Merge pull request #121 from cyber-dojo/infra-updates

Infra updates

.github/workflows/base_image_trigger.yml

@@ -18,19 +18,19 @@ jobs:
       - name: Outputs
         id: vars
         run: | 
-          echo "base_image=cyberdojo/sinatra-base:${{ inputs.base_image }}"  >> ${GITHUB_OUTPUT}
-          echo "kosli_trail=base-image-update-${{ inputs.base_image }}" >> ${GITHUB_OUTPUT}
+          echo "base_image=cyberdojo/sinatra-base:${{ inputs.base_image }}" >> ${GITHUB_OUTPUT}
+          echo "kosli_trail=base-image-update-${{ inputs.base_image }}"     >> ${GITHUB_OUTPUT}
       
 
   trigger:
     needs: [setup]
     uses: ./.github/workflows/main.yml
     with:
-      BASE_IMAGE: ${{ needs.setup.outputs.base_image }}
+      BASE_IMAGE:  ${{ needs.setup.outputs.base_image }}
       KOSLI_TRAIL: ${{ needs.setup.outputs.kosli_trail }}
     secrets:
-      DOCKER_USER: ${{ secrets.DOCKER_USER }}
-      DOCKER_PASS: ${{ secrets.DOCKER_PASS }}
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      DOCKER_USER:     ${{ secrets.DOCKER_USER }}
+      DOCKER_PASS:     ${{ secrets.DOCKER_PASS }}
+      SNYK_TOKEN:      ${{ secrets.SNYK_TOKEN }}
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
 

.github/workflows/commit_trigger.yml

@@ -25,11 +25,11 @@ jobs:
     needs: [get-base-image]
     uses: ./.github/workflows/main.yml
     with:
-      BASE_IMAGE: ${{ needs.get-base-image.outputs.base_image }}
+      BASE_IMAGE:  ${{ needs.get-base-image.outputs.base_image }}
       KOSLI_TRAIL: ${{ github.sha }}
     secrets:
-      DOCKER_USER: ${{ secrets.DOCKER_USER }}
-      DOCKER_PASS: ${{ secrets.DOCKER_PASS }}
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      DOCKER_USER:     ${{ secrets.DOCKER_USER }}
+      DOCKER_PASS:     ${{ secrets.DOCKER_PASS }}
+      SNYK_TOKEN:      ${{ secrets.SNYK_TOKEN }}
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
 

.gitignore

@@ -1,4 +1,9 @@
-/reports
 .DS_Store
+
+.env
+
+reports/*
+reports/.*
+
 snyk.container.scan.json
-snyk.code.scan.json
+snyk.code.scan.json

README.md

@@ -4,7 +4,7 @@
 - An HTTP [Ruby](https://www.ruby-lang.org) [Sinatra](http://sinatrarb.com/) web service, offering a Group/Kata model+persistence API.
 - Demonstrates a [Kosli](https://www.kosli.com/) instrumented [GitHub CI workflow](https://app.kosli.com/cyber-dojo/flows/saver-ci/trails/) 
   deploying, with Continuous Compliance, to [staging](https://app.kosli.com/cyber-dojo/environments/aws-beta/snapshots/) and [production](https://app.kosli.com/cyber-dojo/environments/aws-prod/snapshots/) AWS environments.
-- Uses patterns from https://www.kosli.com/blog/using-kosli-attest-in-github-action-workflows-some-tips/
+- Uses compliance reporting patterns from https://www.kosli.com/blog/using-kosli-attest-in-github-action-workflows-some-tips/
 
 # Development
 
@@ -61,10 +61,10 @@ $ make {metrics_coverage_server|metrics_coverage_client}
 
 ## Probe
 
-- [GET alive?](docs/api.md#get-alive)  
-- [GET ready?](docs/api.md#get-ready)
-- [GET sha](docs/api.md#get-sha)
-- [GET base_image](docs/api.md#get-base-image)
+* [GET alive?](docs/api.md#get-alive)  
+* [GET ready?](docs/api.md#get-ready)
+* [GET sha](docs/api.md#get-sha)
+* [GET base_image](docs/api.md#get-base-image)
 
 # Screenshots
 

bin/build_image.sh

@@ -13,8 +13,8 @@ show_help()
     Use: ${MY_NAME} {server|client}
 
     Options:
-      server  - build the server image
-      client  - build the client image
+      server  - build the server image (local only)
+      client  - build the client image (local and CI workflow)
 
 EOF
 }
@@ -27,6 +27,10 @@ check_args()
       exit 0
       ;;
     'server')
+      if [ -n "${CI:-}" ] ; then
+        stderr "In CI workflow - use docker/build-push-action@v6 GitHub Action"
+        exit 42
+      fi
       ;;
     'client')
       ;;
@@ -78,11 +82,11 @@ build_image()
   if [ "${type}" == 'server' ]; then
     # Create latest tag for image build cache
     docker tag "${image_name}" "${CYBER_DOJO_SAVER_IMAGE}:latest"
-    # Tag image-name for local development where savers name comes from echo-versioner-env-vars
+    # Tag image-name for local development where savers name comes from echo-env-vars
     docker tag "${image_name}" "${CYBER_DOJO_SAVER_IMAGE}:latest"
     echo "CYBER_DOJO_SAVER_SHA=${CYBER_DOJO_SAVER_SHA}"
     echo "CYBER_DOJO_SAVER_TAG=${CYBER_DOJO_SAVER_TAG}"
-    echo "${CYBER_DOJO_SAVER_IMAGE}:${CYBER_DOJO_SAVER_TAG}"
+    echo "${image_name}"
   fi
 }
 

bin/lib.sh

@@ -3,17 +3,26 @@ echo_base_image()
 {
   local -r json="$(curl --fail --silent --request GET https://beta.cyber-dojo.org/saver/base_image)"
   echo "${json}" | jq -r '.base_image'
+  #echo cyberdojo/sinatra-base:edb2887@sha256:d40099e71ac46310a58cea1640f5fb842dbaadc148e4973bfb8d2092516370a1
 }
 
 echo_env_vars()
 {
-  # --build-arg ...
+  # Setup port env-vars in .env file using versioner
+  local -r env_filename="${ROOT_DIR}/.env"
+  docker run --rm cyberdojo/versioner | grep PORT > "${env_filename}"
+  echo "CYBER_DOJO_SAVER_CLIENT_PORT=4538" >> "${env_filename}"
+
+  # Get identities of dependent services from versioner
+  # There are none
+
+  # Set env-vars for this repos runner service
   if [[ ! -v CYBER_DOJO_SAVER_BASE_IMAGE ]] ; then
-    echo CYBER_DOJO_SAVER_BASE_IMAGE="$(echo_base_image)"
+    echo CYBER_DOJO_SAVER_BASE_IMAGE="$(echo_base_image)"  # --build-arg
   fi
   if [[ ! -v COMMIT_SHA ]] ; then
     local -r sha="$(cd "${ROOT_DIR}" && git rev-parse HEAD)"
-    echo COMMIT_SHA="${sha}"
+    echo COMMIT_SHA="${sha}"  # --build-arg
   fi
 
   # From versioner ...
@@ -157,7 +166,7 @@ echo_warnings()
   # local -r SHADOW_WARNING="server.rb:(.*): warning: shadowing outer local variable - filename"
   # DOCKER_LOG=$(strip_known_warning "${DOCKER_LOG}" "${SHADOW_WARNING}")
 
-  if echo "${DOCKER_LOG}" | grep -q "warning" ; then
+  if echo "${DOCKER_LOG}" | grep --quiet "warning" ; then
     echo "Warnings in ${SERVICE_NAME} container"
     echo "${DOCKER_LOG}"
   fi