diff --git a/.circleci/config.yml b/.circleci/config.yml index 6845aa00..aec4fab3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,16 +1,16 @@ version: 2 jobs: build: - # Variable expansion in working_directory not supported at this time - # You will need to modify the code below to reflect your github account/repo setup - working_directory: /go/src/github.com/Securing-DevOps/invoicer-chapter2 +# Configures a working directory to build the Docker container of the application + working_directory: /go/src/github.com/gushu-learn/invoicer-chapter2 docker: +# Declares the environment the job will run on - image: circleci/golang:1.10 steps: - checkout - setup_remote_docker - - run: + - run: name: Setup environment command: | gb="/src/github.com/${CIRCLE_PROJECT_USERNAME}"; @@ -26,13 +26,13 @@ jobs: EOF - run: mkdir -p "${GOPATH_BASE}" - run: mkdir -p "${GOPATH_HEAD}/bin" - + - run: name: Testing application command: | go test \ github.com/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME} - +# docker variables added circleCI project settings - deploy: command: | if [ "${CIRCLE_BRANCH}" == "master" ]; then @@ -45,4 +45,4 @@ jobs: docker images --no-trunc | awk '/^app/ {print $3}' | \ sudo tee $CIRCLE_ARTIFACTS/docker-image-shasum256.txt; docker push ${DOCKER_REPO}/${CIRCLE_PROJECT_REPONAME}; - fi + fi \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..c0363794 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +tmp/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 7c151bcb..d787d679 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,8 @@ -FROM golang:latest -RUN addgroup --gid 10001 app -RUN adduser --gid 10001 --uid 10001 \ - --home /app --shell /sbin/nologin \ - --disabled-password app - -RUN mkdir /app/statics/ -ADD statics /app/statics/ - -COPY bin/invoicer /app/invoicer +FROM busybox:latest +RUN addgroup -g 10001 app && \ + adduser -G app -u 10001 \ + -D -h /app -s /sbin/nologin app +COPY bin/invoicer /bin/invoicer USER app EXPOSE 8080 -WORKDIR /app -ENTRYPOINT /app/invoicer +ENTRYPOINT /bin/invoicer \ No newline at end of file diff --git a/create_ebs_env.sh b/create_ebs_env.sh index d9ca2df7..3eee1224 100755 --- a/create_ebs_env.sh +++ b/create_ebs_env.sh @@ -10,7 +10,7 @@ fail() { exit 1 } -export AWS_DEFAULT_REGION=${AWS_REGION:-us-east-1} +export AWS_DEFAULT_REGION=${AWS_REGION:-eu-west-2} datetag=$(date +%Y%m%d%H%M) identifier=$(whoami)ivcr$datetag @@ -32,9 +32,10 @@ dbsg=$(jq -r '.GroupId' tmp/$identifier/dbsg.json) echo "DB security group is $dbsg" # Create the database -dbinstclass="db.t2.micro" +dbinstclass="db.t3.micro" dbstorage=5 dbpass=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null| tr -dc _A-Z-a-z-0-9) +echo "Password is $dbpass eom" aws rds create-db-instance \ --db-name invoicer \ --db-instance-identifier "$identifier" \ @@ -42,7 +43,6 @@ aws rds create-db-instance \ --allocated-storage "$dbstorage" \ --db-instance-class "$dbinstclass" \ --engine postgres \ - --engine-version 9.6.2 \ --auto-minor-version-upgrade \ --publicly-accessible \ --master-username invoicer \ @@ -77,7 +77,7 @@ echo "ElasticBeanTalk application created" # Get the name of the latest Docker solution stack dockerstack="$(aws elasticbeanstalk list-available-solution-stacks | \ - jq -r '.SolutionStacks[]' | grep -P '.+Amazon Linux.+running Docker.+' | head -1)" + jq -r '.SolutionStacks[]' | grep -P '.+Amazon Linux.+running Docker' | head -1)" # Create the EB API environment sed "s/POSTGRESPASSREPLACEME/$dbpass/" ebs-options.json > tmp/$identifier/ebs-options.json || fail diff --git a/ebs-options.json b/ebs-options.json index d968eed3..738a67d0 100644 --- a/ebs-options.json +++ b/ebs-options.json @@ -28,5 +28,10 @@ "Namespace": "aws:elasticbeanstalk:application:environment", "OptionName": "INVOICER_POSTGRES_SSLMODE", "Value": "disable" + }, + { + "Namespace": "aws:autoscaling:launchconfiguration", + "OptionName": "IAMINSTANCEPROFILE", + "Value": "aws-elasticbeanstalk-ec2-role" } ] diff --git a/version.go b/version.go index 02ffd3ca..6ed2e8cf 100644 --- a/version.go +++ b/version.go @@ -1,3 +1,3 @@ package main -const version = "20180614.0-92f47c3" -const commit = "92f47c3d3dd24e41c8b38adbb86b2407143c9dc9" +const version = "20220830.0-22420e3" +const commit = "22420e38ea5cec3fc12c7525006d51723eb71973"