Bitrise building environment for internal services. Contains pre-installed tools to facilitate microservice & infrastructure workflows. Bitrise infrastructure is fully handled with official steplib cached.
- gcloud CLI
- python
- kubectl
- go
- tfswitch + terraform
- bitrise CLI
- nodejs
- tfsec (github.com/tfsec/tfsec/cmd/tfsec)
- github.com/kisielk/errcheck
- golang.org/x/lint/golint
Beside preinstalled tools this package also contains an environment initializer step which takes care of multiple things. Every step is optional, depending on whether you specify or not the corresponging inputs:
- GCLOUD_KEY: Setup and authenticate gcloud CLI from a service user key (optional)
- GKE_CLUSTER: Setup a specific cluster to kubectl (optional)
- GKE_CLUSTER_REGION: Region of specific cluster (only regional supported - optional)
- TERRAFORM_DIR: Initializes terraform in a specific directory (optional)
- TERRAFORM_SECRETS: Creates "secrets.auto.tfvars" file from secret env vars (optional)
- TERRAFORM_WORKSPACE: Initializes specific terraform workspace (optional)
Terraform initialization checks if a backend configuration file with the name $TERRAFORM_WORKSPACE-backend.tfvars
is present. If such config file is found, it is passed to the init command. This can be used to set the remote terraform backend's bucket.
Please note that using terraform initialization for an empty non-default (e.g. staging) workspace is not supported. Manually init the workspace first, then you can use it with this tool.
It will choose the current terraform version based on the requirement specified in your terraform code. Highly recommended to specify the version!. Example:
terraform {
required_version = "= 0.14.7"
}
Preinstalled version: 0.14.7
- git::https://github.com/bitrise-io/build-env@master:
title: Set up environment
run_if: $.IsCI
inputs:
- SERVICE_NAME: $SERVICE_NAME
- GCLOUD_KEY: $GCLOUD_KEY
- GKE_CLUSTER: $GKE_CLUSTER
- GKE_CLUSTER_REGION: $REGION
- TERRAFORM_DIR: $BITRISE_SOURCE_DIR/infra
- TERRAFORM_SECRETS: "$TF_SECRETS"
- Versioning of this image on Bitrise VMs cache
- Enforce using
us.gcr.io
container registry - Migrate dockerhub for quay.io
- Build CI
- Security check on preinstalled tools
- Automated terraform security check using tfsec (github.com/tfsec/tfsec/cmd/tfsec)