From bf86e6841ab7b2651e9e4ac3ddeccf4051e8d3c6 Mon Sep 17 00:00:00 2001
From: Jason Hall <jason@chainguard.dev>
Date: Wed, 18 Oct 2023 13:41:46 -0400
Subject: [PATCH] refactor wolfi-base to config format (#1669)

Signed-off-by: Jason Hall <jason@chainguard.dev>
---
 images/wolfi-base/config/main.tf              | 20 +++++++++++++
 images/wolfi-base/configs/latest.apko.yaml    | 14 ---------
 images/wolfi-base/main.tf                     | 29 +++++++++----------
 images/wolfi-base/tests/main.tf               |  2 +-
 .../wolfi-base/tests/{01-runs.sh => runs.sh}  |  0
 5 files changed, 35 insertions(+), 30 deletions(-)
 create mode 100644 images/wolfi-base/config/main.tf
 delete mode 100644 images/wolfi-base/configs/latest.apko.yaml
 rename images/wolfi-base/tests/{01-runs.sh => runs.sh} (100%)

diff --git a/images/wolfi-base/config/main.tf b/images/wolfi-base/config/main.tf
new file mode 100644
index 0000000000..9432061bfb
--- /dev/null
+++ b/images/wolfi-base/config/main.tf
@@ -0,0 +1,20 @@
+variable "extra_packages" {
+  description = "Additional packages to install."
+  type        = list(string)
+  default     = ["wolfi-base"]
+}
+
+module "accts" {
+  source = "../../../tflib/accts"
+  run-as = 0
+}
+
+output "config" {
+  value = jsonencode({
+    contents = {
+      packages = var.extra_packages
+    }
+    accounts = module.accts.block
+    cmd      = "/bin/sh -l"
+  })
+}
diff --git a/images/wolfi-base/configs/latest.apko.yaml b/images/wolfi-base/configs/latest.apko.yaml
deleted file mode 100644
index f190b18e36..0000000000
--- a/images/wolfi-base/configs/latest.apko.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-contents:
-  packages:
-    - wolfi-base
-
-#Create a nonroot user but run as root by default
-accounts:
-  groups:
-    - groupname: nonroot
-      gid: 65532
-  users:
-    - username: nonroot
-      uid: 65532
-
-cmd: /bin/sh -l
diff --git a/images/wolfi-base/main.tf b/images/wolfi-base/main.tf
index c75926686c..0957f801e4 100644
--- a/images/wolfi-base/main.tf
+++ b/images/wolfi-base/main.tf
@@ -1,20 +1,24 @@
+terraform {
+  required_providers {
+    oci = { source = "chainguard-dev/oci" }
+  }
+}
+
 variable "target_repository" {
   description = "The docker repo into which the image and attestations should be published."
 }
 
+module "config" {
+  source = "./config"
+}
+
 module "latest" {
   source = "../../tflib/publisher"
 
   name = basename(path.module)
 
   target_repository = var.target_repository
-  config            = file("${path.module}/configs/latest.apko.yaml")
-}
-
-module "version-tags" {
-  source  = "../../tflib/version-tags"
-  package = "wolfi-base"
-  config  = module.latest.config
+  config            = module.config.config
 }
 
 module "test-latest" {
@@ -22,12 +26,7 @@ module "test-latest" {
   digest = module.latest.image_ref
 }
 
-module "tagger" {
-  source = "../../tflib/tagger"
-
-  depends_on = [module.test-latest]
-
-  tags = merge(
-    { for t in toset(concat(["latest"], module.version-tags.tag_list)) : t => module.latest.image_ref },
-  )
+resource "oci_tag" "latest" {
+  digest_ref = module.latest.image_ref
+  tag        = "latest"
 }
diff --git a/images/wolfi-base/tests/main.tf b/images/wolfi-base/tests/main.tf
index 36c2b4dc05..25d2af27aa 100644
--- a/images/wolfi-base/tests/main.tf
+++ b/images/wolfi-base/tests/main.tf
@@ -10,5 +10,5 @@ variable "digest" {
 
 data "oci_exec_test" "runs" {
   digest = var.digest
-  script = "${path.module}/01-runs.sh"
+  script = "${path.module}/runs.sh"
 }
diff --git a/images/wolfi-base/tests/01-runs.sh b/images/wolfi-base/tests/runs.sh
similarity index 100%
rename from images/wolfi-base/tests/01-runs.sh
rename to images/wolfi-base/tests/runs.sh