new container images for minimal alpine runtime

for this commit, image sizes:
debian = 812.08 MB
alpine = 647.28 MB
alpine-slim-terraform = 209.72 MB
alpine-slim-tofu = 204.51 MB

Signed-off-by: Drew Paettie <[email protected]>

Author: cazlo

.github/workflows/atlantis-image.yml

@@ -57,7 +57,7 @@ jobs:
       attestations: write
     strategy:
       matrix:
-        image_type: [alpine, debian]
+        image_type: [alpine, alpine-slim-terraform, alpine-slim-tofu, debian]
     runs-on: ubuntu-24.04
     env:
       # Set docker repo to either the fork or the main repo where the branch exists
@@ -202,7 +202,19 @@ jobs:
     runs-on: ubuntu-24.04
     strategy:
       matrix:
-        image_type: [alpine, debian]
+        image_type:
+         - target: alpine
+           EXPECT_TERRAFORM: true
+           EXPECT_TOFU: true
+         - target: alpine-slim-terraform
+           EXPECT_TERRAFORM: true
+           EXPECT_TOFU: false
+         - target: alpine-slim-tofu
+           EXPECT_TERRAFORM: false
+           EXPECT_TOFU: true
+         - target: debian
+           EXPECT_TERRAFORM: true
+           EXPECT_TOFU: true
         platform: [linux/arm64/v8, linux/amd64, linux/arm/v7]
     env:
       # Set docker repo to either the fork or the main repo where the branch exists
@@ -230,11 +242,11 @@ jobs:
           cache-to: type=gha,mode=max
           context: .
           build-args: |
-            ATLANTIS_BASE_TAG_TYPE=${{ matrix.image_type }}
+            ATLANTIS_BASE_TAG_TYPE=${{ matrix.image_type.target }}
           push: false
           load: true
           tags: "${{ env.DOCKER_REPO }}:goss-test"
-          target: ${{ matrix.image_type }}
+          target: ${{ matrix.image_type.target }}
 
       - name: "Setup Goss"
         uses: e1himself/goss-installation-action@fbb6fb55d3e59c96045b2500eeb8ce0995d99ac1 # v1.2.1
@@ -243,15 +255,18 @@ jobs:
 
       - name: Execute Goss tests
         run: |
-          dgoss run --rm ${{ env.DOCKER_REPO }}:goss-test bash -c 'while true; do sleep 1; done;'
+          dgoss run \
+           -e EXPECT_TERRAFORM=${{matrix.image_type.EXPECT_TERRAFORM}} \
+           -e EXPECT_TOFU=${{matrix.image_type.EXPECT_TOFU}} \
+           --rm ${{ env.DOCKER_REPO }}:goss-test bash -c 'while true; do sleep 1; done;'
 
   skip-build:
     needs: [changes]
     if: needs.changes.outputs.should-run-build == 'false'
     name: Build Image
     strategy:
       matrix:
-        image_type: [alpine, debian]
+        image_type: [alpine, alpine-slim-terraform, alpine-slim-tofu, debian]
     runs-on: ubuntu-24.04
     steps:
       - name: Harden Runner

Dockerfile

@@ -135,7 +135,7 @@ RUN ./download-release.sh \
 
 # Stage 2 - Alpine
 # Creating the individual distro builds using targets
-FROM alpine:${ALPINE_TAG} AS alpine
+FROM alpine:${ALPINE_TAG} AS alpine-base
 
 EXPOSE ${ATLANTIS_PORT:-4141}
 
@@ -150,9 +150,6 @@ RUN addgroup atlantis && \
 
 # copy atlantis binary
 COPY --from=builder /app/atlantis /usr/local/bin/atlantis
-# copy terraform binaries
-COPY --from=deps /usr/local/bin/terraform/terraform* /usr/local/bin/
-COPY --from=deps /usr/local/bin/tofu/tofu* /usr/local/bin/
 # copy dependencies
 COPY --from=deps /usr/local/bin/conftest /usr/local/bin/conftest
 COPY --from=deps /usr/bin/git-lfs /usr/bin/git-lfs
@@ -179,6 +176,17 @@ USER atlantis
 ENTRYPOINT ["docker-entrypoint.sh"]
 CMD ["server"]
 
+FROM alpine-base as alpine
+# copy terraform binaries
+COPY --from=deps /usr/local/bin/terraform/terraform* /usr/local/bin/
+COPY --from=deps /usr/local/bin/tofu/tofu* /usr/local/bin/
+
+FROM alpine-base as alpine-slim-terraform
+COPY --from=deps /usr/local/bin/terraform/terraform /usr/local/bin/terraform
+
+FROM alpine-base as alpine-slim-tofu
+COPY --from=deps /usr/local/bin/tofu/tofu /usr/local/bin/tofu
+
 # Stage 2 - Debian
 FROM debian-base AS debian
 

Makefile

@@ -82,6 +82,20 @@ docker/dev: ## Build dev Dockerfile as atlantis-dev
 	GOOS=linux GOARCH=amd64 go build -o atlantis .
 	docker build -f Dockerfile.dev -t atlantis-dev .
 
+ALPINE_MINIMAL_VARIANT := terraform
+.PHONY: docker/alpine-slim
+docker/alpine-slim: ## Build slim terraform or tofu images
+	docker build --target alpine-slim-$(ALPINE_MINIMAL_VARIANT) -f Dockerfile -t localhost/$(IMAGE_NAME):latest-alpine-slim-$(ALPINE_MINIMAL_VARIANT) .
+
+.PHONY: docker/alpine
+docker/alpine: ## Build Dockerfile for alpine runtime target
+	docker build --target alpine -f Dockerfile -t localhost/$(IMAGE_NAME):latest-alpine .
+
+.PHONY: docker/debian
+docker/debian: ## Build Dockerfile for debian runtime target
+	docker build --target debian -f Dockerfile -t localhost/$(IMAGE_NAME):latest-debian .
+
+
 .PHONY: release
 release: ## Create packages for a release
 	docker run -v $$(pwd):/go/src/github.com/runatlantis/atlantis cimg/go:1.20 sh -c 'cd /go/src/github.com/runatlantis/atlantis && scripts/binary-release.sh'

goss.yaml

@@ -22,16 +22,20 @@ command:
     stdout: []
     stderr: []
 
+{{if eq .Env.EXPECT_TERRAFORM "true"}}
   # ensure terraform is available
   terraform-available:
     exec: "terraform version"
     exit-status: 0
     stdout: []
     stderr: []
+{{end}}
 
+{{if eq .Env.EXPECT_TOFU "true"}}
   # ensure tofu binary is available
   tofu-available:
     exec: "tofu version"
     exit-status: 0
     stdout: []
     stderr: []
+{{end}}