updating to package script and manifest.

25c786f7 · Michael Uranaka · b3e05a48 · 25c786f7 · 25c786f7 · 25c786f7
Commit 25c786f7 authored May 06, 2021 by Michael Uranaka
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 32 deletions

hardening_manifest.yaml hardening_manifest.yaml +4 -4

scripts/Dockerfile.packages scripts/Dockerfile.packages +8 -11

scripts/repackage.sh scripts/repackage.sh +30 -17

No files found.
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,7 +8,7 @@ name: "galvanize/galvanize/java-code-evaluator"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
- "0.1.0"
+- "0.1.1"
 - "latest"
 # Build args passed to Dockerfile ARGs
@@ -23,7 +23,7 @@ labels:
  org.opencontainers.image.licenses: "proprietary"
  org.opencontainers.image.url: "https://www.galvanize.com"
  org.opencontainers.image.vendor: "Galvanize"
-  org.opencontainers.image.version: "0.1.0"
+  org.opencontainers.image.version: "0.1.1"
  mil.dso.ironbank.image.keywords: "lms,learn,galvanize,online,classes,remote,learning"
  mil.dso.ironbank.image.type: "commercial"
  mil.dso.ironbank.product.name: "Learn"
@@ -34,11 +34,11 @@ resources:
      type: s3
      id: galvanize
      region: us-gov-west-1
-    url: s3://learn-dependencies/java-evaluator/redis-cli.tar.gz
+    url: s3://learn-dependencies/java-evaluator/redis-cli-0.1.1.tar.gz
    filename: redis-cli.tar.gz
    validation:
      type: sha256
-      value: 656bf2fc3f4e63bb4ee96744a550a875b316e3f99da241a378a63db47b91e1ee
+      value: 2d5327e9f604d11db807680bdcd1ac487348682986bda0626742944e63fa64d6
  - auth:
      type: s3
      id: galvanize

--- a/scripts/Dockerfile.packages
+++ b/scripts/Dockerfile.packages
@@ -16,18 +16,15 @@ RUN dnf update -y \
 # Setup our environment
 WORKDIR /app
-# Redis
+# Download Redis.
 RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz \
-    && tar xzf redis-stable.tar.gz
+    && tar xzf redis-stable.tar.gz \
+    && cd /app/redis-stable \
-WORKDIR /app/redis-stable
+    && make redis-cli \
-RUN make redis-cli
+    && cd /app/redis-stable/src \
+    && tar czf redis-cli.tar.gz redis-cli \
-WORKDIR /app/redis-stable/src
+    && mv redis-cli.tar.gz /app/ \
-RUN tar czf redis-cli.tar.gz redis-cli \
+    && cd /app
-    && mv redis-cli.tar.gz /app/
-WORKDIR /app
 # Add write permissions.
 RUN chown -R 1000 .

--- a/scripts/repackage.sh
+++ b/scripts/repackage.sh
@@ -7,40 +7,53 @@ BASE_TAG=6.8.3
 # This is the profile name in your aws credentials file.
 DEPENDENCY_FOLDER=build_dependencies
-AWS_PROFILE_NAME=revacomm
+AWS_PROFILE_NAME=rc-govcloud
-AWS_BUCKET_NAME=learn-dependencies/java-evaluator
+AWS_BUCKET_URL=s3://learn-dependencies/java-evaluator
 AWS_REGION=us-gov-west-1
+VERSION_NUMBER=$(yq e '.tags[0]' ../hardening_manifest.yaml)
+IMAGE_TAG=java-evaluator-tag
 echo "Clearing dependency folder."
 rm -rf $DEPENDENCY_FOLDER
 mkdir $DEPENDENCY_FOLDER
-echo "Building docker image."
+echo "Building docker image with tag: $IMAGE_TAG"
-IMAGE_ID=$(docker build --file Dockerfile.packages . -q \
+docker build -t $IMAGE_TAG \
+  --file Dockerfile.packages . -q \
  --build-arg BASE_REGISTRY=$BASE_REGISTRY \
  --build-arg BASE_IMAGE=$BASE_IMAGE \
-  --build-arg BASE_TAG=$BASE_TAG)
+  --build-arg BASE_TAG=$BASE_TAG
-echo "Image ID: ${IMAGE_ID}"
 echo "Starting docker container."
-CONTAINER_ID=$(docker run -d $IMAGE_ID)
+CONTAINER_ID=$(docker run -d $IMAGE_TAG)
-echo "Container ID: ${CONTAINER_ID}"
-echo "Copying node modules and gems to the bundles directory."
+if [ -z "$CONTAINER_ID" ]; then
-docker cp $CONTAINER_ID:/app/redis-cli.tar.gz $DEPENDENCY_FOLDER/redis-cli.tar.gz
+  echo "[ERROR] - Failed to start the docker container. Exiting.."
+  exit
+else
+  echo "Container ID: ${CONTAINER_ID}"
+fi
+echo "Copying redis cli to the dependency directory."
+docker cp "$CONTAINER_ID:/app/redis-cli.tar.gz" "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz" || exit
 echo "Stopping the docker container."
-docker stop "$CONTAINER_ID"
+docker kill "$CONTAINER_ID"
 echo "Uploading all the build dependencies to AWS."
-aws s3 sync $DEPENDENCY_FOLDER s3://$AWS_BUCKET_NAME --delete --profile $AWS_PROFILE_NAME --region $AWS_REGION
+aws s3 sync $DEPENDENCY_FOLDER $AWS_BUCKET_URL --profile $AWS_PROFILE_NAME --region $AWS_REGION || exit
+echo " Getting Checksums."
+REDIS_CHECKSUM=$(sha256sum "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz" | awk '{ print $1 }')
+echo "Redis CLI Checksum: ${REDIS_CHECKSUM}"
-echo "Checksums:"
+echo "Updating the hardening_manifest.yaml file."
-cd $DEPENDENCY_FOLDER
+REDIS_PREV_SHA=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").validation.value' ../hardening_manifest.yaml)
-sha256sum redis-cli.tar.gz
+REDIS_PREV_URL=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").url' ../hardening_manifest.yaml)
-cd ..
+sed -i '' -e "s|$REDIS_PREV_SHA|$REDIS_CHECKSUM|g" ../hardening_manifest.yaml
+sed -i '' -e "s|$REDIS_PREV_URL|${AWS_BUCKET_URL}/redis-cli-${VERSION_NUMBER}.tar.gz|g" ../hardening_manifest.yaml
 echo "Removing dependency folder."
 rm -rf $DEPENDENCY_FOLDER
 echo "Done!"
\ No newline at end of file