diff --git a/ansible/collections/bento/common/roles/build_auth/tasks/main.yml b/ansible/collections/bento/common/roles/build_auth/tasks/main.yml index 0ef4767b..34cafeae 100644 --- a/ansible/collections/bento/common/roles/build_auth/tasks/main.yml +++ b/ansible/collections/bento/common/roles/build_auth/tasks/main.yml @@ -4,7 +4,7 @@ args: ECR_REPO: "{{ container_registry_url }}" path: "{{ container_build_path }}" - dockerfile: "{{ dockerfile_path }}" + # dockerfile: "{{ dockerfile_path }}" pull: yes nocache: yes name: "{{ project_name }}-{{ container_name }}" diff --git a/ansible/collections/bento/common/roles/build_backend/tasks/main.yml b/ansible/collections/bento/common/roles/build_backend/tasks/main.yml index 3f5db23f..0357967f 100644 --- a/ansible/collections/bento/common/roles/build_backend/tasks/main.yml +++ b/ansible/collections/bento/common/roles/build_backend/tasks/main.yml @@ -2,65 +2,17 @@ # Backend Build ############################################################################################################################ -- name: remove the application_example.properties file - file: - path: "{{ workspace }}/src/main/resources/application_example.properties" - state: absent - - name: copy application.properties file to /src/main/resources/ template: src: "{{ workspace }}/src/main/resources/application.properties.j2" dest: "{{ workspace }}/src/main/resources/application.properties" -- name: create graphql directory in backend - file: - state: directory - path: "{{ workspace }}/src/main/resources/graphql" - -- name: create yaml directory in backend - file: - state: directory - path: "{{ workspace }}/src/main/resources/yaml" - -- name: copy schema from frontend to resources - template: - remote_src: yes - src: "{{item.src}}" - dest: "{{item.dest}}" - loop: - - { src: "{{ workspace }}/{{ project_name }}-frontend/graphql/{{ schema_file}}",dest: "{{ workspace }}/src/main/resources/graphql/{{ schema_file}}"} - - { src: "{{ workspace }}/{{ project_name }}-frontend/graphql/{{ public_schema_file}}",dest: "{{ workspace }}/src/main/resources/graphql/{{ public_schema_file}}"} - -- name: verify test queries file exists - stat: - path: "{{ workspace }}/{{ project_name }}-frontend/yaml/{{ test_queries_file }}" - register: test_queries - -- name: copy test queries from frontend to resources - template: - remote_src: yes - src: "{{ workspace }}/{{ project_name }}-frontend/yaml/{{ test_queries_file }}" - dest: "{{ workspace }}/src/main/resources/yaml/{{ test_queries_file }}" - when: test_queries.stat.exists - -- name: build springboot code - command: mvn package -DskipTests - args: - chdir: "{{ workspace }}" - -- name: copy Bento-0.0.1.war to ROOT.war - copy: - remote_src: yes - src: "{{ workspace }}/target/Bento-0.0.1.war" - dest: "{{ workspace }}/target/ROOT.war" - - name: build {{ project_name }}-{{ container_name }} image community.docker.docker_image: build: args: ECR_REPO: "{{ container_registry_url }}" - path: "{{ workspace }}" - dockerfile: "{{ dockerfile_path }}" + path: "{{ dockerfile_path | default(workspace) }}" pull: yes nocache: yes name: "{{ project_name }}-{{ container_name }}" @@ -71,9 +23,8 @@ - name: test image for vulnerabilities block: - - name: run trivy scanner on - #command: "trivy image --exit-code 1 --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}-{{ build_number }}" - command: "trivy image --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}" + - name: run trivy scanner on + command: "trivy image --timeout 15m --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}" register: vuln_results always: - name: echo vulnerability results @@ -89,10 +40,10 @@ push: yes source: local -- name: Add tag latest to {{ project_name }}-{{container_name}} image - community.docker.docker_image: - name: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:{{ image_version }}.{{build_number}}" - repository: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:latest" - force_tag: yes - push: yes - source: local +# - name: Add tag latest to {{ project_name }}-{{container_name}} image +# community.docker.docker_image: +# name: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:{{ image_version }}.{{build_number}}" +# repository: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:latest" +# force_tag: yes +# push: yes +# source: local diff --git a/ansible/collections/bento/common/roles/build_files/tasks/main.yml b/ansible/collections/bento/common/roles/build_files/tasks/main.yml index 0ef4767b..962fad5b 100644 --- a/ansible/collections/bento/common/roles/build_files/tasks/main.yml +++ b/ansible/collections/bento/common/roles/build_files/tasks/main.yml @@ -4,7 +4,6 @@ args: ECR_REPO: "{{ container_registry_url }}" path: "{{ container_build_path }}" - dockerfile: "{{ dockerfile_path }}" pull: yes nocache: yes name: "{{ project_name }}-{{ container_name }}" diff --git a/ansible/collections/bento/common/roles/build_frontend/tasks/main.yml b/ansible/collections/bento/common/roles/build_frontend/tasks/main.yml index a9bd4c08..5bf3a122 100644 --- a/ansible/collections/bento/common/roles/build_frontend/tasks/main.yml +++ b/ansible/collections/bento/common/roles/build_frontend/tasks/main.yml @@ -1,56 +1,56 @@ -- name: create docker build directory - file: - path: "{{workspace}}/build" - state : directory +#- name: create docker build directory +# file: +# path: "{{workspace}}/build" +# state : directory -- name: copy nginx conf - copy: - remote_src: yes - src: '{{workspace}}/icdc-devops/docker/dockerfiles/nginx.conf' - dest: '{{workspace}}/build/nginx.conf' +#- name: copy nginx conf +# copy: +# remote_src: yes +# src: '{{workspace}}/icdc-devops/docker/dockerfiles/nginx.conf' +# dest: '{{workspace}}/build/nginx.conf' -- name: copy entrypoint.sh to workspace - copy: - src: "nginx-entrypoint.sh" - dest: "{{workspace}}/build/nginx-entrypoint.sh" - mode: 0755 +#- name: copy entrypoint.sh to workspace +# copy: +# src: "nginx-entrypoint.sh" +# dest: "{{workspace}}/build/nginx-entrypoint.sh" +# mode: 0755 -- name: run npm install in {{ workspace }}/{{ project_name }}-frontend/ - command: "{{ item }}" - args: - chdir: "{{ container_build_path }}" - warn: false - loop: - - npm set progress=false - - npm install --silent - - npm run build --silent +#- name: run npm install in {{ workspace }}/{{ project_name }}-frontend/ +# command: "{{ item }}" +# args: +# chdir: "{{ container_build_path }}" +# warn: false +# loop: +# - npm set progress=false +# - npm install --silent +# - npm run build --silent -- name: move dist from frontend to temp build - copy: - src: "{{ container_build_path }}/dist" - dest: "{{workspace}}/build" - remote_src: yes - directory_mode: yes +#- name: move dist from frontend to temp build +# copy: +# src: "{{ container_build_path }}/dist" +# dest: "{{workspace}}/build" +# remote_src: yes +# directory_mode: yes -- name: copy env to dist - copy: - src: inject.template.js - dest: "{{workspace}}/build/dist/inject.template.js" - mode: 0755 +#- name: copy env to dist +# copy: +# src: inject.template.js +# dest: "{{workspace}}/build/dist/inject.template.js" +# mode: 0755 -- name: copy docker file to build path - copy: - remote_src: yes - src: '{{ dockerfile_path }}' - dest: '{{workspace}}/build/Dockerfile' +#- name: copy docker file to build path +# copy: +# remote_src: yes +# src: '{{ dockerfile_path }}' +# dest: '{{workspace}}/build/Dockerfile' - name: build {{ project_name }}-{{container_name}} image community.docker.docker_image: build: args: ECR_REPO: "{{ container_registry_url }}" - path: "{{workspace}}/build" + path: "{{workspace}}/{{ project_name }}-{{ container_name }}" pull: yes # nocache: yes name: "{{ project_name }}-{{ container_name }}" @@ -61,16 +61,15 @@ environment: DOCKER_BUILDKIT: 1 -- name: test image for vulnerabilities - block: - - name: run trivy scanner on - #command: "trivy image --exit-code 1 --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}-{{ build_number }}" - command: "trivy image --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}" - register: vuln_results - always: - - name: echo vulnerability results - debug: - msg: "{{ vuln_results.stdout_lines }}" +#- name: test image for vulnerabilities +# block: +# - name: run trivy scanner on +# command: "trivy image --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}" +# register: vuln_results +# always: +# - name: echo vulnerability results +# debug: +# msg: "{{ vuln_results.stdout_lines }}" - name: debug debug: diff --git a/ansible/collections/bento/common/roles/ecs/tasks/main.yml b/ansible/collections/bento/common/roles/ecs/tasks/main.yml index 762ac9e9..37891aa3 100644 --- a/ansible/collections/bento/common/roles/ecs/tasks/main.yml +++ b/ansible/collections/bento/common/roles/ecs/tasks/main.yml @@ -33,6 +33,8 @@ value: "{{ newrelic_license_key }}" - name: "{{ container_name }}" essential: true + linuxParameters: + initProcessEnabled: true image: "{{ container_image_url }}:{{ image_version }}" environment: "{{ container_env }}" entryPoint: "{% if container_entrypoint is defined %}{{ container_entrypoint }}{% else %}[]{% endif %}" diff --git a/terraform/modules/opensearch/data.tf b/terraform/modules/opensearch/data.tf index c484724e..208b0e3e 100644 --- a/terraform/modules/opensearch/data.tf +++ b/terraform/modules/opensearch/data.tf @@ -15,8 +15,7 @@ data "aws_iam_policy_document" "os" { identifiers = ["es.amazonaws.com"] } resources = [ - aws_cloudwatch_log_group.os.arn, - "${aws_cloudwatch_log_group.os.arn}:*" + "${aws_cloudwatch_log_group.os.arn}:*:*:*" ] } -} +} \ No newline at end of file