-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #791 from aws/kmalhar/docker-image-upload
chore: Add console app to upload Docker images to ECR
- Loading branch information
Showing
7 changed files
with
193 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| # Pushes Docker images created from the deploy tool's Dockerfile templates to an internal ECR so that they can be scanned for security vulnerabilities. | ||
| name: Upload Docker Images | ||
|
|
||
| on: | ||
| # Manually trigger on specific branches | ||
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| permissions: | ||
| id-token: write | ||
|
|
||
| jobs: | ||
| upload-docker-images: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 #v4 | ||
| with: | ||
| aws-region: us-west-2 | ||
| role-to-assume: ${{ secrets.DOCKER_IMAGE_UPLOADER_ROLE }} | ||
| role-duration-seconds: 1800 | ||
|
|
||
| - name: Checkout Repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Setup .NET Core 6.0 | ||
| uses: actions/setup-dotnet@v3 | ||
| with: | ||
| dotnet-version: 6.0.x | ||
|
|
||
| - name: Restore dependencies | ||
| run: dotnet restore | ||
|
|
||
| - name: Build | ||
| run: dotnet build --no-restore | ||
|
|
||
| - name: Run Docker Image Uploader | ||
| run: | | ||
| cd ./test/AWS.Deploy.DockerImageUploader | ||
| dotnet run --project ./AWS.Deploy.DockerImageUploader.csproj |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
test/AWS.Deploy.DockerImageUploader/AWS.Deploy.DockerImageUploader.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <Project Sdk="Microsoft.NET.Sdk"> | ||
|
|
||
| <PropertyGroup> | ||
| <OutputType>Exe</OutputType> | ||
| <TargetFramework>net6.0</TargetFramework> | ||
| <Nullable>enable</Nullable> | ||
| </PropertyGroup> | ||
|
|
||
| <ItemGroup> | ||
| <ProjectReference Include="..\..\src\AWS.Deploy.CLI\AWS.Deploy.CLI.csproj" /> | ||
| </ItemGroup> | ||
|
|
||
| </Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| using AWS.Deploy.Common.IO; | ||
| using AWS.Deploy.Common; | ||
| using Microsoft.Extensions.DependencyInjection; | ||
| using System.Reflection; | ||
| using System.Collections.Generic; | ||
| using System; | ||
| using System.Threading.Tasks; | ||
| using System.IO; | ||
|
|
||
| namespace AWS.Deploy.DockerImageUploader | ||
| { | ||
| /// <summary> | ||
| /// This serves as the dependency injection container for the console application. | ||
| /// </summary> | ||
| public class App | ||
| { | ||
| private readonly IFileManager _fileManager; | ||
| private readonly IDirectoryManager _directoryManager; | ||
| private readonly IProjectDefinitionParser _projectDefinitionParser; | ||
| private readonly CLI.App _deployToolCli; | ||
|
|
||
| private readonly List<string> _testApps = new() { "WebApiNET6", "ConsoleAppTask" }; | ||
|
|
||
| public App(IServiceProvider serviceProvider) | ||
| { | ||
| _projectDefinitionParser = serviceProvider.GetRequiredService<IProjectDefinitionParser>(); | ||
| _fileManager = serviceProvider.GetRequiredService<IFileManager>(); | ||
| _directoryManager = serviceProvider.GetRequiredService<IDirectoryManager>(); | ||
| _deployToolCli = serviceProvider.GetRequiredService<CLI.App>(); | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Generates Dockerfiles for test applications using | ||
| /// the <see href="https://github.com/aws/aws-dotnet-deploy/blob/main/src/AWS.Deploy.DockerEngine/Templates/Dockerfile.template">Dockerfile template</see>. | ||
| /// It will then build and push the images to Amazon ECR where they are continuously scanned for security vulnerabilities. | ||
| /// </summary> | ||
| public async Task Run() | ||
| { | ||
| foreach (var testApp in _testApps) | ||
| { | ||
| var projectPath = ResolvePath(testApp); | ||
| await CreateImageAndPushToECR(projectPath); | ||
| } | ||
| } | ||
|
|
||
| private async Task CreateImageAndPushToECR(string projectPath) | ||
| { | ||
| var projectDefinition = await _projectDefinitionParser.Parse(projectPath); | ||
|
|
||
| var dockerEngine = new DockerEngine.DockerEngine(projectDefinition, _fileManager, _directoryManager); | ||
| dockerEngine.GenerateDockerFile(); | ||
|
|
||
| var configFilePath = Path.Combine(projectPath, "DockerImageUploaderConfigFile.json"); | ||
| var deployArgs = new[] { "deploy", "--project-path", projectPath, "--diagnostics", "--apply", configFilePath, "--silent" }; | ||
| await _deployToolCli.Run(deployArgs); | ||
| } | ||
|
|
||
| private string ResolvePath(string projectName) | ||
| { | ||
| const string testDir = "test"; | ||
| var testDirPath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); | ||
| while (testDirPath != null && !string.Equals(new DirectoryInfo(testDirPath).Name, testDir, StringComparison.OrdinalIgnoreCase)) | ||
| { | ||
| testDirPath = Directory.GetParent(testDirPath)?.FullName; | ||
| } | ||
|
|
||
| if (string.IsNullOrEmpty(testDirPath)) | ||
| { | ||
| throw new Exception($"Failed to find path to '{testDir}' directory."); | ||
| } | ||
|
|
||
| return Path.Combine(testDirPath, "..", "testapps", projectName); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| using Microsoft.Extensions.DependencyInjection; | ||
| using AWS.Deploy.CLI.Extensions; | ||
| using System.Threading.Tasks; | ||
| using System; | ||
|
|
||
| namespace AWS.Deploy.DockerImageUploader | ||
| { | ||
| /// <summary> | ||
| /// This console app generates a docker file for a .NET console application and a web application via | ||
| /// the <see href="https://github.com/aws/aws-dotnet-deploy/blob/main/src/AWS.Deploy.DockerEngine/Templates/Dockerfile.template">Dockerfile template</see>. | ||
| /// It will then build and push the images to Amazon ECR where they are continuously scanned for security vulnerabilities. | ||
| /// </summary> | ||
| internal class Program | ||
| { | ||
| public static async Task Main(string[] args) | ||
| { | ||
| var serviceCollection = new ServiceCollection(); | ||
|
|
||
| serviceCollection.AddCustomServices(); | ||
| serviceCollection.AddSingleton<App>(); | ||
|
|
||
| var serviceProvider = serviceCollection.BuildServiceProvider(); | ||
|
|
||
| var app = serviceProvider.GetService<App>(); | ||
| if (app == null) | ||
| { | ||
| throw new Exception("App dependencies aren't injected correctly." + | ||
| " Verify that all the required dependencies to instantiate DockerImageUploader are present."); | ||
| } | ||
|
|
||
| await app.Run(); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| { | ||
| "RecipeId": "PushContainerImageEcr", | ||
| "settings": { | ||
| "ImageTag": "latest", | ||
| "ECRRepositoryName": "deploytool-consoleapp" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| { | ||
| "RecipeId": "PushContainerImageEcr", | ||
| "settings": { | ||
| "ImageTag": "latest", | ||
| "ECRRepositoryName": "deploytool-webapp" | ||
| } | ||
| } |