diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 33d1ac3..498902e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,7 +14,9 @@ jobs: - uses: actions/checkout@master - name: hadolint - uses: burdzwastaken/hadolint-action@master + uses: hadolint/hadolint-action@v1.5.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - HADOLINT_ACTION_DOCKERFILE_FOLDER: . \ No newline at end of file + HADOLINT_ACTION_DOCKERFILE_FOLDER: . + with: + ignore: 'DL3018' \ No newline at end of file diff --git a/.github/workflows/registry.yml b/.github/workflows/registry.yml index 189272d..bcb6336 100644 --- a/.github/workflows/registry.yml +++ b/.github/workflows/registry.yml @@ -1,4 +1,4 @@ -name: Publish Docker image +name: Build and Push Docker image on: push: @@ -6,9 +6,29 @@ on: - '*' jobs: - push_to_ecr: - name: Push Docker image to ECR + build: + name: Build runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Build and export + uses: docker/build-push-action@v2 + with: + context: . + tags: dnxsolutions/ecs-deploy:latest + outputs: type=docker,dest=/tmp/ecs-deploy.tar + - name: Upload artifact + uses: actions/upload-artifact@v2 + with: + name: ecs-deploy + path: /tmp/ecs-deploy.tar + ecr: + name: Push to ECR + runs-on: ubuntu-latest + needs: build container: dnxsolutions/aws:2.1.6-dnx1 steps: - name: Check out the repo @@ -22,15 +42,87 @@ jobs: - name: Get the tag id: get_tag run: echo ::set-output name=tag::${GITHUB_REF#refs/tags/} - - name: Build, tag, and push image to Amazon public ECR + - name: Download docker artifact + uses: actions/download-artifact@v2 + with: + name: ecs-deploy + path: /tmp + - name: Load, tag, and push image env: ECR_REGISTRY: public.ecr.aws - ECR_REPOSITORY: v9i6s3d6/ecs-deploy + ECR_REPOSITORY: dnxsolutions/ecs-deploy IMAGE_TAG: ${{ steps.get_tag.outputs.tag }} run: | apk add docker aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws - docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker load --input /tmp/ecs-deploy.tar + docker image ls -a + docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest + docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest + docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest \ No newline at end of file + + docker-hub: + name: Push to Docker Hub + runs-on: ubuntu-latest + needs: build + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DNX_DOCKERHUB_USERNAME }} + password: ${{ secrets.DNX_DOCKERHUB_TOKEN }} + - name: Get the tag + id: get_tag + run: echo ::set-output name=tag::${GITHUB_REF#refs/tags/} + - name: Download artifact + uses: actions/download-artifact@v2 + with: + name: ecs-deploy + path: /tmp + - name: Load, tag, and push image + env: + DOCKERHUB_REPOSITORY: dnxsolutions/ecs-deploy + IMAGE_TAG: ${{ steps.get_tag.outputs.tag }} + run: | + docker load --input /tmp/ecs-deploy.tar + docker image ls -a + docker push $DOCKERHUB_REPOSITORY:latest + docker tag $DOCKERHUB_REPOSITORY:latest $DOCKERHUB_REPOSITORY:$IMAGE_TAG + docker push $DOCKERHUB_REPOSITORY:$IMAGE_TAG + + ghcr: + name: Push to GitHub Registry + runs-on: ubuntu-latest + needs: build + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Get the tag + id: get_tag + run: echo ::set-output name=tag::${GITHUB_REF#refs/tags/} + - name: Download artifact + uses: actions/download-artifact@v2 + with: + name: ecs-deploy + path: /tmp + - name: Load, tag, and push image + env: + BASE_REPOSITORY: dnxsolutions/ecs-deploy + GHCR_REPOSITORY: ghcr.io/dnxlabs/ecs-deploy + IMAGE_TAG: ${{ steps.get_tag.outputs.tag }} + run: | + docker load --input /tmp/ecs-deploy.tar + docker image ls -a + docker tag $BASE_REPOSITORY:latest $GHCR_REPOSITORY:latest + docker push $GHCR_REPOSITORY:latest + docker tag $GHCR_REPOSITORY:latest $GHCR_REPOSITORY:$IMAGE_TAG + docker push $GHCR_REPOSITORY:$IMAGE_TAG \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 823e12b..a5f9cd0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ FROM dnxsolutions/aws:2.1.9-dnx1 -COPY src . +WORKDIR /work -RUN chmod +x *.sh *.py +COPY src . ENTRYPOINT [ "/bin/bash", "-c" ] -CMD [ "/work/deploy.sh" ] +CMD [ "/work/deploy.sh" ] \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e54a7fb --- /dev/null +++ b/Makefile @@ -0,0 +1,10 @@ +IMAGE_NAME ?= dnxsolutions/ecs-deploy:latest + +build: + docker build -t $(IMAGE_NAME) . + +shell: + docker run --rm -it --entrypoint=/bin/bash -v ~/.aws:/root/.aws -v $(PWD):/opt/app $(IMAGE_NAME) + +lint: + docker run --rm -i -v $(PWD)/hadolint.yaml:/.config/hadolint.yaml hadolint/hadolint < Dockerfile \ No newline at end of file diff --git a/hadolint.yaml b/hadolint.yaml new file mode 100644 index 0000000..5aaae2e --- /dev/null +++ b/hadolint.yaml @@ -0,0 +1,2 @@ +ignored: + - DL3018 \ No newline at end of file diff --git a/src/deploy-stop.sh b/src/deploy-stop.sh old mode 100644 new mode 100755 diff --git a/src/register-task-definition.sh b/src/register-task-definition.sh old mode 100644 new mode 100755 diff --git a/src/vulnerabilities-check.py b/src/vulnerabilities-check.py old mode 100644 new mode 100755