Merge branch 'upgrade-python' into 'development'

Upgrade to latest base container and fix pipeline issues. See merge request !5

Merge branch 'upgrade-python' into 'development'
Upgrade to latest base container and fix pipeline issues. See merge request !5
bc53b0b6 · Michael Simmons · 4442f637 · 78d89b3a · bc53b0b6 · bc53b0b6
Commit bc53b0b6 authored May 05, 2021 by Michael Simmons
5 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,5 @@ test_methods.py
 results.txt
 mike-run-local-loop.bash
 *-local-loop.sh
-build_dependencies
\ No newline at end of file
+build_dependencies
+hardening_manifest.yaml-e
\ No newline at end of file
--- a/Dockerfile
+++ b/Dockerfile
+ARG BASE_REGISTRY=registry1.dso.mil
+ARG BASE_IMAGE=opensource/python/python39
+ARG BASE_TAG=v3.9.4
+
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 USER 0

@@ -10,12 +14,12 @@ COPY ./scripts .
 COPY redis-cli.tar.gz .

 # Install redis.
-RUN tar xzf redis-cli.tar.gz && rm redis-cli.tar.gz
-RUN mv redis-cli /usr/local/bin/redis-cli
+RUN tar xzf redis-cli.tar.gz && rm redis-cli.tar.gz \
+    && mv redis-cli /usr/local/bin/redis-cli

 # Set permissions and ownership.
-RUN chown -R 1001 /app
-RUN chmod 0555 /app/get-job.sh
+RUN chown -R 1001 /app \
+    && chmod 0555 /app/get-job.sh

 # Become the python user.
 USER 1001
@@ -24,4 +28,4 @@ USER 1001
 HEALTHCHECK none

 # Set the entrypoint.
-ENTRYPOINT ["/app/get-job.sh"]
\ No newline at end of file
+ENTRYPOINT ["/app/get-job.sh"]
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,13 +8,13 @@ name: "galvanize/galvanize/python-code-evaluator"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
- "0.1.0"
+- "0.1.1"
 - "latest"

 # Build args passed to Dockerfile ARGs
 args:
-  BASE_IMAGE: "opensource/python/python38"
-  BASE_TAG: "3.8"
+  BASE_IMAGE: "opensource/python/python39"
+  BASE_TAG: "v3.9.4"

 # Docker image labels
 labels:
@@ -23,7 +23,7 @@ labels:
  org.opencontainers.image.licenses: "proprietary"
  org.opencontainers.image.url: "https://www.galvanize.com"
  org.opencontainers.image.vendor: "Galvanize"
-  org.opencontainers.image.version: "3.8"
+  org.opencontainers.image.version: "0.1.1"
  mil.dso.ironbank.image.keywords: "lms,learn,galvanize,online,classes,remote,learning"
  mil.dso.ironbank.image.type: "commercial"
  mil.dso.ironbank.product.name: "Learn"
@@ -34,11 +34,11 @@ resources:
    type: s3
    id: galvanize
    region: us-gov-west-1
-  url: s3://learn-dependencies/python-evaluator/redis-cli.tar.gz
+  url: s3://learn-dependencies/python-evaluator/redis-cli-0.1.1.tar.gz
  filename: redis-cli.tar.gz
  validation:
    type: sha256
-    value: 1a4a61818d33d8f9c9aea0f3ce1ed3093500f25ac750365ae6c06a6d2f0ee123
+    value: ff42bc97d2d23a3ef9adc6c58d96edc1c4da100315f6e9b8aed945b0639c63a6

 # List of project maintainers
 maintainers:

--- a/scripts/Dockerfile.packages
+++ b/scripts/Dockerfile.packages
@@ -5,10 +5,6 @@ ARG BASE_TAG
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 USER 0

-ARG NODE_VERSION
-ARG YARN_VERSION
-ARG JQUERY_RAILS_VERSION
-
 # Install required libs.
 RUN dnf update -y &&  dnf install -y \
        curl \
@@ -16,20 +12,17 @@ RUN dnf update -y &&  dnf install -y \
        gcc \
        gcc-c++

-# Setup our environment
 WORKDIR /app

-# Redis
-RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz
-RUN tar xzf redis-stable.tar.gz
-WORKDIR /app/redis-stable
-RUN make redis-cli
-WORKDIR /app/redis-stable/src
-RUN tar czf redis-cli.tar.gz redis-cli
-RUN mv redis-cli.tar.gz /app/
-
-# Switch back to app dir.
-WORKDIR /app
+# Download Redis.
+RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz \
+    && tar xzf redis-stable.tar.gz \
+    && cd /app/redis-stable \
+    && make redis-cli \
+    && cd /app/redis-stable/src \
+    && tar czf redis-cli.tar.gz redis-cli \
+    && mv redis-cli.tar.gz /app/ \
+    && cd /app

 # Add write permissions.
 RUN chown -R 1001 .

--- a/scripts/repackage.sh
+++ b/scripts/repackage.sh
 #!/bin/bash

 # Image Params.
-BASE_REGISTRY=registry.il2.dso.mil
-BASE_IMAGE=platform-one/devops/pipeline-templates/ironbank/python38
-BASE_TAG=3.8.31
+BASE_REGISTRY=registry1.dso.mil
+BASE_IMAGE=ironbank/opensource/python/python39
+BASE_TAG=v3.9.4

 # This is the profile name in your aws credentials file.
 DEPENDENCY_FOLDER=build_dependencies
-AWS_PROFILE_NAME=revacomm
-AWS_BUCKET_NAME=learn-dependencies/python-evaluator
+AWS_PROFILE_NAME=rc-govcloud
+AWS_BUCKET_URL=s3://learn-dependencies/python-evaluator
 AWS_REGION=us-gov-west-1
+VERSION_NUMBER=$(yq e '.tags[0]' ../hardening_manifest.yaml)
+IMAGE_TAG=python-evaluator-tag

 echo "Clearing dependency folder."
 rm -rf $DEPENDENCY_FOLDER
 mkdir $DEPENDENCY_FOLDER

-echo "Building docker image."
-IMAGE_ID=$(docker build --file Dockerfile.packages . -q \
+echo "Building docker image with tag: $IMAGE_TAG"
+docker build -t $IMAGE_TAG \
+  --file Dockerfile.packages . -q \
  --build-arg BASE_REGISTRY=$BASE_REGISTRY \
  --build-arg BASE_IMAGE=$BASE_IMAGE \
-  --build-arg BASE_TAG=$BASE_TAG)
-echo "Image ID: ${IMAGE_ID}"
+  --build-arg BASE_TAG=$BASE_TAG

-echo "Starting docker container."
-CONTAINER_ID=$(docker run -d "$IMAGE_ID")
-echo "Container ID: ${CONTAINER_ID}"
+echo "Starting docker container"
+CONTAINER_ID=$(docker run -d "$IMAGE_TAG")

-echo "Copying node modules and gems to the bundles directory."
-docker cp "$CONTAINER_ID":/app/redis-cli.tar.gz $DEPENDENCY_FOLDER
+if [ -z "$CONTAINER_ID" ]; then
+  echo "[ERROR] - Failed to start the docker container. Exiting.."
+  exit
+else
+  echo "Container ID: ${CONTAINER_ID}"
+fi
+
+echo "Copying redis cli to the dependency directory."
+docker cp "$CONTAINER_ID:/app/redis-cli.tar.gz" "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz"

 echo "Stopping the docker container."
-docker stop "$CONTAINER_ID"
+docker kill "$CONTAINER_ID"
+
+# Make sure the dependencies were built.
+if [ -z "$(ls -A -- "${DEPENDENCY_FOLDER}")" ]; then
+  echo "[ERROR] - Dependency folder is empty. Failed to build s3 dependencies. Exiting.."
+  exit
+fi

 echo "Uploading all the build dependencies to AWS."
-aws s3 sync $DEPENDENCY_FOLDER s3://$AWS_BUCKET_NAME --delete --profile $AWS_PROFILE_NAME --region $AWS_REGION
+aws s3 sync $DEPENDENCY_FOLDER $AWS_BUCKET_URL --profile $AWS_PROFILE_NAME --region $AWS_REGION || exit
+
+echo " Getting Checksums."
+REDIS_CHECKSUM=$(sha256sum "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz" | awk '{ print $1 }')
+echo "Redis CLI Checksum: ${REDIS_CHECKSUM}"

-echo "Checksums:"
-cd $DEPENDENCY_FOLDER
-sha256sum redis-cli.tar.gz
-cd ..
+echo "Updating the hardening_manifest.yaml file."
+REDIS_PREV_SHA=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").validation.value' ../hardening_manifest.yaml)
+REDIS_PREV_URL=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").url' ../hardening_manifest.yaml)
+sed -i '' -e "s|$REDIS_PREV_SHA|$REDIS_CHECKSUM|g" ../hardening_manifest.yaml
+sed -i '' -e "s|$REDIS_PREV_URL|${AWS_BUCKET_URL}/redis-cli-${VERSION_NUMBER}.tar.gz|g" ../hardening_manifest.yaml

 echo "Removing dependency folder."
 rm -rf $DEPENDENCY_FOLDER

-echo "Done!"
\ No newline at end of file
+echo "Done!"