Container image providing a consistent build & deployment toolchain for Node.js projects targeting AWS infrastructure with Terraform. Designed for CI systems like Bitbucket Pipelines and AWS CodeBuild.

Healthcheck validates node, terraform, and aws availability.

Each maintained major Node line has a matching branch + Docker tag. Current upstream LTS / alias mapping (as of 2025-08) for reference:

Notes:

• stable / node upstream presently resolve to v24.7.0.
• Historical LTS codenames listed for clarity; some are End Of Life (EOL) and provided only for reproducibility.
• Prefer a pinned major tag (e.g. 18.x, 22.x) or digest for deterministic CI builds.

latest generally tracks the highest actively maintained major (currently Node 18). Pin a major tag (e.g. 18.x) for stability in CI.

Pull and run an interactive shell:

docker run -it --rm jch254/docker-node-terraform-aws:18.x bash

Check installed versions:

docker run --rm jch254/docker-node-terraform-aws:18.x "node --version && terraform version && aws --version"

docker build --build-arg TERRAFORM_VERSION=1.13.1 -t my/ci-image:tf-1.13.1 .

You can substitute any published Terraform version; architecture (amd64 / arm64) is auto-detected.

image: jch254/docker-node-terraform-aws:18.x

pipelines:
	default:
		- step:
				name: Terraform Plan
				script:
					- node --version
					- terraform -chdir=infrastructure init
					- terraform -chdir=infrastructure plan -out tfplan

version: 0.2
phases:
	install:
		runtime-versions: {}
	pre_build:
		commands:
			- node --version
			- terraform -chdir=infrastructure init
	build:
		commands:
			- terraform -chdir=infrastructure apply -auto-approve

Configure the project to use the public image jch254/docker-node-terraform-aws:18.x (or another tag) as a custom image.

• Terraform plugin/cache directory: mount a volume to persist between runs:

docker run -v "$PWD":/workspace -v tf_plugins:/root/.terraform.d/plugin-cache ...

Then add to ~/.terraformrc (in your repo) if you want explicit plugin cache control:

plugin_cache_dir = "/root/.terraform.d/plugin-cache"

• Node/Yarn dependencies: in CI, leverage built-in caching (Bitbucket caches: node) or mount a volume locally.

The image includes a Docker HEALTHCHECK executing lightweight version commands. In high-frequency short-lived CI containers you can safely ignore it; for long-running ephemeral build runners it provides a basic sanity signal.

• Base updates: periodically rebuild when upstream node:<major>-alpine publishes security patches.
• Terraform: bump default by updating ARG TERRAFORM_VERSION in Dockerfile (and rebuild / retag).
• Tag discipline: prefer immutable CI references (e.g. digest pin) if supply chain repeatability is critical.

See serverless-node-dynamodb-ui demonstrating usage in a Serverless + Terraform workflow.

1. Fork & branch (feat/... or chore/...).
2. Make changes; keep layers minimal.
3. Build & smoke test:

docker build -t test-image . && docker run --rm test-image "terraform version"

1. Open PR describing rationale (tool additions, version bumps, optimizations).

Please open a GitHub issue with:

• Image tag / digest
• CI environment (Bitbucket Pipelines, CodeBuild, local, etc.)
• Repro steps & exact error output

No root password, minimal additional packages. For stricter environments you may:

• Add vulnerability scanning (e.g. docker scout cves or Trivy) in CI.
• Pin package versions explicitly (currently using rolling Alpine repo versions for utilities).

Released under the MIT License. By contributing you agree that your contributions are licensed under the same MIT license.

Pull requests to improve size, security posture, or docs are welcome.