Updating repackage scripts. Upgrading to latest python version.

bf086703 · Michael Uranaka · 4442f637 · bf086703 · bf086703 · bf086703
Commit bf086703 authored Apr 22, 2021 by Michael Uranaka
5 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,5 @@ test_methods.py
 results.txt
 mike-run-local-loop.bash
 *-local-loop.sh
-build_dependencies
\ No newline at end of file
+build_dependencies
+hardening_manifest.yaml-e
\ No newline at end of file
--- a/Dockerfile
+++ b/Dockerfile
+ARG BASE_REGISTRY=registry1.dso.mil
+ARG BASE_IMAGE=opensource/python/python39
+ARG BASE_TAG=3.9.4
+
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 USER 0

@@ -10,12 +14,12 @@ COPY ./scripts .
 COPY redis-cli.tar.gz .

 # Install redis.
-RUN tar xzf redis-cli.tar.gz && rm redis-cli.tar.gz
-RUN mv redis-cli /usr/local/bin/redis-cli
+RUN tar xzf redis-cli.tar.gz && rm redis-cli.tar.gz \
+    && mv redis-cli /usr/local/bin/redis-cli

 # Set permissions and ownership.
-RUN chown -R 1001 /app
-RUN chmod 0555 /app/get-job.sh
+RUN chown -R 1001 /app \
+    && chmod 0555 /app/get-job.sh

 # Become the python user.
 USER 1001

--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,13 +8,13 @@ name: "galvanize/galvanize/python-code-evaluator"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
- "0.1.0"
+- "0.1.1"
 - "latest"

 # Build args passed to Dockerfile ARGs
 args:
-  BASE_IMAGE: "opensource/python/python38"
-  BASE_TAG: "3.8"
+  BASE_IMAGE: "opensource/python/python39"
+  BASE_TAG: "3.9.4"

 # Docker image labels
 labels:
@@ -23,7 +23,7 @@ labels:
  org.opencontainers.image.licenses: "proprietary"
  org.opencontainers.image.url: "https://www.galvanize.com"
  org.opencontainers.image.vendor: "Galvanize"
-  org.opencontainers.image.version: "3.8"
+  org.opencontainers.image.version: "0.1.1"
  mil.dso.ironbank.image.keywords: "lms,learn,galvanize,online,classes,remote,learning"
  mil.dso.ironbank.image.type: "commercial"
  mil.dso.ironbank.product.name: "Learn"

--- a/scripts/Dockerfile.packages
+++ b/scripts/Dockerfile.packages
@@ -5,10 +5,6 @@ ARG BASE_TAG
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 USER 0

-ARG NODE_VERSION
-ARG YARN_VERSION
-ARG JQUERY_RAILS_VERSION
-
 # Install required libs.
 RUN dnf update -y &&  dnf install -y \
        curl \

--- a/scripts/repackage.sh
+++ b/scripts/repackage.sh
 #!/bin/bash

 # Image Params.
-BASE_REGISTRY=registry.il2.dso.mil
-BASE_IMAGE=platform-one/devops/pipeline-templates/ironbank/python38
-BASE_TAG=3.8.31
+BASE_REGISTRY=registry1.dso.mil
+BASE_IMAGE=ironbank/opensource/python/python39
+BASE_TAG=3.9.4

 # This is the profile name in your aws credentials file.
 DEPENDENCY_FOLDER=build_dependencies
-AWS_PROFILE_NAME=revacomm
-AWS_BUCKET_NAME=learn-dependencies/python-evaluator
+AWS_PROFILE_NAME=rc-govcloud
+AWS_BUCKET_URL=s3://learn-dependencies/python-evaluator
 AWS_REGION=us-gov-west-1
+VERSION_NUMBER=$(yq e '.tags[0]' ../hardening_manifest.yaml)

 echo "Clearing dependency folder."
 rm -rf $DEPENDENCY_FOLDER
@@ -27,20 +28,26 @@ CONTAINER_ID=$(docker run -d "$IMAGE_ID")
 echo "Container ID: ${CONTAINER_ID}"

 echo "Copying node modules and gems to the bundles directory."
-docker cp "$CONTAINER_ID":/app/redis-cli.tar.gz $DEPENDENCY_FOLDER
+docker cp "$CONTAINER_ID":/app/redis-cli.tar.gz "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz"

 echo "Stopping the docker container."
 docker stop "$CONTAINER_ID"

 echo "Uploading all the build dependencies to AWS."
-aws s3 sync $DEPENDENCY_FOLDER s3://$AWS_BUCKET_NAME --delete --profile $AWS_PROFILE_NAME --region $AWS_REGION
+#aws s3 sync $DEPENDENCY_FOLDER $AWS_BUCKET_URL --profile $AWS_PROFILE_NAME --region $AWS_REGION

 echo "Checksums:"
-cd $DEPENDENCY_FOLDER
-sha256sum redis-cli.tar.gz
+cd $DEPENDENCY_FOLDER || exit
+REDIS_CHECKSUM=$(sha256sum "redis-cli-${VERSION_NUMBER}.tar.gz")
 cd ..

+echo "Updating the hardening_manifest.yaml file."
+REDIS_PREV_SHA=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").validation.value' ../hardening_manifest.yaml)
+REDIS_PREV_URL=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").url' ../hardening_manifest.yaml)
+sed -i '' -e "s|$REDIS_PREV_SHA|$REDIS_CHECKSUM|g" ../hardening_manifest.yaml
+sed -i '' -e "s|$REDIS_PREV_URL|${AWS_BUCKET_URL}/redis-cli-${VERSION_NUMBER}.tar.gz|g" ../hardening_manifest.yaml
+
 echo "Removing dependency folder."
-rm -rf $DEPENDENCY_FOLDER
+#rm -rf $DEPENDENCY_FOLDER

 echo "Done!"
\ No newline at end of file