CBIIT · vdonkor · Oct 5, 2022 · Jan 25, 2023 · Mar 24, 2023 · Mar 24, 2023
diff --git a/ansible/collections/bento/common/roles/build_auth/tasks/main.yml b/ansible/collections/bento/common/roles/build_auth/tasks/main.yml
@@ -4,7 +4,7 @@
       args:
         ECR_REPO: "{{ container_registry_url }}"
       path: "{{ container_build_path }}"
-      dockerfile: "{{ dockerfile_path }}"
+      # dockerfile: "{{ dockerfile_path }}"
       pull: yes
       nocache: yes
     name: "{{ project_name }}-{{ container_name }}"

diff --git a/ansible/collections/bento/common/roles/build_backend/tasks/main.yml b/ansible/collections/bento/common/roles/build_backend/tasks/main.yml
@@ -2,65 +2,17 @@
 #     Backend Build
 ############################################################################################################################
 
-- name: remove the application_example.properties file
-  file:
-    path: "{{ workspace }}/src/main/resources/application_example.properties"
-    state: absent
-
 - name: copy application.properties file to /src/main/resources/
   template:
     src: "{{ workspace }}/src/main/resources/application.properties.j2"
     dest: "{{ workspace }}/src/main/resources/application.properties"
 
-- name: create graphql directory in backend
-  file:
-    state: directory
-    path: "{{ workspace }}/src/main/resources/graphql"
-
-- name: create yaml directory in backend
-  file:
-    state: directory
-    path: "{{ workspace }}/src/main/resources/yaml"
-
-- name: copy schema from frontend to resources
-  template:
-    remote_src: yes
-    src: "{{item.src}}"
-    dest: "{{item.dest}}"
-  loop:
-    - { src: "{{ workspace }}/{{ project_name }}-frontend/graphql/{{ schema_file}}",dest: "{{ workspace }}/src/main/resources/graphql/{{ schema_file}}"}
-    - { src: "{{ workspace }}/{{ project_name }}-frontend/graphql/{{ public_schema_file}}",dest: "{{ workspace }}/src/main/resources/graphql/{{ public_schema_file}}"}
-
-- name: verify test queries file exists
-  stat:
-    path: "{{ workspace }}/{{ project_name }}-frontend/yaml/{{ test_queries_file }}"
-  register: test_queries
-
-- name: copy test queries from frontend to resources
-  template:
-    remote_src: yes
-    src: "{{ workspace }}/{{ project_name }}-frontend/yaml/{{ test_queries_file }}"
-    dest: "{{ workspace }}/src/main/resources/yaml/{{ test_queries_file }}"
-  when: test_queries.stat.exists
-
-- name: build springboot code
-  command: mvn package -DskipTests
-  args:
-    chdir: "{{ workspace }}"
-
-- name: copy Bento-0.0.1.war to ROOT.war
-  copy:
-    remote_src: yes
-    src: "{{ workspace }}/target/Bento-0.0.1.war"
-    dest: "{{ workspace }}/target/ROOT.war"
-
 - name: build {{ project_name }}-{{ container_name }} image
   community.docker.docker_image:
     build:
       args:
         ECR_REPO: "{{ container_registry_url }}"
-      path: "{{ workspace }}"
-      dockerfile: "{{ dockerfile_path }}"
+      path: "{{ dockerfile_path | default(workspace) }}"
       pull: yes
       nocache: yes
     name: "{{ project_name }}-{{ container_name }}"
@@ -71,9 +23,8 @@
 
 - name: test image for vulnerabilities
   block:
-    - name: run trivy scanner on 
-      #command: "trivy image --exit-code 1 --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}-{{ build_number }}"
-      command: "trivy image --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"
+    - name: run trivy scanner on
+      command: "trivy image --timeout 15m --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"
       register: vuln_results
   always:
     - name: echo vulnerability results
@@ -89,10 +40,10 @@
     push: yes
     source: local
 
-- name: Add tag latest to {{ project_name }}-{{container_name}} image
-  community.docker.docker_image:
-    name: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:{{ image_version }}.{{build_number}}"
-    repository: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:latest"
-    force_tag: yes
-    push: yes
-    source: local
+# - name: Add tag latest to {{ project_name }}-{{container_name}} image
+#   community.docker.docker_image:
+#     name: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:{{ image_version }}.{{build_number}}"
+#     repository: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:latest"
+#     force_tag: yes
+#     push: yes
+#     source: local
diff --git a/ansible/collections/bento/common/roles/build_files/tasks/main.yml b/ansible/collections/bento/common/roles/build_files/tasks/main.yml
@@ -4,7 +4,6 @@
       args:
         ECR_REPO: "{{ container_registry_url }}"
       path: "{{ container_build_path }}"
-      dockerfile: "{{ dockerfile_path }}"
       pull: yes
       nocache: yes
     name: "{{ project_name }}-{{ container_name }}"

diff --git a/ansible/collections/bento/common/roles/build_frontend/tasks/main.yml b/ansible/collections/bento/common/roles/build_frontend/tasks/main.yml
@@ -1,56 +1,56 @@
-- name: create docker build directory
-  file: 
-    path: "{{workspace}}/build"
-    state : directory
+#- name: create docker build directory
+#  file:
+#    path: "{{workspace}}/build"
+#    state : directory
 
-- name: copy  nginx conf
-  copy:
-    remote_src: yes
-    src: '{{workspace}}/icdc-devops/docker/dockerfiles/nginx.conf'
-    dest: '{{workspace}}/build/nginx.conf'
+#- name: copy  nginx conf
+#  copy:
+#    remote_src: yes
+#    src: '{{workspace}}/icdc-devops/docker/dockerfiles/nginx.conf'
+#    dest: '{{workspace}}/build/nginx.conf'
 
-- name: copy entrypoint.sh to workspace
-  copy:
-    src: "nginx-entrypoint.sh"
-    dest: "{{workspace}}/build/nginx-entrypoint.sh"
-    mode: 0755
+#- name: copy entrypoint.sh to workspace
+#  copy:
+#    src: "nginx-entrypoint.sh"
+#    dest: "{{workspace}}/build/nginx-entrypoint.sh"
+#    mode: 0755
 
 
-- name: run npm install in {{ workspace }}/{{ project_name }}-frontend/
-  command: "{{ item }}"
-  args:
-    chdir: "{{ container_build_path }}"
-    warn: false
-  loop:
-    - npm set progress=false
-    - npm install --silent
-    - npm run build --silent
+#- name: run npm install in {{ workspace }}/{{ project_name }}-frontend/
+#  command: "{{ item }}"
+#  args:
+#    chdir: "{{ container_build_path }}"
+#    warn: false
+#  loop:
+#    - npm set progress=false
+#    - npm install --silent
+#    - npm run build --silent
 
-- name: move dist from frontend to temp build
-  copy: 
-    src: "{{ container_build_path }}/dist" 
-    dest: "{{workspace}}/build" 
-    remote_src: yes 
-    directory_mode: yes
+#- name: move dist from frontend to temp build
+#  copy:
+#    src: "{{ container_build_path }}/dist"
+#    dest: "{{workspace}}/build"
+#    remote_src: yes
+#    directory_mode: yes
 
-- name: copy env to dist
-  copy:
-    src: inject.template.js
-    dest: "{{workspace}}/build/dist/inject.template.js"
-    mode: 0755
+#- name: copy env to dist
+#  copy:
+#    src: inject.template.js
+#    dest: "{{workspace}}/build/dist/inject.template.js"
+#    mode: 0755
 
-- name: copy docker file to build path
-  copy:
-    remote_src: yes
-    src: '{{ dockerfile_path }}'
-    dest: '{{workspace}}/build/Dockerfile'
+#- name: copy docker file to build path
+#  copy:
+#    remote_src: yes
+#    src: '{{ dockerfile_path }}'
+#    dest: '{{workspace}}/build/Dockerfile'
 
 - name: build {{ project_name }}-{{container_name}} image
   community.docker.docker_image:
     build:
       args:
         ECR_REPO: "{{ container_registry_url }}"
-      path: "{{workspace}}/build"
+      path: "{{workspace}}/{{ project_name }}-{{ container_name }}"
       pull: yes
 #      nocache: yes
     name: "{{ project_name }}-{{ container_name }}"
@@ -61,16 +61,15 @@
   environment:
     DOCKER_BUILDKIT: 1
 
-- name: test image for vulnerabilities
-  block:
-    - name: run trivy scanner on 
-      #command: "trivy image --exit-code 1 --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}-{{ build_number }}"
-      command: "trivy image --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"
-      register: vuln_results
-  always:
-    - name: echo vulnerability results
-      debug:
-        msg: "{{ vuln_results.stdout_lines }}"
+#- name: test image for vulnerabilities
+#  block:
+#    - name: run trivy scanner on
+#      command: "trivy image --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"
+#      register: vuln_results
+#  always:
+#    - name: echo vulnerability results
+#      debug:
+#        msg: "{{ vuln_results.stdout_lines }}"
 
 - name: debug
   debug:

diff --git a/ansible/collections/bento/common/roles/ecs/tasks/main.yml b/ansible/collections/bento/common/roles/ecs/tasks/main.yml
@@ -33,6 +33,8 @@
             value: "{{ newrelic_license_key }}"
       - name: "{{ container_name }}"
         essential: true
+        linuxParameters:
+          initProcessEnabled: true
         image: "{{ container_image_url }}:{{ image_version }}"
         environment: "{{ container_env }}"
         entryPoint: "{% if container_entrypoint is defined %}{{ container_entrypoint }}{% else %}[]{% endif %}"

diff --git a/terraform/modules/opensearch/data.tf b/terraform/modules/opensearch/data.tf
@@ -15,8 +15,7 @@ data "aws_iam_policy_document" "os" {
       identifiers = ["es.amazonaws.com"]
     }
     resources = [
-      aws_cloudwatch_log_group.os.arn,
-      "${aws_cloudwatch_log_group.os.arn}:*"
+      "${aws_cloudwatch_log_group.os.arn}:*:*:*"
     ]
   }
-}
+}