From c00fcc4b480d80ae09f9bf5ae99b19cef57f2a52 Mon Sep 17 00:00:00 2001 From: Oscar Brouwer Date: Wed, 20 May 2026 14:40:18 +0000 Subject: [PATCH 1/3] Create new feature for TFLint --- src/tflint/README.md | 24 ++++ src/tflint/devcontainer-feature.json | 20 ++++ src/tflint/install.sh | 21 ++++ src/tflint/library_scripts.sh | 173 +++++++++++++++++++++++++++ test/tflint/scenarios.json | 16 +++ test/tflint/test.sh | 9 ++ test/tflint/test_default.sh | 9 ++ test/tflint/test_specific_version.sh | 9 ++ 8 files changed, 281 insertions(+) create mode 100644 src/tflint/README.md create mode 100644 src/tflint/devcontainer-feature.json create mode 100755 src/tflint/install.sh create mode 100644 src/tflint/library_scripts.sh create mode 100644 test/tflint/scenarios.json create mode 100755 test/tflint/test.sh create mode 100755 test/tflint/test_default.sh create mode 100755 test/tflint/test_specific_version.sh diff --git a/src/tflint/README.md b/src/tflint/README.md new file mode 100644 index 000000000..507b023bc --- /dev/null +++ b/src/tflint/README.md @@ -0,0 +1,24 @@ + +# TFLint (via Github Releases) (tflint) + +TFLint is a framework and each feature is provided by plugins, the key features are as follows: + +- Find possible errors (like invalid instance types) for Major Cloud providers (AWS/Azure/GCP). +- Warn about deprecated syntax, unused declarations. +- Enforce best practices, naming conventions. + +## Example Usage + +```json +"features": { + "ghcr.io/devcontainers-extra/features/tflint:1": {} +} +``` + +## Options + +| Options Id | Description | Type | Default Value | +|------------|--------------------------------|--------|---------------| +| version | Select the version to install. | string | latest | + +--- diff --git a/src/tflint/devcontainer-feature.json b/src/tflint/devcontainer-feature.json new file mode 100644 index 000000000..88865b937 --- /dev/null +++ b/src/tflint/devcontainer-feature.json @@ -0,0 +1,20 @@ +{ + "id": "tflint", + "version": "1.0.0", + "name": "tflint (via Github Releases)", + "documentationURL": "http://github.com/devcontainers-extra/features/tree/main/src/tflint", + "description": "A Pluggable Terraform Linter", + "options": { + "version": { + "default": "latest", + "description": "Select the version to install.", + "proposals": [ + "latest" + ], + "type": "string" + } + }, + "installsAfter": [ + "ghcr.io/devcontainers-extra/features/gh-release" + ] +} \ No newline at end of file diff --git a/src/tflint/install.sh b/src/tflint/install.sh new file mode 100755 index 000000000..bae05e0ed --- /dev/null +++ b/src/tflint/install.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +set -e + +source ./library_scripts.sh + +# nanolayer is a cli utility which keeps container layers as small as possible +# source code: https://github.com/devcontainers-extra/nanolayer +# `ensure_nanolayer` is a bash function that will find any existing nanolayer installations, +# and if missing - will download a temporary copy that automatically get deleted at the end +# of the script +ensure_nanolayer nanolayer_location "v0.5.6" + +# Example nanolayer installation via devcontainer-feature +$nanolayer_location \ + install \ + devcontainer-feature \ + "ghcr.io/devcontainers-extra/features/gh-release:1" \ + --option repo='terraform-linters/tflint' --option binaryNames='tflint' --option version="$VERSION" + +echo 'Done!' diff --git a/src/tflint/library_scripts.sh b/src/tflint/library_scripts.sh new file mode 100644 index 000000000..f6d0760d7 --- /dev/null +++ b/src/tflint/library_scripts.sh @@ -0,0 +1,173 @@ +#!/usr/bin/env bash + +clean_download() { + # The purpose of this function is to download a file with minimal impact on container layer size + # this means if no valid downloader is found (curl or wget) then we install a downloader (currently wget) in a + # temporary manner, and making sure to + # 1. uninstall the downloader at the return of the function + # 2. revert back any changes to the package installer database/cache (for example apt-get lists) + # The above steps will minimize the leftovers being created while installing the downloader + # Supported distros: + # debian/ubuntu/alpine + + url=$1 + output_location=$2 + tempdir=$(mktemp -d) + downloader_installed="" + + function _apt_get_install() { + tempdir=$1 + + # copy current state of apt list - in order to revert back later (minimize contianer layer size) + cp -p -R /var/lib/apt/lists $tempdir + apt-get update -y + apt-get -y install --no-install-recommends wget ca-certificates + } + + function _apt_get_cleanup() { + tempdir=$1 + + echo "removing wget" + apt-get -y purge wget --auto-remove + + echo "revert back apt lists" + rm -rf /var/lib/apt/lists/* + rm -r /var/lib/apt/lists && mv $tempdir/lists /var/lib/apt/lists + } + + function _apk_install() { + tempdir=$1 + # copy current state of apk cache - in order to revert back later (minimize contianer layer size) + cp -p -R /var/cache/apk $tempdir + + apk add --no-cache wget + } + + function _apk_cleanup() { + tempdir=$1 + + echo "removing wget" + apk del wget + } + # try to use either wget or curl if one of them already installer + if type curl >/dev/null 2>&1; then + downloader=curl + elif type wget >/dev/null 2>&1; then + downloader=wget + else + downloader="" + fi + + # in case none of them is installed, install wget temporarly + if [ -z $downloader ]; then + if [ -x "/usr/bin/apt-get" ]; then + _apt_get_install $tempdir + elif [ -x "/sbin/apk" ]; then + _apk_install $tempdir + else + echo "distro not supported" + exit 1 + fi + downloader="wget" + downloader_installed="true" + fi + + if [ $downloader = "wget" ]; then + wget -q $url -O $output_location + else + curl -sfL $url -o $output_location + fi + + # NOTE: the cleanup procedure was not implemented using `trap X RETURN` only because + # alpine lack bash, and RETURN is not a valid signal under sh shell + if ! [ -z $downloader_installed ]; then + if [ -x "/usr/bin/apt-get" ]; then + _apt_get_cleanup $tempdir + elif [ -x "/sbin/apk" ]; then + _apk_cleanup $tempdir + else + echo "distro not supported" + exit 1 + fi + fi + +} + +ensure_nanolayer() { + # Ensure existance of the nanolayer cli program + local variable_name=$1 + + local required_version=$2 + # normalize version + if ! [[ $required_version == v* ]]; then + required_version=v$required_version + fi + + local nanolayer_location="" + + # If possible - try to use an already installed nanolayer + if [[ -z "${NANOLAYER_FORCE_CLI_INSTALLATION}" ]]; then + if [[ -z "${NANOLAYER_CLI_LOCATION}" ]]; then + if type nanolayer >/dev/null 2>&1; then + echo "Found a pre-existing nanolayer in PATH" + nanolayer_location=nanolayer + fi + elif [ -f "${NANOLAYER_CLI_LOCATION}" ] && [ -x "${NANOLAYER_CLI_LOCATION}" ]; then + nanolayer_location=${NANOLAYER_CLI_LOCATION} + echo "Found a pre-existing nanolayer which were given in env variable: $nanolayer_location" + fi + + # make sure its of the required version + if ! [[ -z "${nanolayer_location}" ]]; then + local current_version + current_version=$($nanolayer_location --version) + if ! [[ $current_version == v* ]]; then + current_version=v$current_version + fi + + if ! [ $current_version == $required_version ]; then + echo "skipping usage of pre-existing nanolayer. (required version $required_version does not match existing version $current_version)" + nanolayer_location="" + fi + fi + + fi + + # If not previuse installation found, download it temporarly and delete at the end of the script + if [[ -z "${nanolayer_location}" ]]; then + + if [ "$(uname -sm)" == "Linux x86_64" ] || [ "$(uname -sm)" == "Linux aarch64" ]; then + tmp_dir=$(mktemp -d -t nanolayer-XXXXXXXXXX) + + clean_up() { + ARG=$? + rm -rf $tmp_dir + exit $ARG + } + trap clean_up EXIT + + if [ -x "/sbin/apk" ]; then + clib_type=musl + else + clib_type=gnu + fi + + tar_filename=nanolayer-"$(uname -m)"-unknown-linux-$clib_type.tgz + + # clean download will minimize leftover in case a downloaderlike wget or curl need to be installed + clean_download https://github.com/devcontainers-extra/nanolayer/releases/download/$required_version/$tar_filename $tmp_dir/$tar_filename + + tar xfzv $tmp_dir/$tar_filename -C "$tmp_dir" + chmod a+x $tmp_dir/nanolayer + nanolayer_location=$tmp_dir/nanolayer + + else + echo "No binaries compiled for non-x86-linux architectures yet: $(uname -m)" + exit 1 + fi + fi + + # Expose outside the resolved location + declare -g ${variable_name}=$nanolayer_location + +} diff --git a/test/tflint/scenarios.json b/test/tflint/scenarios.json new file mode 100644 index 000000000..75c49af43 --- /dev/null +++ b/test/tflint/scenarios.json @@ -0,0 +1,16 @@ +{ + "test_default": { + "image": "mcr.microsoft.com/devcontainers/base:debian", + "features": { + "tflint": {} + } + }, + "test_specific_version": { + "image": "mcr.microsoft.com/devcontainers/base:debian", + "features": { + "tflint": { + "version": "0.62.1" + } + } + } +} \ No newline at end of file diff --git a/test/tflint/test.sh b/test/tflint/test.sh new file mode 100755 index 000000000..70c491bac --- /dev/null +++ b/test/tflint/test.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -e + +source dev-container-features-test-lib + +check "something is installed" tflint --version + +reportResults diff --git a/test/tflint/test_default.sh b/test/tflint/test_default.sh new file mode 100755 index 000000000..96f1aaddd --- /dev/null +++ b/test/tflint/test_default.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -e + +source dev-container-features-test-lib + +check "tflint is installed" tflint --version + +reportResults diff --git a/test/tflint/test_specific_version.sh b/test/tflint/test_specific_version.sh new file mode 100755 index 000000000..dd7e01ce9 --- /dev/null +++ b/test/tflint/test_specific_version.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -e + +source dev-container-features-test-lib + +check "tflint version is equal to 0.62.1" sh -c "tflint --version | grep '0.62.1'" + +reportResults From 44042adaf239dc74edf9c446c08e2cd91b08e9f6 Mon Sep 17 00:00:00 2001 From: Oscar Brouwer Date: Thu, 21 May 2026 07:49:50 +0200 Subject: [PATCH 2/3] Use another version than the latest Co-authored-by: Arek Kalandyk <36413794+koralowiec@users.noreply.github.com> Signed-off-by: Oscar Brouwer --- test/tflint/scenarios.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/tflint/scenarios.json b/test/tflint/scenarios.json index 75c49af43..7cb7266ef 100644 --- a/test/tflint/scenarios.json +++ b/test/tflint/scenarios.json @@ -9,7 +9,7 @@ "image": "mcr.microsoft.com/devcontainers/base:debian", "features": { "tflint": { - "version": "0.62.1" + "version": "0.62.0" } } } From 1f4fe5162f245cc23124810c94fb982b16438694 Mon Sep 17 00:00:00 2001 From: Oscar Brouwer Date: Thu, 21 May 2026 07:50:00 +0200 Subject: [PATCH 3/3] Use another version than the latest Co-authored-by: Arek Kalandyk <36413794+koralowiec@users.noreply.github.com> Signed-off-by: Oscar Brouwer --- test/tflint/test_specific_version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/tflint/test_specific_version.sh b/test/tflint/test_specific_version.sh index dd7e01ce9..742971673 100755 --- a/test/tflint/test_specific_version.sh +++ b/test/tflint/test_specific_version.sh @@ -4,6 +4,6 @@ set -e source dev-container-features-test-lib -check "tflint version is equal to 0.62.1" sh -c "tflint --version | grep '0.62.1'" +check "tflint version is equal to 0.62.0" sh -c "tflint --version | grep '0.62.0'" reportResults