mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
blinkagent[bot]
1bfc1ce2c4
Bumps bundled Terraform from `1.15.2` to `1.15.5` across all pinned locations: - `.github/actions/setup-tf/action.yaml` - `scripts/Dockerfile.base` - `install.sh` - `flake.nix` (+ updated SRI hash for the linux_amd64 zip) - `mise.toml` - `mise.lock` (+ updated per-platform SHA256 checksums) - `provisioner/terraform/testdata/version.txt` - `provisioner/terraform/testdata/resources/ai-tasks-disabled/ai-tasks-disabled.tfplan.json` ## Why Terraform 1.15.5 is built with Go 1.25.10, while the 1.15.2 we currently ship was built with Go 1.25.8. The newer Go runtime addresses recent stdlib CVEs flagged by security scanners. Releases included: 1.15.3 (provider install crash fix, nested-module stack migration fix), 1.15.4 (Linux s390x builds, symlinked provider dir fix), 1.15.5. Release notes: https://github.com/hashicorp/terraform/releases/tag/v1.15.5 ## Cherry-pick #25747 mirrors this PR against `release/2.34`. Created on behalf of @Shelnutt2 Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
39 lines
1.5 KiB
Docker
39 lines
1.5 KiB
Docker
# This is the base image used for Coder images. It's a multi-arch image that is
|
|
# built in depot.dev for all supported architectures. Since it's built on real
|
|
# hardware and not cross-compiled, it can have "RUN" commands.
|
|
FROM alpine:3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
|
|
|
|
# We use a single RUN command to reduce the number of layers in the image.
|
|
# NOTE: Keep the Terraform version in sync with minTerraformVersion and
|
|
# maxTerraformVersion in provisioner/terraform/install.go.
|
|
RUN apk add --no-cache \
|
|
curl \
|
|
wget \
|
|
bash \
|
|
git \
|
|
openssl \
|
|
openssh-client \
|
|
tzdata && \
|
|
addgroup \
|
|
-g 1000 \
|
|
coder && \
|
|
adduser \
|
|
-D \
|
|
-s /bin/bash \
|
|
-h /home/coder \
|
|
-u 1000 \
|
|
-G coder \
|
|
coder
|
|
# Terraform was disabled in the edge repo due to a build issue.
|
|
# https://gitlab.alpinelinux.org/alpine/aports/-/commit/f3e263d94cfac02d594bef83790c280e045eba35
|
|
# Using wget for now. Note that busybox unzip doesn't support streaming.
|
|
RUN ARCH="$(arch)"; if [ "${ARCH}" == "x86_64" ]; then ARCH="amd64"; elif [ "${ARCH}" == "aarch64" ]; then ARCH="arm64"; elif [ "${ARCH}" == "armv7l" ]; then ARCH="arm"; fi; wget -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.15.5/terraform_1.15.5_linux_${ARCH}.zip" && \
|
|
busybox unzip /tmp/terraform.zip -d /usr/local/bin && \
|
|
rm -f /tmp/terraform.zip && \
|
|
chmod +x /usr/local/bin/terraform && \
|
|
terraform --version
|
|
USER 1000:1000
|
|
ENV HOME=/home/coder
|
|
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt
|
|
WORKDIR /home/coder
|