fix: replace deprecated Docker Hub registry FQDN (d2ac787b) · Commits · to be continuous... / Terraform

README.md

+8 −8

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ include:
		# 2: set/override component inputs
		inputs:
		# ⚠ this is only an example
		image: registry.hub.docker.com/hashicorp/terraform:5.3.0
		image: docker.io/hashicorp/terraform:5.3.0
		review-enabled: true
		staging-enabled: true
		prod-enabled: true
		@@ -38,7 +38,7 @@ include:
		variables:
		# 2: set/override template variables
		# ⚠ this is only an example
		TF_IMAGE: registry.hub.docker.com/hashicorp/terraform:5.3.0
		TF_IMAGE: docker.io/hashicorp/terraform:5.3.0
		TF_REVIEW_ENABLED: "true"
		TF_STAGING_ENABLED: "true"
		TF_PROD_ENABLED: "true"
		@@ -368,7 +368,7 @@ The Terraform template uses some global configuration used throughout all jobs.

		\| Input / Variable \| Description \| Default value \|
		\| ------------------------ \| -------------------------------------- \| ----------------- \|
		\| `image` / `TF_IMAGE` \| the Docker image used to run Terraform CLI commands <br/>:warning: set the version required by your project \| `registry.hub.docker.com/hashicorp/terraform:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_IMAGE) \|
		\| `image` / `TF_IMAGE` \| the Docker image used to run Terraform CLI commands <br/>:warning: set the version required by your project \| `docker.io/hashicorp/terraform:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_IMAGE) \|
		\| `gitlab-backend-disabled` / `TF_GITLAB_BACKEND_DISABLED` \| Set to `true` to disable [GitLab managed Terraform State](https://docs.gitlab.com/user/infrastructure/iac/terraform_state/) \| _none_ (enabled) \|
		\| `project-dir` / `TF_PROJECT_DIR` \| Terraform project root directory \| `.` \|
		\| `scripts-dir` / `TF_SCRIPTS_DIR` \| Terraform (hook) scripts base directory (relative to `$TF_PROJECT_DIR`) \| `.` \|
		@@ -498,7 +498,7 @@ In addition to a textual report in the console, this job produces the following

		\| Input / Variable \| Description \| Default value \|
		\| --------------------- \| ---------------------------------------- \| ----------------- \|
		\| `tfsec-image` / `TF_TFSEC_IMAGE` \| the Docker image used to run tfsec \| `registry.hub.docker.com/aquasec/tfsec-ci` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_TFSEC_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_TFSEC_IMAGE) \|
		\| `tfsec-image` / `TF_TFSEC_IMAGE` \| the Docker image used to run tfsec \| `docker.io/aquasec/tfsec-ci` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_TFSEC_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_TFSEC_IMAGE) \|
		\| `tfsec-enabled` / `TF_TFSEC_ENABLED` \| Set to `true` to enable tfsec \| _none_ (disabled) \|
		\| `tfsec-args` / `TF_TFSEC_ARGS` \| tfsec [options and args](https://aquasecurity.github.io/tfsec/latest/guides/usage/) \| `.` \|

		@@ -515,7 +515,7 @@ In addition to a textual report in the console, this job produces the following

		\| Input / Variable \| Description \| Default value \|
		\| --------------------- \| ---------------------------------------- \| ----------------- \|
		\| `trivy-image` / `TF_TRIVY_IMAGE` \| the Docker image used to run trivy \| `registry.hub.docker.com/aquasec/trivy` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_TRIVY_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_TRIVY_IMAGE) \|
		\| `trivy-image` / `TF_TRIVY_IMAGE` \| the Docker image used to run trivy \| `docker.io/aquasec/trivy` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_TRIVY_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_TRIVY_IMAGE) \|
		\| `trivy-disabled` / `TF_TRIVY_DISABLED` \| Set to `true` to disable trivy \| _none_ (enabled) \|
		\| `trivy-args` / `TF_TRIVY_ARGS` \| trivy config [options and args](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_config/) \| `.` \|

		@@ -532,7 +532,7 @@ In addition to a textual report in the console, this job produces the following

		\| Input / Variable \| Description \| Default value \|
		\| -------------------- \| ---------------------------------------- \| -------------------------------------------- \|
		\| `checkov-image` / `TF_CHECKOV_IMAGE` \| the Docker image used to run checkov \| `registry.hub.docker.com/bridgecrew/checkov` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_CHECKOV_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_CHECKOV_IMAGE) \|
		\| `checkov-image` / `TF_CHECKOV_IMAGE` \| the Docker image used to run checkov \| `docker.io/bridgecrew/checkov` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_CHECKOV_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_CHECKOV_IMAGE) \|
		\| `checkov-enabled` / `TF_CHECKOV_ENABLED` \| Set to `true` to enable checkov \| _none_ (disabled) \|
		\| `checkov-args` / `TF_CHECKOV_ARGS` \| additional checkov [options and args][1] \| `--framework terraform` \|

		@@ -567,7 +567,7 @@ resource "aws_s3_bucket" "foo-bucket" {
		\| Input / Variable \| Description \| Default value \|
		\| ---------------------- \| ----------------------------- \| --------------------- \|
		\| `infracost-enabled` / `TF_INFRACOST_ENABLED` \| Set to `true` to enable infracost \| _none_ (disabled) \|
		\| `infracost-image` / `TF_INFRACOST_IMAGE` \| the infracost container image \| `registry.hub.docker.com/infracost/infracost` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_INFRACOST_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_INFRACOST_IMAGE) \|
		\| `infracost-image` / `TF_INFRACOST_IMAGE` \| the infracost container image \| `docker.io/infracost/infracost` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_INFRACOST_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_INFRACOST_IMAGE) \|
		\| `infracost-args` / `TF_INFRACOST_ARGS` \| infracost [CLI options and args](https://www.infracost.io/docs/#usage) \| `breakdown` \|
		\| `infracost-usage-file` / `TF_INFRACOST_USAGE_FILE` \| infracost [usage file](https://www.infracost.io/docs/usage_based_resources/#infracost-usage-file) \| `infracost-usage.yml` \|
		\| :lock: `INFRACOST_API_KEY`\| the infracost API key \| required \|
		@@ -635,7 +635,7 @@ When enabled, this job triggers on a Git tag with semantic version pattern (`v?[
		\| Input / Variable \| Description \| Default value \|
		\| -------------------- \| -------------------------------------------------------------------- \| -------------------- \|
		\| `publish-enabled` / `TF_PUBLISH_ENABLED` \| Set to `true` to enable Terraform Module Publish \| _none_ (disabled) \|
		\| `publish-image` / `TF_PUBLISH_IMAGE` \| Container image used to publish module. \| `registry.hub.docker.com/curlimages/curl:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_PUBLISH_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_PUBLISH_IMAGE) \|
		\| `publish-image` / `TF_PUBLISH_IMAGE` \| Container image used to publish module. \| `docker.io/curlimages/curl:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_PUBLISH_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_PUBLISH_IMAGE) \|
		\| `module-name` / `TF_MODULE_NAME` \| The module name. May not contain any spaces or underscores. \| `$CI_PROJECT_NAME` \|
		\| `module-system` / `TF_MODULE_SYSTEM` \| The module system or provider (example: `local`, `aws`, `google`). \| `local` \|
		\| `module-version` / `TF_MODULE_VERSION` \| The module version. It must be valid according to the [semantic versioning](https://semver.org/) specification. \| `$CI_COMMIT_TAG` _(leave default unless you have good reasons to override)_ \|

kicker.json

+6 −6

Original line number	Diff line number	Diff line
		@@ -9,7 +9,7 @@
		{
		"name": "TF_IMAGE",
		"description": "the Docker image used to run Terraform CLI commands - set the version required by your project",
		"default": "registry.hub.docker.com/hashicorp/terraform:latest"
		"default": "docker.io/hashicorp/terraform:latest"
		},
		{
		"name": "TF_GITLAB_BACKEND_DISABLED",
		@@ -82,7 +82,7 @@
		{
		"name": "TF_TFSEC_IMAGE",
		"description": "tfsec docker image",
		"default": "registry.hub.docker.com/aquasec/tfsec-ci",
		"default": "docker.io/aquasec/tfsec-ci",
		"advanced": true
		},
		{
		@@ -101,7 +101,7 @@
		{
		"name": "TF_TRIVY_IMAGE",
		"description": "trivy docker image",
		"default": "registry.hub.docker.com/aquasec/trivy",
		"default": "docker.io/aquasec/trivy",
		"advanced": true
		},
		{
		@@ -120,7 +120,7 @@
		{
		"name": "TF_CHECKOV_IMAGE",
		"description": "checkov docker image",
		"default": "registry.hub.docker.com/bridgecrew/checkov",
		"default": "docker.io/bridgecrew/checkov",
		"advanced": true
		},
		{
		@@ -140,7 +140,7 @@
		{
		"name": "TF_INFRACOST_IMAGE",
		"description": "Infracost docker image",
		"default": "registry.hub.docker.com/infracost/infracost",
		"default": "docker.io/infracost/infracost",
		"advanced": true
		},
		{
		@@ -239,7 +239,7 @@
		{
		"name": "TF_PUBLISH_IMAGE",
		"description": "container image used to publish module",
		"default": "registry.hub.docker.com/curlimages/curl:latest",
		"default": "docker.io/curlimages/curl:latest",
		"advanced": true
		},
		{

templates/gitlab-ci-terraform.yml

+6 −6

Original line number	Diff line number	Diff line
		@@ -17,7 +17,7 @@ spec:
		inputs:
		image:
		description: the Docker image used to run Terraform CLI commands - set the version required by your project
		default: registry.hub.docker.com/hashicorp/terraform:latest
		default: docker.io/hashicorp/terraform:latest
		gitlab-backend-disabled:
		description: Set to disable [GitLab managed Terraform State](https://docs.gitlab.com/user/infrastructure/iac/terraform_state/)
		type: boolean
		@@ -61,7 +61,7 @@ spec:
		default: false
		tfsec-image:
		description: tfsec docker image
		default: registry.hub.docker.com/aquasec/tfsec-ci
		default: docker.io/aquasec/tfsec-ci
		tfsec-args:
		description: tfsec [options and args](https://aquasecurity.github.io/tfsec/latest/guides/usage/)
		default: .
		@@ -71,7 +71,7 @@ spec:
		default: false
		trivy-image:
		description: trivy docker image
		default: registry.hub.docker.com/aquasec/trivy
		default: docker.io/aquasec/trivy
		trivy-args:
		description: trivy config [options and args](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_config/)
		default: .
		@@ -81,7 +81,7 @@ spec:
		default: false
		checkov-image:
		description: checkov docker image
		default: registry.hub.docker.com/bridgecrew/checkov
		default: docker.io/bridgecrew/checkov
		checkov-args:
		description: checkov [options and args](https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html)
		default: --framework terraform
		@@ -91,7 +91,7 @@ spec:
		default: false
		infracost-image:
		description: Infracost docker image
		default: registry.hub.docker.com/infracost/infracost
		default: docker.io/infracost/infracost
		infracost-args:
		description: infracost [CLI options and args](https://www.infracost.io/docs/#usage)
		default: breakdown
		@@ -141,7 +141,7 @@ spec:
		default: false
		publish-image:
		description: container image used to publish module
		default: registry.hub.docker.com/curlimages/curl:latest
		default: docker.io/curlimages/curl:latest
		module-name:
		description: The module name. May not contain any spaces or underscores.
		default: $CI_PROJECT_NAME

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ include:
		# 2: set/override component inputs
		inputs:
		# ⚠ this is only an example
		image: registry.hub.docker.com/hashicorp/terraform:5.3.0
		image: docker.io/hashicorp/terraform:5.3.0
		review-enabled: true
		staging-enabled: true
		prod-enabled: true
		@@ -38,7 +38,7 @@ include:
		variables:
		# 2: set/override template variables
		# ⚠ this is only an example
		TF_IMAGE: registry.hub.docker.com/hashicorp/terraform:5.3.0
		TF_IMAGE: docker.io/hashicorp/terraform:5.3.0
		TF_REVIEW_ENABLED: "true"
		TF_STAGING_ENABLED: "true"
		TF_PROD_ENABLED: "true"
		@@ -368,7 +368,7 @@ The Terraform template uses some global configuration used throughout all jobs.

		\| Input / Variable \| Description \| Default value \|
		\| ------------------------ \| -------------------------------------- \| ----------------- \|
		\| `image` / `TF_IMAGE` \| the Docker image used to run Terraform CLI commands <br/>:warning: set the version required by your project \| `registry.hub.docker.com/hashicorp/terraform:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_IMAGE) \|
		\| `image` / `TF_IMAGE` \| the Docker image used to run Terraform CLI commands <br/>:warning: set the version required by your project \| `docker.io/hashicorp/terraform:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_IMAGE) \|
		\| `gitlab-backend-disabled` / `TF_GITLAB_BACKEND_DISABLED` \| Set to `true` to disable [GitLab managed Terraform State](https://docs.gitlab.com/user/infrastructure/iac/terraform_state/) \| _none_ (enabled) \|
		\| `project-dir` / `TF_PROJECT_DIR` \| Terraform project root directory \| `.` \|
		\| `scripts-dir` / `TF_SCRIPTS_DIR` \| Terraform (hook) scripts base directory (relative to `$TF_PROJECT_DIR`) \| `.` \|
		@@ -498,7 +498,7 @@ In addition to a textual report in the console, this job produces the following

		\| Input / Variable \| Description \| Default value \|
		\| --------------------- \| ---------------------------------------- \| ----------------- \|
		\| `tfsec-image` / `TF_TFSEC_IMAGE` \| the Docker image used to run tfsec \| `registry.hub.docker.com/aquasec/tfsec-ci` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_TFSEC_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_TFSEC_IMAGE) \|
		\| `tfsec-image` / `TF_TFSEC_IMAGE` \| the Docker image used to run tfsec \| `docker.io/aquasec/tfsec-ci` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_TFSEC_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_TFSEC_IMAGE) \|
		\| `tfsec-enabled` / `TF_TFSEC_ENABLED` \| Set to `true` to enable tfsec \| _none_ (disabled) \|
		\| `tfsec-args` / `TF_TFSEC_ARGS` \| tfsec [options and args](https://aquasecurity.github.io/tfsec/latest/guides/usage/) \| `.` \|

		@@ -515,7 +515,7 @@ In addition to a textual report in the console, this job produces the following

		\| Input / Variable \| Description \| Default value \|
		\| --------------------- \| ---------------------------------------- \| ----------------- \|
		\| `trivy-image` / `TF_TRIVY_IMAGE` \| the Docker image used to run trivy \| `registry.hub.docker.com/aquasec/trivy` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_TRIVY_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_TRIVY_IMAGE) \|
		\| `trivy-image` / `TF_TRIVY_IMAGE` \| the Docker image used to run trivy \| `docker.io/aquasec/trivy` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_TRIVY_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_TRIVY_IMAGE) \|
		\| `trivy-disabled` / `TF_TRIVY_DISABLED` \| Set to `true` to disable trivy \| _none_ (enabled) \|
		\| `trivy-args` / `TF_TRIVY_ARGS` \| trivy config [options and args](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_config/) \| `.` \|

		@@ -532,7 +532,7 @@ In addition to a textual report in the console, this job produces the following

		\| Input / Variable \| Description \| Default value \|
		\| -------------------- \| ---------------------------------------- \| -------------------------------------------- \|
		\| `checkov-image` / `TF_CHECKOV_IMAGE` \| the Docker image used to run checkov \| `registry.hub.docker.com/bridgecrew/checkov` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_CHECKOV_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_CHECKOV_IMAGE) \|
		\| `checkov-image` / `TF_CHECKOV_IMAGE` \| the Docker image used to run checkov \| `docker.io/bridgecrew/checkov` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_CHECKOV_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_CHECKOV_IMAGE) \|
		\| `checkov-enabled` / `TF_CHECKOV_ENABLED` \| Set to `true` to enable checkov \| _none_ (disabled) \|
		\| `checkov-args` / `TF_CHECKOV_ARGS` \| additional checkov [options and args][1] \| `--framework terraform` \|

		@@ -567,7 +567,7 @@ resource "aws_s3_bucket" "foo-bucket" {
		\| Input / Variable \| Description \| Default value \|
		\| ---------------------- \| ----------------------------- \| --------------------- \|
		\| `infracost-enabled` / `TF_INFRACOST_ENABLED` \| Set to `true` to enable infracost \| _none_ (disabled) \|
		\| `infracost-image` / `TF_INFRACOST_IMAGE` \| the infracost container image \| `registry.hub.docker.com/infracost/infracost` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_INFRACOST_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_INFRACOST_IMAGE) \|
		\| `infracost-image` / `TF_INFRACOST_IMAGE` \| the infracost container image \| `docker.io/infracost/infracost` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_INFRACOST_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_INFRACOST_IMAGE) \|
		\| `infracost-args` / `TF_INFRACOST_ARGS` \| infracost [CLI options and args](https://www.infracost.io/docs/#usage) \| `breakdown` \|
		\| `infracost-usage-file` / `TF_INFRACOST_USAGE_FILE` \| infracost [usage file](https://www.infracost.io/docs/usage_based_resources/#infracost-usage-file) \| `infracost-usage.yml` \|
		\| :lock: `INFRACOST_API_KEY`\| the infracost API key \| required \|
		@@ -635,7 +635,7 @@ When enabled, this job triggers on a Git tag with semantic version pattern (`v?[
		\| Input / Variable \| Description \| Default value \|
		\| -------------------- \| -------------------------------------------------------------------- \| -------------------- \|
		\| `publish-enabled` / `TF_PUBLISH_ENABLED` \| Set to `true` to enable Terraform Module Publish \| _none_ (disabled) \|
		\| `publish-image` / `TF_PUBLISH_IMAGE` \| Container image used to publish module. \| `registry.hub.docker.com/curlimages/curl:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_PUBLISH_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_PUBLISH_IMAGE) \|
		\| `publish-image` / `TF_PUBLISH_IMAGE` \| Container image used to publish module. \| `docker.io/curlimages/curl:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-TF_PUBLISH_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-TF_PUBLISH_IMAGE) \|
		\| `module-name` / `TF_MODULE_NAME` \| The module name. May not contain any spaces or underscores. \| `$CI_PROJECT_NAME` \|
		\| `module-system` / `TF_MODULE_SYSTEM` \| The module system or provider (example: `local`, `aws`, `google`). \| `local` \|
		\| `module-version` / `TF_MODULE_VERSION` \| The module version. It must be valid according to the [semantic versioning](https://semver.org/) specification. \| `$CI_COMMIT_TAG` _(leave default unless you have good reasons to override)_ \|