Finishing updates to have shell script auto update the hardening manifest file.

0b7e1214 · Michael Uranaka · bf086703 · 0b7e1214 · 0b7e1214 · 0b7e1214
Commit 0b7e1214 authored Apr 22, 2021 by Michael Uranaka
Hide whitespace changes
Inline Side-by-side

Showing with 40 additions and 23 deletions

hardening_manifest.yaml hardening_manifest.yaml +3 -3

scripts/Dockerfile.packages scripts/Dockerfile.packages +9 -6

scripts/repackage.sh scripts/repackage.sh +28 -14

No files found.
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -14,7 +14,7 @@ tags:
 # Build args passed to Dockerfile ARGs
 args:
  BASE_IMAGE: "opensource/python/python39"
-  BASE_TAG: "3.9.4"
+  BASE_TAG: "v3.9.4"

 # Docker image labels
 labels:
@@ -34,11 +34,11 @@ resources:
    type: s3
    id: galvanize
    region: us-gov-west-1
-  url: s3://learn-dependencies/python-evaluator/redis-cli.tar.gz
+  url: s3://learn-dependencies/python-evaluator/redis-cli-0.1.1.tar.gz
  filename: redis-cli.tar.gz
  validation:
    type: sha256
-    value: 1a4a61818d33d8f9c9aea0f3ce1ed3093500f25ac750365ae6c06a6d2f0ee123
+    value: aab74a5938a67915726e34cd3fe6d60f6e5f93dfbb2eebb633bc9e51f11c5b55

 # List of project maintainers
 maintainers:

--- a/scripts/Dockerfile.packages
+++ b/scripts/Dockerfile.packages
@@ -12,17 +12,20 @@ RUN dnf update -y &&  dnf install -y \
        gcc \
        gcc-c++

-# Setup our environment
 WORKDIR /app

-# Redis
-RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz
-RUN tar xzf redis-stable.tar.gz
+# Download Redis.
+RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz \
+    && tar xzf redis-stable.tar.gz
+
 WORKDIR /app/redis-stable
+
 RUN make redis-cli
+
 WORKDIR /app/redis-stable/src
-RUN tar czf redis-cli.tar.gz redis-cli
-RUN mv redis-cli.tar.gz /app/
+
+RUN tar czf redis-cli.tar.gz redis-cli \
+    && mv redis-cli.tar.gz /app/

 # Switch back to app dir.
 WORKDIR /app

--- a/scripts/repackage.sh
+++ b/scripts/repackage.sh
@@ -3,7 +3,7 @@
 # Image Params.
 BASE_REGISTRY=registry1.dso.mil
 BASE_IMAGE=ironbank/opensource/python/python39
-BASE_TAG=3.9.4
+BASE_TAG=v3.9.4

 # This is the profile name in your aws credentials file.
 DEPENDENCY_FOLDER=build_dependencies
@@ -11,34 +11,48 @@ AWS_PROFILE_NAME=rc-govcloud
 AWS_BUCKET_URL=s3://learn-dependencies/python-evaluator
 AWS_REGION=us-gov-west-1
 VERSION_NUMBER=$(yq e '.tags[0]' ../hardening_manifest.yaml)
+IMAGE_TAG=python-evaluator-tag

 echo "Clearing dependency folder."
 rm -rf $DEPENDENCY_FOLDER
 mkdir $DEPENDENCY_FOLDER

-echo "Building docker image."
-IMAGE_ID=$(docker build --file Dockerfile.packages . -q \
+echo "Building docker image with tag: $IMAGE_TAG"
+IMAGE_ID=$(docker build -t $IMAGE_TAG \
+  --file Dockerfile.packages . -q \
  --build-arg BASE_REGISTRY=$BASE_REGISTRY \
  --build-arg BASE_IMAGE=$BASE_IMAGE \
  --build-arg BASE_TAG=$BASE_TAG)
-echo "Image ID: ${IMAGE_ID}"

-echo "Starting docker container."
-CONTAINER_ID=$(docker run -d "$IMAGE_ID")
-echo "Container ID: ${CONTAINER_ID}"
+echo "Starting docker container"
+CONTAINER_ID=$(docker run -d "$IMAGE_TAG")

-echo "Copying node modules and gems to the bundles directory."
-docker cp "$CONTAINER_ID":/app/redis-cli.tar.gz "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz"
+if [ -z "$CONTAINER_ID" ]; then
+  echo "[ERROR] - Failed to start the docker container. Exiting.."
+  exit
+else
+  echo "Container ID: ${CONTAINER_ID}"
+fi
+
+echo "Copying redis cli to the dependency directory."
+docker cp "$CONTAINER_ID:/app/redis-cli.tar.gz" "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz"

 echo "Stopping the docker container."
-docker stop "$CONTAINER_ID"
+docker kill "$CONTAINER_ID"
+
+# Make sure the dependencies were built.
+if [ -z "$(ls -A -- "${DEPENDENCY_FOLDER}")" ]; then
+  echo "[ERROR] - Dependency folder is empty. Failed to build s3 dependencies. Exiting.."
+  exit
+fi

 echo "Uploading all the build dependencies to AWS."
-#aws s3 sync $DEPENDENCY_FOLDER $AWS_BUCKET_URL --profile $AWS_PROFILE_NAME --region $AWS_REGION
+aws s3 sync $DEPENDENCY_FOLDER $AWS_BUCKET_URL --profile $AWS_PROFILE_NAME --region $AWS_REGION

-echo "Checksums:"
+echo " Getting Checksums."
 cd $DEPENDENCY_FOLDER || exit
-REDIS_CHECKSUM=$(sha256sum "redis-cli-${VERSION_NUMBER}.tar.gz")
+REDIS_CHECKSUM=$(sha256sum "redis-cli-${VERSION_NUMBER}.tar.gz" | awk '{ print $1 }')
+echo "Redis CLI Checksum: ${REDIS_CHECKSUM}"
 cd ..

 echo "Updating the hardening_manifest.yaml file."
@@ -48,6 +62,6 @@ sed -i '' -e "s|$REDIS_PREV_SHA|$REDIS_CHECKSUM|g" ../hardening_manifest.yaml
 sed -i '' -e "s|$REDIS_PREV_URL|${AWS_BUCKET_URL}/redis-cli-${VERSION_NUMBER}.tar.gz|g" ../hardening_manifest.yaml

 echo "Removing dependency folder."
-#rm -rf $DEPENDENCY_FOLDER
+rm -rf $DEPENDENCY_FOLDER

 echo "Done!"
\ No newline at end of file