From 178fb7598734b6834b8fb837d922e5e7f5e17c2e Mon Sep 17 00:00:00 2001 From: gushu-learn <52877759+gushu-learn@users.noreply.github.com> Date: Sun, 14 Jul 2019 11:06:08 +0100 Subject: [PATCH 01/16] Update config.yml --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6845aa00..659e764b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,7 +3,7 @@ jobs: build: # Variable expansion in working_directory not supported at this time # You will need to modify the code below to reflect your github account/repo setup - working_directory: /go/src/github.com/Securing-DevOps/invoicer-chapter2 + working_directory: /go/src/github.com/gushu-learn/invoicer-chapter2 docker: - image: circleci/golang:1.10 steps: From ac1f665c7b1c1ffcf8b449f81c21a90b5e0d8175 Mon Sep 17 00:00:00 2001 From: Daniel Njawaya Date: Wed, 17 Jul 2019 04:54:37 +0100 Subject: [PATCH 02/16] added comment to circleci conf --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 659e764b..deb5d10e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -10,7 +10,7 @@ jobs: - checkout - setup_remote_docker - - run: + - run: name: Setup environment command: | gb="/src/github.com/${CIRCLE_PROJECT_USERNAME}"; @@ -26,13 +26,13 @@ jobs: EOF - run: mkdir -p "${GOPATH_BASE}" - run: mkdir -p "${GOPATH_HEAD}/bin" - + - run: name: Testing application command: | go test \ github.com/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME} - +# docker variables added circleCI project settings - deploy: command: | if [ "${CIRCLE_BRANCH}" == "master" ]; then From cecf762a0870604cf3a4aeb3b94f48ad69646fb8 Mon Sep 17 00:00:00 2001 From: gushu-learn Date: Sun, 15 Aug 2021 22:12:49 +0100 Subject: [PATCH 03/16] Undated Dockerfile --- Dockerfile | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7c151bcb..d787d679 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,8 @@ -FROM golang:latest -RUN addgroup --gid 10001 app -RUN adduser --gid 10001 --uid 10001 \ - --home /app --shell /sbin/nologin \ - --disabled-password app - -RUN mkdir /app/statics/ -ADD statics /app/statics/ - -COPY bin/invoicer /app/invoicer +FROM busybox:latest +RUN addgroup -g 10001 app && \ + adduser -G app -u 10001 \ + -D -h /app -s /sbin/nologin app +COPY bin/invoicer /bin/invoicer USER app EXPOSE 8080 -WORKDIR /app -ENTRYPOINT /app/invoicer +ENTRYPOINT /bin/invoicer \ No newline at end of file From 3d69bbed56215cc2b056d035749ec88474298e3d Mon Sep 17 00:00:00 2001 From: gushu Date: Sun, 21 Aug 2022 13:59:21 +0100 Subject: [PATCH 04/16] added commentary to circle config --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index deb5d10e..1420b57b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,10 +1,10 @@ version: 2 jobs: build: - # Variable expansion in working_directory not supported at this time - # You will need to modify the code below to reflect your github account/repo setup +# Configures a working directory to build the Docker container of the application working_directory: /go/src/github.com/gushu-learn/invoicer-chapter2 docker: +# Declares the environment the job will run on - image: circleci/golang:1.10 steps: - checkout From 30e1b9669ca005ff4842257f466e202db1e40831 Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 23 Aug 2022 09:33:24 +0100 Subject: [PATCH 05/16] reformated yamal file --- .circleci/config.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1420b57b..38c9a87c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,13 +4,12 @@ jobs: # Configures a working directory to build the Docker container of the application working_directory: /go/src/github.com/gushu-learn/invoicer-chapter2 docker: -# Declares the environment the job will run on - image: circleci/golang:1.10 steps: - checkout - setup_remote_docker - - run: + -- run: name: Setup environment command: | gb="/src/github.com/${CIRCLE_PROJECT_USERNAME}"; @@ -26,13 +25,12 @@ jobs: EOF - run: mkdir -p "${GOPATH_BASE}" - run: mkdir -p "${GOPATH_HEAD}/bin" - + - run: name: Testing application command: | go test \ github.com/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME} -# docker variables added circleCI project settings - deploy: command: | if [ "${CIRCLE_BRANCH}" == "master" ]; then @@ -45,4 +43,4 @@ jobs: docker images --no-trunc | awk '/^app/ {print $3}' | \ sudo tee $CIRCLE_ARTIFACTS/docker-image-shasum256.txt; docker push ${DOCKER_REPO}/${CIRCLE_PROJECT_REPONAME}; - fi + fi \ No newline at end of file From b75b260725a6025ae84ab5ecf290a72b1a3a453b Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 23 Aug 2022 09:49:16 +0100 Subject: [PATCH 06/16] fixed error in yaml --- .circleci/config.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 38c9a87c..ddb74c5d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,15 +1,16 @@ version: 2 jobs: build: -# Configures a working directory to build the Docker container of the application - working_directory: /go/src/github.com/gushu-learn/invoicer-chapter2 + # Variable expansion in working_directory not supported at this time + # You will need to modify the code below to reflect your github account/repo setup + working_directory: /go/src/github.com/gushu-learner/invoicer-chapter2 docker: - image: circleci/golang:1.10 steps: - checkout - setup_remote_docker - -- run: + - run: name: Setup environment command: | gb="/src/github.com/${CIRCLE_PROJECT_USERNAME}"; @@ -31,6 +32,7 @@ jobs: command: | go test \ github.com/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME} + - deploy: command: | if [ "${CIRCLE_BRANCH}" == "master" ]; then From b5b56b2b9bcb4963b35a7b4066a89f9d216ecf7a Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 23 Aug 2022 10:39:17 +0100 Subject: [PATCH 07/16] fixing broken CI build --- .circleci/config.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ddb74c5d..aec4fab3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,16 +1,16 @@ version: 2 jobs: build: - # Variable expansion in working_directory not supported at this time - # You will need to modify the code below to reflect your github account/repo setup - working_directory: /go/src/github.com/gushu-learner/invoicer-chapter2 +# Configures a working directory to build the Docker container of the application + working_directory: /go/src/github.com/gushu-learn/invoicer-chapter2 docker: +# Declares the environment the job will run on - image: circleci/golang:1.10 steps: - checkout - setup_remote_docker - - run: + - run: name: Setup environment command: | gb="/src/github.com/${CIRCLE_PROJECT_USERNAME}"; @@ -26,13 +26,13 @@ jobs: EOF - run: mkdir -p "${GOPATH_BASE}" - run: mkdir -p "${GOPATH_HEAD}/bin" - + - run: name: Testing application command: | go test \ github.com/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME} - +# docker variables added circleCI project settings - deploy: command: | if [ "${CIRCLE_BRANCH}" == "master" ]; then From 2ac39d8506780d47df5bc8b75e223cfafd8541ee Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 23 Aug 2022 11:41:48 +0100 Subject: [PATCH 08/16] Change to latest circle CI images --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index aec4fab3..4156863a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,7 +5,7 @@ jobs: working_directory: /go/src/github.com/gushu-learn/invoicer-chapter2 docker: # Declares the environment the job will run on - - image: circleci/golang:1.10 + - image: cimg/go:1.10 steps: - checkout - setup_remote_docker From 61fa4bcea440d6abc2dfb2322888b72054abb45e Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 23 Aug 2022 11:51:37 +0100 Subject: [PATCH 09/16] Revert "Change to latest circle CI images" This reverts commit 2ac39d8506780d47df5bc8b75e223cfafd8541ee. --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4156863a..aec4fab3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,7 +5,7 @@ jobs: working_directory: /go/src/github.com/gushu-learn/invoicer-chapter2 docker: # Declares the environment the job will run on - - image: cimg/go:1.10 + - image: circleci/golang:1.10 steps: - checkout - setup_remote_docker From 26bf2f730dec634b86af577f8244f9397e8c1fe5 Mon Sep 17 00:00:00 2001 From: gushu Date: Sat, 27 Aug 2022 12:46:39 +0100 Subject: [PATCH 10/16] added ebs options --- ebs-options.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ebs-options.json b/ebs-options.json index d968eed3..51bb0f27 100644 --- a/ebs-options.json +++ b/ebs-options.json @@ -12,7 +12,7 @@ { "Namespace": "aws:elasticbeanstalk:application:environment", "OptionName": "INVOICER_POSTGRES_PASSWORD", - "Value": "POSTGRESPASSREPLACEME" + "Value": "0m3th1ngr4nd0Guessed100" }, { "Namespace": "aws:elasticbeanstalk:application:environment", @@ -22,11 +22,16 @@ { "Namespace": "aws:elasticbeanstalk:application:environment", "OptionName": "INVOICER_POSTGRES_HOST", - "Value": "POSTGRESHOSTREPLACEME" + "Value": "invoicer-db.cgld9hvsm7dd.eu-west-2.rds.amazonaws.com" }, { "Namespace": "aws:elasticbeanstalk:application:environment", "OptionName": "INVOICER_POSTGRES_SSLMODE", "Value": "disable" + }, + { + "Namespace": "aws:autoscaling:launchconfiguration", + "OptionName": "IamInstanceProfile", + "Value": "aws-elasticbeanstalk-ec2-role" } ] From 22420e38ea5cec3fc12c7525006d51723eb71973 Mon Sep 17 00:00:00 2001 From: gushu Date: Sun, 28 Aug 2022 07:48:45 +0100 Subject: [PATCH 11/16] updated create ebs script to pickup docker image, removed password from app-version json --- .gitignore | 1 + app-version.json | 2 +- create_ebs_env.sh | 9 +++++---- ebs-options.json | 2 +- version.go | 4 ++-- 5 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..c0363794 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +tmp/ \ No newline at end of file diff --git a/app-version.json b/app-version.json index 0793db2e..7acf06df 100644 --- a/app-version.json +++ b/app-version.json @@ -1,7 +1,7 @@ { "AWSEBDockerrunVersion": "1", "Image": { - "Name": "docker.io/securingdevops/invoicer", + "Name": "docker.io/gushu/invoicer-chapter2", "Update": "true" }, "Ports": [ diff --git a/create_ebs_env.sh b/create_ebs_env.sh index d9ca2df7..f853be22 100755 --- a/create_ebs_env.sh +++ b/create_ebs_env.sh @@ -10,7 +10,7 @@ fail() { exit 1 } -export AWS_DEFAULT_REGION=${AWS_REGION:-us-east-1} +export AWS_DEFAULT_REGION=${AWS_REGION:-eu-west-2} datetag=$(date +%Y%m%d%H%M) identifier=$(whoami)ivcr$datetag @@ -32,9 +32,11 @@ dbsg=$(jq -r '.GroupId' tmp/$identifier/dbsg.json) echo "DB security group is $dbsg" # Create the database -dbinstclass="db.t2.micro" +dbinstclass="db.t3.micro" dbstorage=5 dbpass=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null| tr -dc _A-Z-a-z-0-9) +#dbpass=$(openssl rand -base64 10) +echo "Password is $dbpass eom" aws rds create-db-instance \ --db-name invoicer \ --db-instance-identifier "$identifier" \ @@ -42,7 +44,6 @@ aws rds create-db-instance \ --allocated-storage "$dbstorage" \ --db-instance-class "$dbinstclass" \ --engine postgres \ - --engine-version 9.6.2 \ --auto-minor-version-upgrade \ --publicly-accessible \ --master-username invoicer \ @@ -77,7 +78,7 @@ echo "ElasticBeanTalk application created" # Get the name of the latest Docker solution stack dockerstack="$(aws elasticbeanstalk list-available-solution-stacks | \ - jq -r '.SolutionStacks[]' | grep -P '.+Amazon Linux.+running Docker.+' | head -1)" + jq -r '.SolutionStacks[]' | grep -P '.+Amazon Linux.+running Docker' | head -1)" # Create the EB API environment sed "s/POSTGRESPASSREPLACEME/$dbpass/" ebs-options.json > tmp/$identifier/ebs-options.json || fail diff --git a/ebs-options.json b/ebs-options.json index 51bb0f27..1c85ae79 100644 --- a/ebs-options.json +++ b/ebs-options.json @@ -12,7 +12,7 @@ { "Namespace": "aws:elasticbeanstalk:application:environment", "OptionName": "INVOICER_POSTGRES_PASSWORD", - "Value": "0m3th1ngr4nd0Guessed100" + "Value": "POSTGRESPASSREPLACEME" }, { "Namespace": "aws:elasticbeanstalk:application:environment", diff --git a/version.go b/version.go index 02ffd3ca..f5e12776 100644 --- a/version.go +++ b/version.go @@ -1,3 +1,3 @@ package main -const version = "20180614.0-92f47c3" -const commit = "92f47c3d3dd24e41c8b38adbb86b2407143c9dc9" +const version = "20220828.0-26bf2f7" +const commit = "26bf2f730dec634b86af577f8244f9397e8c1fe5" From e02af409d7ee5c71199920980b52262e89423bb6 Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 30 Aug 2022 11:29:26 +0100 Subject: [PATCH 12/16] Updated ebs options file --- ebs-options.json | 2 +- version.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ebs-options.json b/ebs-options.json index 1c85ae79..a3b291cf 100644 --- a/ebs-options.json +++ b/ebs-options.json @@ -22,7 +22,7 @@ { "Namespace": "aws:elasticbeanstalk:application:environment", "OptionName": "INVOICER_POSTGRES_HOST", - "Value": "invoicer-db.cgld9hvsm7dd.eu-west-2.rds.amazonaws.com" + "Value": "POSTGRESHOSTREPLACEME" }, { "Namespace": "aws:elasticbeanstalk:application:environment", diff --git a/version.go b/version.go index f5e12776..6ed2e8cf 100644 --- a/version.go +++ b/version.go @@ -1,3 +1,3 @@ package main -const version = "20220828.0-26bf2f7" -const commit = "26bf2f730dec634b86af577f8244f9397e8c1fe5" +const version = "20220830.0-22420e3" +const commit = "22420e38ea5cec3fc12c7525006d51723eb71973" From 30aeb293dd8254cd38ade3d8290dd897a9c62db4 Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 30 Aug 2022 11:34:24 +0100 Subject: [PATCH 13/16] Changed container image to securing devops invoicer --- app-version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-version.json b/app-version.json index 7acf06df..0793db2e 100644 --- a/app-version.json +++ b/app-version.json @@ -1,7 +1,7 @@ { "AWSEBDockerrunVersion": "1", "Image": { - "Name": "docker.io/gushu/invoicer-chapter2", + "Name": "docker.io/securingdevops/invoicer", "Update": "true" }, "Ports": [ From 5f7942d2a54ed8134dfa8c1438cdc8c431634b86 Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 30 Aug 2022 11:47:03 +0100 Subject: [PATCH 14/16] comment out autoscaling in ebs options --- ebs-options.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ebs-options.json b/ebs-options.json index a3b291cf..b0359f6a 100644 --- a/ebs-options.json +++ b/ebs-options.json @@ -29,9 +29,9 @@ "OptionName": "INVOICER_POSTGRES_SSLMODE", "Value": "disable" }, - { +/* { "Namespace": "aws:autoscaling:launchconfiguration", "OptionName": "IamInstanceProfile", "Value": "aws-elasticbeanstalk-ec2-role" - } + } */ ] From 26576018ef268b9389293d5169b3547eefffeb28 Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 30 Aug 2022 11:50:31 +0100 Subject: [PATCH 15/16] removed comments in JSAN, these are not permitted --- create_ebs_env.sh | 1 - ebs-options.json | 7 +------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/create_ebs_env.sh b/create_ebs_env.sh index f853be22..3eee1224 100755 --- a/create_ebs_env.sh +++ b/create_ebs_env.sh @@ -35,7 +35,6 @@ echo "DB security group is $dbsg" dbinstclass="db.t3.micro" dbstorage=5 dbpass=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null| tr -dc _A-Z-a-z-0-9) -#dbpass=$(openssl rand -base64 10) echo "Password is $dbpass eom" aws rds create-db-instance \ --db-name invoicer \ diff --git a/ebs-options.json b/ebs-options.json index b0359f6a..d968eed3 100644 --- a/ebs-options.json +++ b/ebs-options.json @@ -28,10 +28,5 @@ "Namespace": "aws:elasticbeanstalk:application:environment", "OptionName": "INVOICER_POSTGRES_SSLMODE", "Value": "disable" - }, -/* { - "Namespace": "aws:autoscaling:launchconfiguration", - "OptionName": "IamInstanceProfile", - "Value": "aws-elasticbeanstalk-ec2-role" - } */ + } ] From 5c5c2fd177c927abdc57a4471ccbe23ef60a89e4 Mon Sep 17 00:00:00 2001 From: gushu Date: Tue, 30 Aug 2022 12:54:55 +0100 Subject: [PATCH 16/16] IAMINSTANCEPROFILE is required now in ebs options else build fails. Added. --- ebs-options.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ebs-options.json b/ebs-options.json index d968eed3..738a67d0 100644 --- a/ebs-options.json +++ b/ebs-options.json @@ -28,5 +28,10 @@ "Namespace": "aws:elasticbeanstalk:application:environment", "OptionName": "INVOICER_POSTGRES_SSLMODE", "Value": "disable" + }, + { + "Namespace": "aws:autoscaling:launchconfiguration", + "OptionName": "IAMINSTANCEPROFILE", + "Value": "aws-elasticbeanstalk-ec2-role" } ]