Pull Request to Merge hotfix into main

src/jobs/check-docker-semver.yml

@@ -19,9 +19,14 @@ parameters:
     default: "cyber4all"
     description: |
       The name of the docker organization
+  docker-image:
+    type: string
+    default: "cimg/go:1.18"
+    description: |
+      The docker image that will be used as an executor
 
 docker:
-  - image: cimg/go:1.18
+  - image: <<parameters.docker-image>>
 
 steps:
   - checkout

src/jobs/deploy-eb.yml

@@ -78,22 +78,24 @@ steps:
           echo 'Either "isNode" or "isDocker" must be true.'
           exit 1
         fi
-  - aws-eb/setup
+  - run:
+      name: Install AWS EB Cli
+      command: |
+        sudo apt update && sudo apt install -y python3-pip && sudo pip3 install awsebcli
+  - aws-cli/setup:
+      aws-access-key-id: <<parameters.aws-access-key-id>>
+      aws-secret-access-key: <<parameters.aws-secret-access-key>>
+      aws-region: <<parameters.aws-region>>
   - attach_workspace:
       at: .
   - run:
       name: Deploy to Elastic Beanstalk with docker platform
       command: |
-        eb init "<<parameters.application-name>>" --region "$AWS_DEFAULT_REGION" -p $EB_PARAM_PLATFORM
+        eb init "<<parameters.application-name>>" --region ${<<parameters.aws-region>>} -p $EB_PARAM_PLATFORM
         eb deploy "<<parameters.environment-name>>" --verbose --label "${CIRCLE_PROJECT_REPONAME}-v<<parameters.version>>"
   - slack/notify:
       event: fail
       template: basic_fail_1
   - slack/notify:
       event: pass
       custom: "<<include(message_templates/deploy_aws_success.json)>>"
-
-environment:
-  AWS_ACCESS_KEY_ID: "$<<parameters.aws-access-key-id>>"
-  AWS_SECRET_ACCESS_KEY: "$<<parameters.aws-secret-access-key>>"
-  AWS_DEFAULT_REGION: "$<<parameters.aws-region>>"

src/jobs/deploy-ecs.yml

@@ -17,9 +17,14 @@ parameters:
     description: |
       The short name or full ARN of the cluster that hosts the service.
   # Not Required Parameters
-  container-name:
+  docker-user-org:
     type: string
-    default: ''
+    default: 'cyber4all'
+    description: |
+      Name of the docker organization for the images
+  container-name:
+    type: env_var_name
+    default: ECS_CONTAINER_NAME
     description: |
       Name of the container name defined in the ecs task-definition
       (defaults to image-name)
@@ -109,14 +114,14 @@ steps:
       aws-secret-access-key: <<parameters.aws-secret-access-key>>
       aws-region: <<parameters.aws-region>>
   - aws-ecs/update-task-definition:
-      container-image-name-updates: "container=<<parameters.container-name>>,image-and-tag=<<parameters.image-name>>:<<parameters.tag>>"
+      container-image-name-updates: "container=${<<parameters.container-name>>},image-and-tag=<<parameters.docker-user-org>>/<<parameters.image-name>>:<<parameters.tag>>"
       family: <<parameters.family>>
   - when:
       condition: <<parameters.isService>>
       steps:
         - aws-ecs/update-service:
             cluster-name: <<parameters.cluster-name>>
-            family: <<parameters.family>>
+            family: <<parameters.image-name>>
             service-name: "$ECS_PARAM_SERVICE_NAME"
             skip-task-definition-registration: true
             verify-revision-is-deployed: true
@@ -129,5 +134,5 @@ steps:
 
 environment:
   ECS_PARAM_SERVICE_NAME: <<parameters.service-name>>
-  ECS_PARAM_CONTAINER_NAME: <<parameters.container-name>>
+  ECS_PARAM_CONTAINER_NAME: ${<<parameters.container-name>>}
   ECS_PARAM_FAMILY: <<parameters.family>>

src/jobs/deploy-lambda.yml

@@ -11,7 +11,7 @@ parameters:
       https://semver.org/spec/v2.0.0.html
   function-name:
     type: string
-    default: ''
+    default: FUNCTION_NAME
     description: |
       The name of the lambda function to be updated.
   # Optional Parameters with Defaults
@@ -27,6 +27,11 @@ parameters:
     description: |
       Set to True is build and sync changes with S3 and invalidate CF index.html.
       (defaults to false)
+  s3-bucket:
+    type: env_var_name
+    default: S3_BUCKET
+    description: |
+      S3 Bucket location for lamdba function
   aws-region:
     type: env_var_name
     default: AWS_REGION_N_VA
@@ -89,7 +94,7 @@ steps:
         - run:
             name: Update Lambda Function code
             command: >
-              aws lambda update-function-code --function-name <<parameters.function-name>> --zip-file fileb://./build.zip
+              aws lambda update-function-code --function-name <<parameters.function-name>> --zip-file fileb://./build.zip --s3-bucket <<parameters.s3-bucket>>
         - slack/notify:
             event: fail
             template: basic_fail_1

src/jobs/deploy-s3.yml

@@ -32,6 +32,11 @@ parameters:
     default: AWS_REGION_N_VA
     description: |
       Name of environment variable storing the AWS region
+  cloudfront-id:
+    type: env_var_name
+    default: CLOUDFRONT_ID
+    description: |
+      Name of the environment variable for the cloudfront id
   aws-access-key-id:
     type: env_var_name
     default: MACHINE_AWS_CF_AccessKey
@@ -84,8 +89,11 @@ steps:
       condition: <<parameters.deploy>>
       steps:
         - aws-s3/sync:
+            aws-access-key-id: << parameters.aws-access-key-id >>
+            aws-region: << parameters.aws-region >>
+            aws-secret-access-key: << parameters.aws-secret-access-key >>
             from: <<parameters.source>>
-            to: "s3://$AWS_S3_BUCKET"
+            to: "s3://$<<parameters.s3-bucket>>"
         - run:
             name: Invalidate index.html in CloudFront
             command: >
@@ -96,8 +104,3 @@ steps:
         - slack/notify:
             event: pass
             custom: "<<include(message_templates/deploy_aws_success.json)>>"
-environment:
-  AWS_ACCESS_KEY_ID: "$<<parameters.aws-access-key-id>>"
-  AWS_SECRET_ACCESS_KEY: "$<<parameters.aws-secret-access-key>>"
-  AWS_REGION: "${<<parameters.aws-region>>}"
-  AWS_S3_BUCKET: "${<<parameters.s3-bucket>>}"

src/jobs/scan-docker.yml

@@ -69,9 +69,14 @@ parameters:
     description: |
       Path of the dockerfile to be scanned
     type: string
+  docker-image:
+    default: "cimg/go:1.18"
+    description: |
+      Docker image name to use as executor
+    type: string
 
 docker:
-  - image: cimg/go:1.18
+  - image: <<parameters.docker-image>>
 
 steps:
   - checkout
@@ -104,51 +109,53 @@ steps:
   - run:
       name: Login to Snyk
       command: >
-        docker scan --login --token "$<<parameters.snyk-token>>" --accept-license
+        docker scan --login --token ${<<parameters.snyk-token>>} --accept-license
   - run:
       name: Scan Image
       command: |
-        echo 'export OUTPUT_FILENAME=$(date +%s)-<<parameters.image>>:<<parameters.tag>>' >> $BASH_ENV
+        OUTPUT_FILENAME=$(date +%s)-<<parameters.image>>:<<parameters.tag>>
 
         docker build -t <<parameters.organization>>/<<parameters.image>>:<<parameters.tag>> .
 
         docker scan --json \
           --accept-license \
           --severity=high \
           --file <<parameters.dockerfile-path>> \
-          <<parameters.organization>>/<<parameters.image>>:<<parameters.tag>> > "/tmp/$OUTPUT_FILENAME.json"
+          <<parameters.organization>>/<<parameters.image>>:<<parameters.tag>> > $OUTPUT_FILENAME.json
+
+        ls -al
+
+        cat $OUTPUT_FILENAME.json
 
-        apk add jq
+        sudo apt install jq
 
-        if jq -e '.[0].vulnerabilities == []' "/tmp/$OUTPUT_FILENAME.json" > /dev/null; then
-          cat /tmp/$OUTPUT_FILENAME.json
-          rm /tmp/$OUTPUT_FILENAME.json
+        if jq -e '.[0].vulnerabilities == []' "$OUTPUT_FILENAME.json" > /dev/null; then
+          cat $OUTPUT_FILENAME.json
+          rm $OUTPUT_FILENAME.json
           circleci-agent step halt
         fi
 
         docker scan \
           --accept-license \
           --severity=high \
           --file <<parameters.dockerfile-path>> \
-          <<parameters.organization>>/<<parameters.image>>:<<parameters.tag>> > "/tmp/$OUTPUT_FILENAME.txt"
-  - run:
-      name: Upload Files to S3
-      command: |
-        if [ -f <<parameters.image>>/${OUTPUT_FILENAME}.txt && -f <<parameters.image>>/${OUTPUT_FILENAME}.json ]; then
-          echo <<parameters.image>>/${OUTPUT_FILENAME}.txt
+          <<parameters.organization>>/<<parameters.image>>:<<parameters.tag>> > $OUTPUT_FILENAME.txt
+
+        if [ -f <<parameters.image>>/$OUTPUT_FILENAME.txt && -f <<parameters.image>>/$OUTPUT_FILENAME.json ]; then
+          echo <<parameters.image>>/$OUTPUT_FILENAME.txt
 
           aws s3api put-object \
-            --body "/tmp/${OUTPUT_FILENAME}.txt" \
+            --body "$OUTPUT_FILENAME.txt" \
             --bucket <<parameters.aws-s3-bucket>> \
-            --key "<<parameters.image>>/${OUTPUT_FILENAME}.txt"
+            --key "<<parameters.image>>/$OUTPUT_FILENAME.txt"
 
           aws s3api put-object \
-            --body "/tmp/${OUTPUT_FILENAME}.json" \
+            --body "$OUTPUT_FILENAME.json" \
             --bucket <<parameters.aws-s3-bucket>> \
-            --key "<<parameters.image>>/${OUTPUT_FILENAME}.json"
+            --key "<<parameters.image>>/$OUTPUT_FILENAME.json"
 
           S3_URL="https://s3.console.aws.amazon.com/s3/object/"
-          echo 'export S3_OBJECT_URL=${S3_URL}<<parameters.aws-s3-bucket>>?region=<<parameters.aws-region>>&prefix=<<parameters.image>>/${OUTPUT_FILENAME}.txt' >> $BASH_ENV
+          echo 'export S3_OBJECT_URL=${S3_URL}<<parameters.aws-s3-bucket>>?region=<<parameters.aws-region>>&prefix=<<parameters.image>>/$OUTPUT_FILENAME.txt' >> $BASH_ENV
         fi
   - slack/notify:
       event: fail