Move common setup into base image

Author: dflook

image/Dockerfile

@@ -5,14 +5,6 @@ ARG TARGETARCH
 ARG FETCH_CHECKSUMS
 ARG VERSION=99.0.0
 
-RUN gpg --recv-keys C874011F0AB405110D02105534365D9472D7468F \
- && echo "C874011F0AB405110D02105534365D9472D7468F:6:" | gpg --import-ownertrust
-
-RUN curl https://get.opentofu.org/opentofu.gpg | gpg --import \
- && echo "E3E6E43D84CB852EADB0051D0C0AF313E5FD9F80:6:" | gpg --import-ownertrust
-
-RUN gpg --check-trustdb
-
 COPY src/ /tmp/src/
 COPY setup.py /tmp
 RUN sed -i "s|version='.*'|version=\'${VERSION}\'|" /tmp/setup.py \
@@ -45,10 +37,6 @@ COPY tools/compact_plan.py /usr/local/bin/compact_plan
 COPY tools/format_tf_credentials.py /usr/local/bin/format_tf_credentials
 COPY tools/github_comment_react.py /usr/local/bin/github_comment_react
 
-RUN echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config \
- && echo "IdentityFile /.ssh/id_rsa" >> /etc/ssh/ssh_config \
- && mkdir -p /.ssh
-
 COPY tools/http_credential_actions_helper.py /usr/bin/git-credential-actions
 RUN git config --system credential.helper /usr/bin/git-credential-actions \
  && git config --system credential.useHttpPath true \

image/Dockerfile-base

@@ -6,16 +6,17 @@ RUN git clone https://github.com/cloudposse/tfmask.git \
  && make \
  && make go/build
 
-FROM debian:bullseye-slim as base
+FROM debian:bullseye-slim AS terraform-github-actions-base
 
 # Terraform environment variables
 ENV CHECKPOINT_DISABLE=true
 ENV TF_IN_AUTOMATION=true
 ENV TF_INPUT=false
 ENV TF_PLUGIN_CACHE_DIR=/usr/local/share/terraform/plugin-cache
 
-RUN apt-get update  \
- && apt-get install --no-install-recommends -y \
+RUN <<EOF
+ apt-get update
+ apt-get install --no-install-recommends -y \
     git \
     ssh \
     tar \
@@ -31,12 +32,23 @@ RUN apt-get update  \
     gpg \
     gpg-agent \
     dirmngr \
-    tree \
- && rm -rf /var/lib/apt/lists/*
+    tree
+ rm -rf /var/lib/apt/lists/*
 
-RUN mkdir -p $TF_PLUGIN_CACHE_DIR
+ mkdir -p $TF_PLUGIN_CACHE_DIR
+
+ gpg --recv-keys C874011F0AB405110D02105534365D9472D7468F
+ echo "C874011F0AB405110D02105534365D9472D7468F:6:" | gpg --import-ownertrust
+
+ curl https://get.opentofu.org/opentofu.gpg | gpg --import
+ echo "E3E6E43D84CB852EADB0051D0C0AF313E5FD9F80:6:" | gpg --import-ownertrust
+
+ gpg --check-trustdb
+
+ echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
+ echo "IdentityFile /.ssh/id_rsa" >> /etc/ssh/ssh_config
+ mkdir -p /.ssh
+EOF
 
 COPY --from=tfmask /go/tfmask/release/tfmask /usr/local/bin/tfmask
 ENV TFMASK_RESOURCES_REGEX="(?i)^(random_id|kubernetes_secret|acme_certificate).*$"
-
-ENTRYPOINT ["/usr/local/bin/terraform"]