https://github.com/chainguard-dev/terraform-publisher-apko

An experimental module for publishing images with tf-apko
https://github.com/chainguard-dev/terraform-publisher-apko

Last synced: 3 months ago
JSON representation

An experimental module for publishing images with tf-apko

• Host: GitHub
• URL: https://github.com/chainguard-dev/terraform-publisher-apko
• Owner: chainguard-dev
• License: apache-2.0
• Created: 2023-04-30T17:52:32.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2025-01-21T19:03:39.000Z (4 months ago)
• Last Synced: 2025-01-21T20:19:58.672Z (4 months ago)
• Language: HCL
• Size: 134 KB
• Stars: 5
• Watchers: 2
• Forks: 8
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Build apko images with terraform.

This repository contains a terraform module to facilitate building an image with

apko and signing the supply chain metadata with ambient credentials (e.g. github

actions workload identity).

Currently the following supply chain metadata is surfaced:

1. The images are signed by the workload,

2. The SPDX SBOM are attestated by the workload.

## Requirements

No requirements.

## Providers

| Name | Version |

|------|---------|

|  [apko](#provider\_apko) | n/a |

|  [cosign](#provider\_cosign) | n/a |

|  [null](#provider\_null) | n/a |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [apko_build.this](https://registry.terraform.io/providers/chainguard-dev/apko/latest/docs/resources/build) | resource |

| [cosign_attest.this](https://registry.terraform.io/providers/chainguard-dev/cosign/latest/docs/resources/attest) | resource |

| [cosign_sign.signature](https://registry.terraform.io/providers/chainguard-dev/cosign/latest/docs/resources/sign) | resource |

| [null_resource.check-sbom-spdx](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [apko_config.this](https://registry.terraform.io/providers/chainguard-dev/apko/latest/docs/data-sources/config) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [check\_sbom](#input\_check\_sbom) | Whether to run the NTIA conformance checker on the SBOMs we are attesting. | `bool` | `true` | no |

|  [config](#input\_config) | The apko configuration file contents to build and publish. | `string` | n/a | yes |

|  [default\_annotations](#input\_default\_annotations) | Default annotations to apply to this image. | `map(string)` | `{}` | no |

|  [extra\_packages](#input\_extra\_packages) | Additional packages to install into this image. | `list(string)` | `[]` | no |

|  [skip\_attest](#input\_skip\_attest) | If true, skip the attestations step. This is NOT RECOMMENDED, and should only be used when attestations may be too big for Rekor. | `bool` | `false` | no |

|  [spdx\_image](#input\_spdx\_image) | The SPDX checker image to use to validate SBOMs. | `string` | `"ghcr.io/wolfi-dev/spdx-tools:latest"` | no |

|  [target\_repository](#input\_target\_repository) | The docker repo into which the image and attestations should be published. | `string` | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [arch\_to\_image](#output\_arch\_to\_image) | n/a |

|  [archs](#output\_archs) | n/a |

|  [config](#output\_config) | n/a |

|  [image\_ref](#output\_image\_ref) | n/a |