Improve build scripts and documentation

felixhammerl · Mar 15, 2024 · b428c4c · b428c4c
1 parent 842b0f6
commit b428c4c
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 12 deletions.
diff --git a/Makefile b/Makefile
@@ -32,14 +32,14 @@ test-unit:
 
 docker:
 	cd infra && terraform init -input=false -backend-config=../backend.hcl
-	/bin/bash scripts/build-docker.sh scan
+	/bin/bash scripts/build-docker.sh steps/scan --repository "$$(cd infra && terraform output -raw scan-repo)"
 
 python:
 	cd infra && terraform init -input=false -backend-config=../backend.hcl
-	/bin/bash scripts/build-python.sh steps/list --include-venv
+	/bin/bash scripts/build-python.sh steps/list
 	/bin/bash scripts/build-python.sh steps/gather --include-venv
 	/bin/bash scripts/build-python.sh steps/transform --include-venv
-	/bin/bash scripts/build-python.sh steps/invalidate --include-venv
+	/bin/bash scripts/build-python.sh steps/invalidate
 	/bin/bash scripts/build-python.sh edge/cloudfront
 
 terraform-plan:

diff --git a/README.md b/README.md
@@ -64,11 +64,17 @@ The files `infra/.tf-backend/backend.tfplan` and `infra/.tf-backend/backend.tfst
 
 This is the root of the infrastructure orchestration. Everything interesting has been packaged up into modules as far as possible.
 
+### `edge/cloudfront`
+
+This Lambda@Edge acts as the authorizer for the Cloudfront distribution. At the moment, this requires HTTP Basic Auth with username `username` and the password `password`. This is hardcoded and intended only as a placeholder. Feel free to replace this authorizer with whatever makes sense in your ecosystem, e.g. Cognito.
+
 ### `steps`
 
 Here are the AWS Lambda Functions and ECS tasks. This directory includes all the steps within the step function.
 
-* List: Python lambda that lists out the sub-accounts in the org.
-* Scan: ECS task that scans your infrastruture with Cloudsploit and writes the result to `s3://$S3_BUCKET/$DATE/$ACCOUNT.json`
+* `steps/list`: Python lambda that lists out the sub-accounts in the org.
+* `steps/scan`: ECS task that scans your infrastruture with Cloudsploit and writes the result to `s3://$S3_BUCKET/$DATE/$ACCOUNT.json`
+* `steps/gather`: Gathers each account's scan output and transforms them into a common data structure to `s3://$S3_BUCKET/$DATE/result.json`
+* `steps/transform`: Transforms the output from the `Gather` step into an HTML view in the website bucket.
+* `steps/invalidate`: Invalidates the Cloudfront distribution's cache to make space for a new document.
 
-If you have any suggestions about what to do with the scan data, please let me know.
diff --git a/scripts/build-docker.sh b/scripts/build-docker.sh
@@ -2,10 +2,31 @@
 
 set -Eeuo pipefail
 
-STEP=$1
-REPO="$(cd infra && terraform output -raw "$STEP"-repo)"
+print_usage () {
+    cat <<EOF
+Usage: $0 [TARGET] [options] Build the target container.
 
-cd "steps/$STEP" || exit
+Options:
+  -r, --repository [REPO] Indicates the desired container repository
+  -h, --help              Print usage
+EOF
+}
+
+if [ $# -lt 1 ] || [[ "$1" =~ ^-{1,2}(h$|help)$ ]]; then
+    print_usage; exit 1
+else
+    STEP="$1"; shift;
+    while [[ $# -gt 0 ]]; do
+        opt="$1"
+        shift;
+        case "$opt" in
+            "-r"|"--repository" ) REPO=$1; shift;;
+            *                   ) echo "ERROR: Invalid option: \""$opt"\"" >&2; print_usage; exit 1;;
+        esac
+    done
+fi
+
+cd "$STEP" || exit 1
 
 aws ecr get-login-password | docker login "$REPO" -u "AWS" --password-stdin
 

diff --git a/scripts/build-python.sh b/scripts/build-python.sh
@@ -2,10 +2,34 @@
 
 set -Eeuo pipefail
 
-FOLDER=$1
-INCLUDE_VENV="${2:-"no"}"
+INCLUDE_VENV=false
+
+print_usage () {
+    cat <<EOF
+Usage: $0 [TARGET] [options] Build the python target project
+
+Options:
+  -v, --include-venv    Indicates whether the venv should be included
+  -h, --help            Print usage
+EOF
+}
+
+if [ $# -lt 1 ] || [[ "$1" =~ ^-{1,2}(h$|help)$ ]]; then
+    print_usage; exit 1
+else
+    FOLDER="$1"; shift;
+    while [[ $# -gt 0 ]]; do
+        opt="$1"; shift;
+        case "$opt" in
+            "-v"|"--include-venv" ) INCLUDE_VENV=true;;
+            *                     ) echo "ERROR: Invalid option: \""$opt"\"" >&2; print_usage; exit 1;;
+        esac
+    done
+fi
+
 BUILD_DIR="$PWD/build/$FOLDER"
 SRC_DIR="$PWD/$FOLDER"
+
 export PIPENV_VENV_IN_PROJECT=true
 
 mkdir -p "$BUILD_DIR"
@@ -15,7 +39,7 @@ cp -r "$SRC_DIR/src" "$BUILD_DIR/src"
 cp -r "$SRC_DIR/Pipfile" "$BUILD_DIR/Pipfile"
 cp -r "$SRC_DIR/Pipfile.lock" "$BUILD_DIR/Pipfile.lock"
 
-if [ "$INCLUDE_VENV" == "--include-venv" ]; then
+if [ "$INCLUDE_VENV" == true ]; then
     echo "Creating deployment package ..."
     pipenv install
     cp -r "$BUILD_DIR"/.venv/lib/*/site-packages/* "$BUILD_DIR"