mirror of
https://github.com/coder/coder.git
synced 2026-06-03 04:58:23 +00:00
blinkagent[bot]
75f51532f3
Cherry-pick of #25746 to `release/2.34`.
Bumps bundled Terraform from `1.15.2` to `1.15.5`. Terraform 1.15.5 is
built with Go 1.25.10 (vs Go 1.25.8 in 1.15.2), addressing Go stdlib
CVEs flagged by security scanners.
Files changed:
- `.github/actions/setup-tf/action.yaml`
- `scripts/Dockerfile.base`
- `install.sh`
- `flake.nix` (+ updated SRI hash for the linux_amd64 zip)
- `mise.toml`
- `mise.lock` (+ updated per-platform SHA256 checksums)
- `provisioner/terraform/testdata/version.txt`
-
`provisioner/terraform/testdata/resources/ai-tasks-disabled/ai-tasks-disabled.tfplan.json`
Release notes:
https://github.com/hashicorp/terraform/releases/tag/v1.15.5
(cherry picked from commit bcc6cca040 —
will be updated to the merged SHA from #25746)
Created on behalf of @Shelnutt2
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
39 lines
1.5 KiB
Docker
39 lines
1.5 KiB
Docker
# This is the base image used for Coder images. It's a multi-arch image that is
|
|
# built in depot.dev for all supported architectures. Since it's built on real
|
|
# hardware and not cross-compiled, it can have "RUN" commands.
|
|
FROM alpine:3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
|
|
|
|
# We use a single RUN command to reduce the number of layers in the image.
|
|
# NOTE: Keep the Terraform version in sync with minTerraformVersion and
|
|
# maxTerraformVersion in provisioner/terraform/install.go.
|
|
RUN apk add --no-cache \
|
|
curl \
|
|
wget \
|
|
bash \
|
|
git \
|
|
openssl \
|
|
openssh-client \
|
|
tzdata && \
|
|
addgroup \
|
|
-g 1000 \
|
|
coder && \
|
|
adduser \
|
|
-D \
|
|
-s /bin/bash \
|
|
-h /home/coder \
|
|
-u 1000 \
|
|
-G coder \
|
|
coder
|
|
# Terraform was disabled in the edge repo due to a build issue.
|
|
# https://gitlab.alpinelinux.org/alpine/aports/-/commit/f3e263d94cfac02d594bef83790c280e045eba35
|
|
# Using wget for now. Note that busybox unzip doesn't support streaming.
|
|
RUN ARCH="$(arch)"; if [ "${ARCH}" == "x86_64" ]; then ARCH="amd64"; elif [ "${ARCH}" == "aarch64" ]; then ARCH="arm64"; elif [ "${ARCH}" == "armv7l" ]; then ARCH="arm"; fi; wget -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.15.5/terraform_1.15.5_linux_${ARCH}.zip" && \
|
|
busybox unzip /tmp/terraform.zip -d /usr/local/bin && \
|
|
rm -f /tmp/terraform.zip && \
|
|
chmod +x /usr/local/bin/terraform && \
|
|
terraform --version
|
|
USER 1000:1000
|
|
ENV HOME=/home/coder
|
|
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt
|
|
WORKDIR /home/coder
|