Update README

Add Build and Test workflow
Add Build and Test script
Add Container Structure Test definition

Signed-off-by: Jacob Woffenden <[email protected]>

.github/workflows/build-and-test.yml

@@ -0,0 +1,26 @@
+---
+name: Build and Test
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  build-and-test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Build and Test
+        id: build_and_test
+        shell: bash
+        run: |
+          bash scripts/build-and-test.sh

.github/workflows/release.yml.deactivated

@@ -38,18 +38,18 @@ jobs:
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           push: true
-          tags: ghcr.io/ministryofjustice/analytical-platform-visual-studio-code:${{ github.ref_name }}
+          tags: ghcr.io/ministryofjustice/analytical-platform-ingestion-scanner:${{ github.ref_name }}
 
       - name: Sign
         id: sign
         shell: bash
         run: |
-          cosign sign --yes ghcr.io/ministryofjustice/analytical-platform-visual-studio-code@${{ steps.build_and_push.outputs.digest }}
+          cosign sign --yes ghcr.io/ministryofjustice/analytical-platform-ingestion-scanner@${{ steps.build_and_push.outputs.digest }}
 
       - name: Verify
         id: verify
         run: |
           cosign verify \
             --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
-            --certificate-identity=https://github.com/ministryofjustice/analytical-platform-visual-studio-code/.github/workflows/release.yml@refs/tags/${{ github.ref_name }} \
-            ghcr.io/ministryofjustice/analytical-platform-visual-studio-code@${{ steps.build_and_push.outputs.digest }}
+            --certificate-identity=https://github.com/ministryofjustice/analytical-platform-ingestion-scanner/.github/workflows/release.yml@refs/tags/${{ github.ref_name }} \
+            ghcr.io/ministryofjustice/analytical-platform-ingestion-scanner@${{ steps.build_and_push.outputs.digest }}

.github/workflows/scan-image.yml

@@ -26,13 +26,13 @@ jobs:
         with:
           push: false
           load: true
-          tags: visual-studio-code
+          tags: ingestion-scanner
 
       - name: Scan Image
         id: scan_image
         uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
         with:
-          image-ref: visual-studio-code
+          image-ref: ingestion-scanner
           exit-code: 1
           format: sarif
           output: trivy-results.sarif
@@ -44,7 +44,7 @@ jobs:
         id: scan_image_on_failure
         uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
         with:
-          image-ref: visual-studio-code
+          image-ref: ingestion-scanner
           exit-code: 1
           format: table
           severity: CRITICAL

README.md

@@ -2,15 +2,22 @@
 
 [![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fanalytical-platform-ingestion-scanner&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/analytical-platform-ingestion-scanner)
 
-This image is used in the Analytical Platform Ingestion Service. It is deployed as a Lambda function within the `analytical-platform-ingestion` account and is called as part of the AWS Transfer Family Server workflows.
+This image is used in the Analytical Platform Ingestion service. It is deployed as an AWS Lambda function within the `analytical-platform-ingestion` account and is called as part of the AWS Transfer Family Server workflows.
 
 ## Features
+
 The image comes with two key features - Syncing and Scanning.
 
 ### Syncing
 
+- `definition_upload` pulls latest ClamAV definitions, archives them, and pushes to Amazon S3.
+
+- `definition_download` downloads archived ClamAV definitions from Amazon S3, and unpacks them.
+
 ### Scanning
 
+- `scan` _TBC_
+
 ## Running Locally
 
 ### Build
@@ -49,5 +56,5 @@ docker run -it --rm --platform linux/amd64 public.ecr.aws/lambda/provided:al2023
 
 microdnf update
 
-apt-cache policy ${PACKAGE} # for example curl, git or gpg
+microdnf repoquery ${PACKAGE} # for example clamav, clamav-update or clamd
 ```

scripts/build-and-test.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+IMAGE_TAG="analytical-platform.service.justice.gov.uk/ingestion-scanner:local"
+CONTAINER_STRUCTURE_TEST_IMAGE="gcr.io/gcp-runtimes/container-structure-test:latest"
+
+if [[ "${REMOTE_CONTAINERS}" ]] && [[ "$(uname -m)" == "aarch64" ]]; then
+  echo "(⚠) Looks like you're running in a dev container on Apple Silicon."
+  echo "(⚠) This script builds linux/amd64 images which might take a long time or even fail."
+  export PLATFORM_FLAG="--platform linux/amd64"
+fi
+# shellcheck disable=SC2086
+# special case for PLATFORM_FLAG as it can't parse double quotes
+docker build ${PLATFORM_FLAG} --file Dockerfile --tag "${IMAGE_TAG}" .
+
+echo "Running container structure test for [ ${IMAGE_TAG} ]"
+
+# shellcheck disable=SC2086
+# special case for PLATFORM_FLAG as it can't parse double quotes
+docker run --rm ${PLATFORM_FLAG} \
+  --volume /var/run/docker.sock:/var/run/docker.sock \
+  --volume "${PWD}:/workspace" \
+  --workdir /workspace \
+  "${CONTAINER_STRUCTURE_TEST_IMAGE}" \
+  test --image "${IMAGE_TAG}" --config "/workspace/test/container-structure-test.yml"

test/container-structure-test.yml

@@ -0,0 +1,8 @@
+---
+schemaVersion: 2.0.0
+
+commandTests:
+  - name: "aws"
+    command: "aws"
+    args: ["--version"]
+    expectedOutput: ["aws-cli/2.15.23.*"]