Adds a Dockerfile that creates a terragrunt image

[lorengordon]

Related to #1655

[lorengordon]

fwiw, demonstrating it builds...

$ docker build -t gruntworkio/terragrunt -f Dockerfile .
[+] Building 153.1s (13/13) FINISHED
 => [internal] load build definition from Dockerfile
=> => transferring dockerfile: 353B
=> [internal] load .dockerignore
=> => transferring context: 2B
=> [internal] load metadata for docker.io/library/alpine:latest
=> [internal] load metadata for docker.io/library/golang:1.16.3-alpine
=> CACHED [stage-1 1/2] FROM docker.io/library/alpine:latest@sha256:69e70a79f2d41ab5d637de98c1e0b055206ba40a8145e7bddb55ccc04e13cf8f
=> CACHED [builder 1/5] FROM docker.io/library/golang:1.16.3-alpine@sha256:49c07aa83790aca732250c2258b5912659df31b6bfa2ab428661bc66833769e1
=> [internal] load build context
=> => transferring context: 109.75kB
=> [builder 2/5] RUN apk add --update --no-cache make git
=> [builder 3/5] WORKDIR /go/src/terragrunt
=> [builder 4/5] COPY . .
=> [builder 5/5] RUN make build
=> [stage-1 2/2] COPY --from=builder /go/src/terragrunt/terragrunt /usr/local/bin/
=> exporting to image
=> => exporting layers
=> => writing image sha256:a68cc54158c9f9ac6409a860bf5de127f04951b52569ed1a890c4f92b663e2cb
=> => naming to docker.io/gruntworkio/terragrunt

and runs:

$ docker run --rm gruntworkio/terragrunt
DESCRIPTION:
   terragrunt - Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple
   Terraform modules, remote state, and locking. For documentation, see https://github.com/gruntwork-io/terragrunt/.

USAGE:
   terragrunt <COMMAND>
...
VERSION:
   v0.29.2-2-g67173f167cae-dirty

AUTHOR(S):
   Gruntwork <www.gruntwork.io>

[brikis98]

Thanks for the PR!

I could configure a Docker Hub build as you mentioned here, but there are a few gotchas:

1. How do we set the version number in the binary? See my comment in the PR itself.
2. How do we test the Dockerfile before merging/releasing? I'd rather not merge something and later find out the Docker Hub build failed.
3. Docker Hub has introduced a bunch of limits recently, and seems to be heading in the direction of adding still more. Terragrunt might be popular enough to trip this limits... Not sure how many people use it via Docker though.

[brikis98]

This will end up with an empty version number in the binary. It needs to be set via:

-ldflags "-X main.VERSION=<VERSION>"

But it's not clear what version number we'd be able to use?

[lorengordon]

The version is not empty! That's one reason I used the make build target. The version is determined by the command git describe --tags --abbrev=12 --dirty --broken. When the checkout matches a git tag, the value is just the git tag. When the checkout is not a tag, you get the last tag plus a git ref marker.

If you go with the dockerhub build service, dockerhub clones the repo and has all the tags, so this evaluates correctly. I'd expect any other container build service would also.

$ git describe --tags --abbrev=12 --dirty --broken
v0.29.2-2-gc90d385e21b8
$ git tag v0.29.3-testing
$ git describe --tags --abbrev=12 --dirty --broken
v0.29.3-testing

[lorengordon]

For example:

$ docker run --rm gruntworkio/terragrunt --version
terragrunt version v0.29.2-3-gdbe93918437f-dirty

[brikis98]

NIT: couldn't this be scratch? I think a standalone Go binary doesn't need anything else...

[lorengordon]

Perhaps? Using alpine:latest and the multistage build, it's only a 40MB image. Might be over-optimizing... I'll give it a shot though.

[lorengordon]

The scratch base image worked, just needed to use CGO_ENABLED=0. Image size is 34MB.

$ docker run --rm gruntworkio/terragrunt --version
terragrunt version v0.29.2-4-g4deae14c6db3-dirty

[lorengordon]

How do we set the version number in the binary? See my comment in the PR itself.

I addressed that inline. The version is being set!

How do we test the Dockerfile before merging/releasing? I'd rather not merge something and later find out the Docker Hub build failed.

What I usually do is build the image in CI and then run the container, exercising some suite of tests. How thorough I want to be with the image generally depends on how confident I am in the unit tests or integration tests I run more directly. Sometimes I just will run the container passing a basic flag, like --version, to ensure the binary did build and can be executed.

Docker Hub has introduced a bunch of limits recently, and seems to be heading in the direction of adding still more. Terragrunt might be popular enough to trip this limits... Not sure how many people use it via Docker though.

I haven't seen any DockerHub limits on building or pushing images for public projects. There are rate limits on users pulling images, and it is the user's responsibility to login to dockerhub to avoid the rate limit.

There is also a plan to expire images that have not been used in 6 months, for accounts on the free tier. That seems pretty reasonable, though. If the image is being used, it remains available. If it's not used for 6 months, it seems likely it is not needed (and a user in desperate need could build it themselves at that point).

[lorengordon]

@brikis98 I added a step to the circle-ci config to build the container as an example of how to validate the docker build in CI, but I have no ability to run it, of course. I also have never used circle-ci, so I may have guessed wrong about how to do this! 😬

What I usually do is build the image in CI and then run the container, exercising some suite of tests. How thorough I want to be with the image generally depends on how confident I am in the unit tests or integration tests I run more directly. Sometimes I just will run the container passing a basic flag, like --version, to ensure the binary did build and can be executed.

[angeloskaltsikis]

Hey folks,
We are thinking of using Terragrunt as a Kubernetes Cronjob (to get alerts for Drift like mentioned in this discussion).
As a result, we are going to prefer if we could utilize any official Terragrunt Docker image.
@brikis98 Do you have any other concerns or this could proceed? 🙏🏽

[Matthew-Beckett]

Following on from @angeloskaltsikis's question, what is blocking progression on this PR? I am happy to pick up getting this merged into branch so that alpine/terragrunt at Dockerhub with over 10 million downloads can be deprecated.