From b915231d855fe8266cc88c890371498402938233 Mon Sep 17 00:00:00 2001 From: Hans Keeler Date: Mon, 20 May 2024 02:17:27 -0400 Subject: [PATCH 1/3] ci: add buildspec to build, scan, and push image --- buildspec.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 buildspec.yml diff --git a/buildspec.yml b/buildspec.yml new file mode 100644 index 0000000..c487402 --- /dev/null +++ b/buildspec.yml @@ -0,0 +1,34 @@ +version: 0.2 + +env: + variables: + SERVICE_NAME: regtech-user-fi-management + IMAGE_SCAN_EMAIL_TO: noreply@cfpb.gov + IMAGE_SCANNER_SECRET: cfpb/team/regtech/twistlock + SMTP_CREDS_SECRET: cfpb/team/regtech/smtp-ses-creds + secrets-manager: + IMAGE_SCANNER_URL: "${IMAGE_SCANNER_SECRET}:TL_CONSOLE_URL" + IMAGE_SCANNER_USERNAME: "${IMAGE_SCANNER_SECRET}:TL_USER" + IMAGE_SCANNER_PASSWORD: "${IMAGE_SCANNER_SECRET}:TL_PASSWORD" + SMTP_PASSWORD: "${SMTP_CREDS_SECRET}:password" + SMTP_PORT: "${SMTP_CREDS_SECRET}:smtp_port" + SMTP_HOST: "${SMTP_CREDS_SECRET}:smtp_server" + SMTP_USERNAME: "${SMTP_CREDS_SECRET}:username" + +phases: + install: + commands: + - codebuild-init && source ./env.sh + pre_build: + commands: + # Set envvars dependent on CodeBuild project's own envvars + - export IMAGE_NAME="cfpb/${NAMESPACE}/${SERVICE_NAME}" + - export IMAGE_TAG=$GIT_REF + - export REGISTRY_IMAGE_NAME="${ECR_ACCOUNT_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}" + - env | sort + build: + commands: + - docker build -t $REGISTRY_IMAGE_NAME . + - scan-image $REGISTRY_IMAGE_NAME $IMAGE_SCAN_EMAIL_TO + - docker push $REGISTRY_IMAGE_NAME + - echo "Image ${REGISTRY_IMAGE_NAME} now available for use. Enjoy!" From b8cbfe66d1f3502db29a502340b449731a00f7ff Mon Sep 17 00:00:00 2001 From: Hans Keeler Date: Wed, 12 Jun 2024 10:55:12 -0400 Subject: [PATCH 2/3] ci: update buildspec with latest secrets --- buildspec.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/buildspec.yml b/buildspec.yml index c487402..d8cb377 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,17 +3,18 @@ version: 0.2 env: variables: SERVICE_NAME: regtech-user-fi-management - IMAGE_SCAN_EMAIL_TO: noreply@cfpb.gov - IMAGE_SCANNER_SECRET: cfpb/team/regtech/twistlock + CONTACTS_SECRET: cfpb/team/regtech/contact-info + IMAGE_SCANNER_SECRET: cfpb/team/regtech/image-scanner-creds SMTP_CREDS_SECRET: cfpb/team/regtech/smtp-ses-creds secrets-manager: - IMAGE_SCANNER_URL: "${IMAGE_SCANNER_SECRET}:TL_CONSOLE_URL" - IMAGE_SCANNER_USERNAME: "${IMAGE_SCANNER_SECRET}:TL_USER" - IMAGE_SCANNER_PASSWORD: "${IMAGE_SCANNER_SECRET}:TL_PASSWORD" - SMTP_PASSWORD: "${SMTP_CREDS_SECRET}:password" + EMAIL_TO: "${CONTACTS_SECRET}:developers_all" + IMAGE_SCANNER_URL: "${IMAGE_SCANNER_SECRET}:url" + IMAGE_SCANNER_USERNAME: "${IMAGE_SCANNER_SECRET}:username" + IMAGE_SCANNER_PASSWORD: "${IMAGE_SCANNER_SECRET}:password" + SMTP_HOST: "${SMTP_CREDS_SECRET}:mail_server" SMTP_PORT: "${SMTP_CREDS_SECRET}:smtp_port" - SMTP_HOST: "${SMTP_CREDS_SECRET}:smtp_server" SMTP_USERNAME: "${SMTP_CREDS_SECRET}:username" + SMTP_PASSWORD: "${SMTP_CREDS_SECRET}:password" phases: install: From 2eaf1db5129eb3f04e33eb50acd8631f7ecbd057 Mon Sep 17 00:00:00 2001 From: Hans Keeler Date: Wed, 12 Jun 2024 11:01:08 -0400 Subject: [PATCH 3/3] ci: fix scan-image email to envvar --- buildspec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec.yml b/buildspec.yml index d8cb377..ea00394 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -30,6 +30,6 @@ phases: build: commands: - docker build -t $REGISTRY_IMAGE_NAME . - - scan-image $REGISTRY_IMAGE_NAME $IMAGE_SCAN_EMAIL_TO + - scan-image $REGISTRY_IMAGE_NAME $EMAIL_TO - docker push $REGISTRY_IMAGE_NAME - echo "Image ${REGISTRY_IMAGE_NAME} now available for use. Enjoy!"