars" file from secret env vars (optional)
  • TERRAFORM_WORKSPACE: Initializes specific terraform workspace (optional)

Terraform initialization checks if a backend configuration file with the name $TERRAFORM_WORKSPACE-backend.tfvars is present. If such config file is found, it is passed to the init command. This can be used to set the remote terraform backend's bucket.

Please note that using terraform initialization for an empty non-default (e.g. staging) workspace is not supported. Manually init the workspace first, then you can use it with this tool.

It will choose the current terraform version based on the requirement specified in your terraform code. Highly recommended to specify the version!. Example:

terraform {
  required_version = "= 0.14.7"
}

Preinstalled version: 0.14.7

Usage in bitrise workflow:

- git::https://github.com/bitrise-io/build-env@master:
    title: Set up environment
    run_if: $.IsCI
    inputs:
      - SERVICE_NAME: $SERVICE_NAME
      - GCLOUD_KEY: $GCLOUD_KEY
      - GKE_CLUSTER: $GKE_CLUSTER
      - GKE_CLUSTER_REGION: $REGION
      - TERRAFORM_DIR: $BITRISE_SOURCE_DIR/infra
      - TERRAFORM_SECRETS: "$TF_SECRETS"

Future plans

  1. Versioning of this image on Bitrise VMs cache
  2. Enforce using us.gcr.io container registry
  3. Migrate dockerhub for quay.io
  4. Build CI
  5. Security check on preinstalled tools
  6. Automated terraform security check using tfsec (github.com/tfsec/tfsec/cmd/tfsec)