cyclenerd/cloud-tools-container

By cyclenerd

Updated 11 days ago

📦 Ready-to-use image with cloud tools (AWS CLI, Google Cloud CLI, Terraform, Packer, Ansible)

Image
Integration & Delivery
Developer Tools

986

Cloud Tools Container

Badge: AnsibleBadge: AWSBadge: BitbucketBadge: CircleCIBadge: DockerBadge: FirebaseBadge: GitLabBadge: GNU BashBadge: GoBadge: Google CloudBadge: Hetzer CloudBadge: KubernetesBadge: PackerBadge: PerlBadge: PythonBadge: TerraformBadge: UbuntuBadge: VaultBadge:Last releaseBadge: License

Ready-to-use Docker container image for AWS CodeBuild/CodePipeline, Bitbucket Pipelines, CircleCI, GitHub Actions, GitLab runner jobs and Google Cloud Build.

Image:

cyclenerd/cloud-tools-container:latest

Multiarch support:

  • amd64 : Intel or AMD 64-Bit CPU (x86-64)
  • arm64 : Arm-based 64-Bit CPU (i.e. Apple silicon, AWS Graviton, Ampere Altra)

This project uses GitHub Actions for automated builds and deployments. The image is regularly rebuilt on the 15th of each month.

Software

This Docker container image is based on the Ubuntu 24.04 release (ubuntu:noble).

The following software is included and tested:

Run

Runs a command in the container, pulling the image if needed and starting the container.

Docker 🐳

Docker run command:

docker run cyclenerd/cloud-tools-container:latest aws --version
Podman 🦭

Podman run command:

podman run docker.io/cyclenerd/cloud-tools-container:latest aws --version

Examples

Example configurations for various CI/CD tools.

AWS CodeBuild

AWS CodeBuild configuration:

{
  "environment": {
    "type": "LINUX_CONTAINER",
    "image": "cyclenerd/cloud-tools-container:latest",
    "computeType": "BUILD_GENERAL1_SMALL"
  },
}
Google Cloud Build

Google Cloud Build (cloudbuild.yaml) configuration file:

steps:
  - name: 'cyclenerd/cloud-tools-container:latest'
    entrypoint: 'gcloud'
    args: ['--version']
GitLab CI/CD

Google Cloud Service Account Key

GitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Service Account Key:

variables:
  GOOGLE_APPLICATION_CREDENTIALS: "/tmp/service_account_key.json"

default:
  image: cyclenerd/cloud-tools-container:latest
  before_script:
    # Login
    - echo "$YOUR_GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY" > "$GOOGLE_APPLICATION_CREDENTIALS"
    - gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS"

stages:
  - auth

gcloud-auth-list:
  stage: auth
  script:
    - gcloud auth list

Google Cloud Workload Identity Federation

GitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Workload Identity Federation login:

variables:
  WIF_PROVIDER: projects/1057256049272/locations/global/workloadIdentityPools/gitlab-com/providers/gitlab-com-oidc
  SERVICE_ACCOUNT: gitlab-ci@nkn-it-wif-demo.iam.gserviceaccount.com
  GOOGLE_CREDENTIALS: gcp_temp_cred.json

default:
  image: cyclenerd/cloud-tools-container:latest
  before_script:
    # Login
    - echo "${CI_JOB_JWT_V2}" > gitlab_jwt_token.txt
    - gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
      --service-account="${SERVICE_ACCOUNT}"
      --output-file=${GOOGLE_CREDENTIALS}
      --credential-source-file=gitlab_jwt_token.txt
    - gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
stages:
  - auth

gcloud-auth-list:
  stage: auth
  script:
    - gcloud auth list
Bitbucket Pipelines

Google Cloud Workload Identity Federation

Bitbucket pipeline configuration (bitbucket-pipelines.yml) with Google Cloud Workload Identity Federation login:

image: cyclenerd/cloud-tools-container:latest

pipelines:
  default:
    - step:
        name: "Workload Identity Federation"
        # Enable OIDC
        oidc: true
        max-time: 5
        script:
          # Set variables
          - export WIF_PROVIDER='projects/753695557698/locations/global/workloadIdentityPools/bitbucket-org/providers/bitbucket-org-oidc'
          - export SERVICE_ACCOUNT='bitbucket-pipeline@nkn-it-wif-demo-0.iam.gserviceaccount.com'
          - export GOOGLE_CREDENTIALS='gcp_temp_cred.json'
          # Configure Workload Identity Federation via a credentials file.
          - echo ${BITBUCKET_STEP_OIDC_TOKEN} > .ci_job_jwt_file
          - gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
            --service-account="${SERVICE_ACCOUNT}"
            --output-file="${GOOGLE_CREDENTIALS}"
            --credential-source-file=.ci_job_jwt_file
          - gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
          # Now you can run gcloud commands authenticated as the impersonated service account.
GitHub Actions

GitHub Actions configuration:

jobs:
  cloud-tools-container:
    runs-on: 'ubuntu-latest'
    # Use container to run the steps in a job
    container:
      image: 'docker://cyclenerd/cloud-tools-container:latest'
    steps:
      - name: "Terraform"
        run: terraform --version
CircleCI

CircleCI configuration:

jobs:
  cloud-tools-container:
    docker:
      - image: cyclenerd/cloud-tools-container:latest
    steps:
      - run:
          name: Google Cloud CLI
          command: gcloud --version

Docker Pull Command

docker pull cyclenerd/cloud-tools-container