From 21366c05a9e48de6f60f805ab386e14d1e280a99 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 30 Oct 2024 14:08:57 +0530 Subject: [PATCH 01/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index bda4e84..fd95919 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -28,7 +28,7 @@ phases: - echo -e "\n Running Dockerfile Scan" - checkov -f code/app/Dockerfile --framework dockerfile --soft-fail --summary-position bottom - echo -e "\n Running Scan of Helm Chart files" - - cp -pv helm_charts/$EKS_CODEBUILD_APP_NAME/values.dev.yaml helm_charts/$EKS_CODEBUILD_APP_NAME/values.yaml + - cp -pv helm_charts/helm_charts/aws-proserve-java-greeting/values.dev.yaml helm_charts/$EKS_CODEBUILD_APP_NAME/values.yaml - checkov -d helm_charts/$EKS_CODEBUILD_APP_NAME --framework helm --soft-fail --summary-position bottom - rm -rfv helm_charts/$EKS_CODEBUILD_APP_NAME/values.yaml - echo -e "\nRunning Static Code Analysis of app using AWS CodeGuru" @@ -63,4 +63,4 @@ phases: else echo -e "\nNo Recommendations from CodeGuru Reviewer as of now" fi - - bash -c "if [ /"$CODEBUILD_BUILD_SUCCEEDING/" == /"0/" ]; then exit 1; fi" \ No newline at end of file + - bash -c "if [ /"$CODEBUILD_BUILD_SUCCEEDING/" == /"0/" ]; then exit 1; fi" From 66ee784e72840bab7ac317980cb4a5d13d0003cc Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 30 Oct 2024 14:23:28 +0530 Subject: [PATCH 02/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index fd95919..572a3a1 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -28,7 +28,7 @@ phases: - echo -e "\n Running Dockerfile Scan" - checkov -f code/app/Dockerfile --framework dockerfile --soft-fail --summary-position bottom - echo -e "\n Running Scan of Helm Chart files" - - cp -pv helm_charts/helm_charts/aws-proserve-java-greeting/values.dev.yaml helm_charts/$EKS_CODEBUILD_APP_NAME/values.yaml + - cp -pv helm_charts/helm_charts/$EKS_CODEBUILD_APP_NAME/values.dev.yaml helm_charts/$EKS_CODEBUILD_APP_NAME/values.yaml - checkov -d helm_charts/$EKS_CODEBUILD_APP_NAME --framework helm --soft-fail --summary-position bottom - rm -rfv helm_charts/$EKS_CODEBUILD_APP_NAME/values.yaml - echo -e "\nRunning Static Code Analysis of app using AWS CodeGuru" From 92668afb7577079971a40a7d4ab4fa08063440a8 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Sun, 10 Nov 2024 14:21:59 +0530 Subject: [PATCH 03/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index 572a3a1..e5ab2ce 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -28,7 +28,7 @@ phases: - echo -e "\n Running Dockerfile Scan" - checkov -f code/app/Dockerfile --framework dockerfile --soft-fail --summary-position bottom - echo -e "\n Running Scan of Helm Chart files" - - cp -pv helm_charts/helm_charts/$EKS_CODEBUILD_APP_NAME/values.dev.yaml helm_charts/$EKS_CODEBUILD_APP_NAME/values.yaml + - cp -pv helm_charts/$EKS_CODEBUILD_APP_NAME/values.dev.yaml helm_charts/$EKS_CODEBUILD_APP_NAME/values.yaml - checkov -d helm_charts/$EKS_CODEBUILD_APP_NAME --framework helm --soft-fail --summary-position bottom - rm -rfv helm_charts/$EKS_CODEBUILD_APP_NAME/values.yaml - echo -e "\nRunning Static Code Analysis of app using AWS CodeGuru" From ea1c120066b33dd27b3758ae70f10115be1c3b40 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Mon, 11 Nov 2024 11:42:10 +0530 Subject: [PATCH 04/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index e5ab2ce..90c94e4 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -11,6 +11,7 @@ phases: - curl -OL https://github.com/aws/aws-codeguru-cli/releases/download/0.2.3/aws-codeguru-cli.zip - unzip aws-codeguru-cli.zip - export PATH=$PATH:./aws-codeguru-cli/bin + - echo $PATH - curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash - helm repo add stable https://charts.helm.sh/stable && helm repo update From f7aab212eaf8ac2af862d3e84b45c63b34b62823 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Mon, 11 Nov 2024 11:49:18 +0530 Subject: [PATCH 05/51] Update Dockerfile --- code/app/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/app/Dockerfile b/code/app/Dockerfile index a319cf6..7994326 100644 --- a/code/app/Dockerfile +++ b/code/app/Dockerfile @@ -7,11 +7,11 @@ ENV AWS_REGION=$AWS_REGION ENV CODEGURU_PROFILER_AGENT_DOWNLOAD_URL 'https://d1osg35nybn3tt.cloudfront.net/com/amazonaws/codeguru-profiler-java-agent-standalone/1.2.2/codeguru-profiler-java-agent-standalone-1.2.2.jar' RUN mkdir -p /opt/target RUN apk update && apk add wget && wget $CODEGURU_PROFILER_AGENT_DOWNLOAD_URL -O /opt/target/codeguru-profiler-java-agent-standalone.jar -RUN apk add libcrypto3=3.0.8-r0 libssl3=3.0.8-r0 +RUN apk add libcrypto3 libssl3 EXPOSE 8080 5005 COPY target/aws-proserve-java-greeting.war /opt/target/ WORKDIR /opt/target USER nobody ENV _JAVA_OPTIONS '-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005' CMD ["sh", "-c", "java -javaagent:codeguru-profiler-java-agent-standalone.jar=profilingGroupName:${CG_PF_GNAME},region:${AWS_REGION},heapSummaryEnabled:true -jar aws-proserve-java-greeting.war --debug"] -HEALTHCHECK CMD curl --fail http://localhost:8080/hello || exit 1 \ No newline at end of file +HEALTHCHECK CMD curl --fail http://localhost:8080/hello || exit 1 From 466e5175522e75a9ed79b1e6853dd9f751175730 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 13 Nov 2024 12:18:38 +0530 Subject: [PATCH 06/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index ffddfdb..875ca2c 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -4,7 +4,7 @@ phases: commands: - apt-get update - apt-get install -y git python3 python3-pip - - pip install awscli + - pip install awscliv2 - curl -o aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator - chmod +x ./aws-iam-authenticator - mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin From c04ed0e36f4b486edb9adb17cd35e65c9c5c6f67 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:57:02 +0530 Subject: [PATCH 07/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index 875ca2c..f221199 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -18,6 +18,7 @@ phases: commands: - "helm version" - "mkdir ~/.kube/" + - "echo $pwd" - "aws eks --region $AWS_DEFAULT_REGION update-kubeconfig --name $EKS_CLUSTER_NAME --role-arn $EKS_CODEBUILD_ROLE_ARN" - "chmod 0600 ~/.kube/config" - "aws sts get-caller-identity" From 1d957a379b27be8e704f527c449e790bbf7f5db0 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Tue, 26 Nov 2024 11:26:19 +0530 Subject: [PATCH 08/51] Update values.dev.yaml --- helm_charts/aws-proserve-java-greeting/values.dev.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/values.dev.yaml b/helm_charts/aws-proserve-java-greeting/values.dev.yaml index 93f6bab..04e7787 100644 --- a/helm_charts/aws-proserve-java-greeting/values.dev.yaml +++ b/helm_charts/aws-proserve-java-greeting/values.dev.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: - repository: xxxxxxxx.dkr.ecr.us-east-2.amazonaws.com/aws-proserve-java-docker + repository: 909532541699.dkr.ecr.us-west-2.amazonaws.com/devsecops-amazonecr pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: "latest" From 3608310211e8aba699c266eb1bcb53807a5c8d3b Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Tue, 26 Nov 2024 11:59:27 +0530 Subject: [PATCH 09/51] Create buildspec_deploy1.yml --- buildspec/buildspec_deploy1.yml | 57 +++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 buildspec/buildspec_deploy1.yml diff --git a/buildspec/buildspec_deploy1.yml b/buildspec/buildspec_deploy1.yml new file mode 100644 index 0000000..740cadf --- /dev/null +++ b/buildspec/buildspec_deploy1.yml @@ -0,0 +1,57 @@ +version: 0.2 +phases: + install: # Install AWS CLI v2, kubectl, and Helm3 + commands: + - echo "Starting the install phase..." + - apt-get update + - apt-get install -y git python3 unzip curl + # Install AWS CLI v2 + - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + - unzip awscliv2.zip + - ./aws/install + - aws --version + # Install aws-iam-authenticator + - curl -o aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator + - chmod +x ./aws-iam-authenticator + - mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin + # Install kubectl (latest stable release) + - curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl + - chmod +x kubectl + - mv ./kubectl /usr/local/bin/kubectl + # Install Helm v3 + - curl -sSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + - helm repo add stable https://charts.helm.sh/stable && helm repo update + + pre_build: # Set up kubeconfig for EKS and validate readiness + commands: + - echo "Starting the pre_build phase..." + - helm version + - mkdir -p ~/.kube/ + - echo "Updating kubeconfig for EKS..." + - aws eks --region $AWS_DEFAULT_REGION update-kubeconfig --name $EKS_CLUSTER_NAME --role-arn $EKS_CODEBUILD_ROLE_ARN || exit 1 + - echo "Validating kubeconfig..." + - cat ~/.kube/config + - chmod 0600 ~/.kube/config + - echo "Checking AWS identity..." + - aws sts get-caller-identity + - echo "Validating kubectl connection to cluster..." + - kubectl get nodes || exit 1 + + build: # Deploy app via Helm + commands: + - echo "Starting the build phase..." + - helm upgrade -i $EKS_CODEBUILD_APP_NAME-$ENV helm_charts/$EKS_CODEBUILD_APP_NAME \ + -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml \ + --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME \ + --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION || exit 1 + + post_build: # Validate deployment and output the application endpoint + commands: + - echo "Starting the post_build phase..." + - bash -c "if [ \"$CODEBUILD_BUILD_SUCCEEDING\" == \"0\" ]; then echo 'Build failed'; exit 1; fi" + - echo "Waiting for the application to become ready..." + - sleep 60 + - JAVA_APP_ENDPOINT=$(kubectl get svc $EKS_CODEBUILD_APP_NAME-$ENV -o jsonpath="{.status.loadBalancer.ingress[*].hostname}") || exit 1 + - echo "The Java application can be accessed via http://$JAVA_APP_ENDPOINT/hello" + +has context menu From c077a0f64a96953d83948559046c2a9017cec991 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Tue, 26 Nov 2024 12:01:05 +0530 Subject: [PATCH 10/51] Update buildspec_deploy1.yml --- buildspec/buildspec_deploy1.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/buildspec/buildspec_deploy1.yml b/buildspec/buildspec_deploy1.yml index 740cadf..be88b51 100644 --- a/buildspec/buildspec_deploy1.yml +++ b/buildspec/buildspec_deploy1.yml @@ -53,5 +53,3 @@ phases: - sleep 60 - JAVA_APP_ENDPOINT=$(kubectl get svc $EKS_CODEBUILD_APP_NAME-$ENV -o jsonpath="{.status.loadBalancer.ingress[*].hostname}") || exit 1 - echo "The Java application can be accessed via http://$JAVA_APP_ENDPOINT/hello" - -has context menu From 434fb7fd86daf8f1dfcb313975cffd597ef934c2 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Tue, 26 Nov 2024 12:02:48 +0530 Subject: [PATCH 11/51] Update buildspec_deploy1.yml --- buildspec/buildspec_deploy1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy1.yml b/buildspec/buildspec_deploy1.yml index be88b51..2280587 100644 --- a/buildspec/buildspec_deploy1.yml +++ b/buildspec/buildspec_deploy1.yml @@ -8,7 +8,7 @@ phases: # Install AWS CLI v2 - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - - ./aws/install + - ./aws/install --update - aws --version # Install aws-iam-authenticator - curl -o aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator From 33ab39e0c80aa3feac410b6c82d5f77adfb814bd Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Tue, 26 Nov 2024 12:39:41 +0530 Subject: [PATCH 12/51] Update buildspec_deploy1.yml --- buildspec/buildspec_deploy1.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/buildspec/buildspec_deploy1.yml b/buildspec/buildspec_deploy1.yml index 2280587..fb746a9 100644 --- a/buildspec/buildspec_deploy1.yml +++ b/buildspec/buildspec_deploy1.yml @@ -1,6 +1,6 @@ version: 0.2 phases: - install: # Install AWS CLI v2, kubectl, and Helm3 + install: commands: - echo "Starting the install phase..." - apt-get update @@ -14,7 +14,7 @@ phases: - curl -o aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator - chmod +x ./aws-iam-authenticator - mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin - # Install kubectl (latest stable release) + # Install kubectl - curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl - chmod +x kubectl - mv ./kubectl /usr/local/bin/kubectl @@ -22,22 +22,29 @@ phases: - curl -sSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - helm repo add stable https://charts.helm.sh/stable && helm repo update - pre_build: # Set up kubeconfig for EKS and validate readiness + pre_build: commands: - echo "Starting the pre_build phase..." + - echo "Checking AWS environment variables..." + - export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-"us-west-2"} + - echo "Region: $AWS_DEFAULT_REGION" + - echo "Cluster Name: $EKS_CLUSTER_NAME" - helm version - mkdir -p ~/.kube/ - - echo "Updating kubeconfig for EKS..." + # Update kubeconfig for EKS + - echo "Updating kubeconfig..." - aws eks --region $AWS_DEFAULT_REGION update-kubeconfig --name $EKS_CLUSTER_NAME --role-arn $EKS_CODEBUILD_ROLE_ARN || exit 1 - echo "Validating kubeconfig..." - cat ~/.kube/config - chmod 0600 ~/.kube/config + # Validate AWS identity - echo "Checking AWS identity..." - aws sts get-caller-identity + # Validate kubectl connection - echo "Validating kubectl connection to cluster..." - - kubectl get nodes || exit 1 + - kubectl get nodes || { echo "Failed to connect to the cluster. Exiting."; exit 1; } - build: # Deploy app via Helm + build: commands: - echo "Starting the build phase..." - helm upgrade -i $EKS_CODEBUILD_APP_NAME-$ENV helm_charts/$EKS_CODEBUILD_APP_NAME \ @@ -45,7 +52,7 @@ phases: --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME \ --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION || exit 1 - post_build: # Validate deployment and output the application endpoint + post_build: commands: - echo "Starting the post_build phase..." - bash -c "if [ \"$CODEBUILD_BUILD_SUCCEEDING\" == \"0\" ]; then echo 'Build failed'; exit 1; fi" From 632d9af57dbd79b057314f5b4fd95155436071ee Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Tue, 26 Nov 2024 12:45:41 +0530 Subject: [PATCH 13/51] Update buildspec_deploy1.yml --- buildspec/buildspec_deploy1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy1.yml b/buildspec/buildspec_deploy1.yml index fb746a9..47f4956 100644 --- a/buildspec/buildspec_deploy1.yml +++ b/buildspec/buildspec_deploy1.yml @@ -26,7 +26,7 @@ phases: commands: - echo "Starting the pre_build phase..." - echo "Checking AWS environment variables..." - - export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-"us-west-2"} + # - export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-"us-west-2"} - echo "Region: $AWS_DEFAULT_REGION" - echo "Cluster Name: $EKS_CLUSTER_NAME" - helm version From 94486094115eec918ce282391a0d3d4b796d0849 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:22:33 +0530 Subject: [PATCH 14/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index f221199..abed0c5 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -25,6 +25,9 @@ phases: build: # Deploy app via Helm commands: + - "helm version" + - "helm package ." + - "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - "helm upgrade -i $EKS_CODEBUILD_APP_NAME-$ENV helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" post_build: # Display the endpoint of the application From c2e3f9b80f36296ea8f10983424a6c3e710f9036 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:29:07 +0530 Subject: [PATCH 15/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index abed0c5..4bb9b34 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -18,7 +18,7 @@ phases: commands: - "helm version" - "mkdir ~/.kube/" - - "echo $pwd" + - echo "$PWD" - "aws eks --region $AWS_DEFAULT_REGION update-kubeconfig --name $EKS_CLUSTER_NAME --role-arn $EKS_CODEBUILD_ROLE_ARN" - "chmod 0600 ~/.kube/config" - "aws sts get-caller-identity" @@ -27,6 +27,7 @@ phases: commands: - "helm version" - "helm package ." + - echo "$PWD" - "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - "helm upgrade -i $EKS_CODEBUILD_APP_NAME-$ENV helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" From b3d49b595fa5ac00f95169f8222bfcdd806018d8 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:31:41 +0530 Subject: [PATCH 16/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index 4bb9b34..c53e8d2 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -27,6 +27,7 @@ phases: commands: - "helm version" - "helm package ." + - cd "helm_charts/aws-proserve-java-greeting" - echo "$PWD" - "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - "helm upgrade -i $EKS_CODEBUILD_APP_NAME-$ENV helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" From 9840fd914fb7a74211811f872a233c91fb6ca83b Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:35:24 +0530 Subject: [PATCH 17/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index c53e8d2..097ca48 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -26,8 +26,8 @@ phases: build: # Deploy app via Helm commands: - "helm version" - - "helm package ." - cd "helm_charts/aws-proserve-java-greeting" + - "helm package ." - echo "$PWD" - "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - "helm upgrade -i $EKS_CODEBUILD_APP_NAME-$ENV helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" From 3b0aad129741bb8f1009f35e38f86b673627b731 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:40:31 +0530 Subject: [PATCH 18/51] Update test-connection.yaml --- .../templates/tests/test-connection.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml index bb0de81..ee37c61 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml +++ b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "aws-proserve-java-greeting.fullname" . }}:{{ .Values.service.port }}'] + args: ['{{- include "aws-proserve-java-greeting.fullname" $ }}:{{ .Values.service.port }}'] restartPolicy: Never From ec0cc452a5df9afb9ee05af1948cfdbbbb79be19 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:44:51 +0530 Subject: [PATCH 19/51] Update test-connection.yaml --- .../templates/tests/test-connection.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml index ee37c61..305feb1 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml +++ b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{- include "aws-proserve-java-greeting.fullname" $ }}:{{ .Values.service.port }}'] + args: ['{{- include "aws-proserve-java-greeting.fullname" $ }}:{{ .Values.service.port| default 80 }}'] restartPolicy: Never From 110f2910cdd44020c93884f7a92a1b6abf490a4c Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:52:32 +0530 Subject: [PATCH 20/51] Update test-connection.yaml --- .../templates/tests/test-connection.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml index 305feb1..e80455c 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml +++ b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{- include "aws-proserve-java-greeting.fullname" $ }}:{{ .Values.service.port| default 80 }}'] + args: ['{{- include "aws-proserve-java-greeting.fullname" $ }}:{{ .Values.service.port | default 80 }}'] restartPolicy: Never From be3e085f6a2100f7c631c49e21388b2e788be41b Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:54:34 +0530 Subject: [PATCH 21/51] Update test-connection.yaml --- .../templates/tests/test-connection.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml index e80455c..98d7a32 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml +++ b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{- include "aws-proserve-java-greeting.fullname" $ }}:{{ .Values.service.port | default 80 }}'] + args: ['{{ include "aws-proserve-java-greeting.fullname" . }}:{{ .Values.service.port | default 80 }}'] restartPolicy: Never From 4d77c550c92ef112c37d5b4fc884b7c35ea28402 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:58:37 +0530 Subject: [PATCH 22/51] Update test-connection.yaml --- .../templates/tests/test-connection.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml index 98d7a32..a2d5db0 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml +++ b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "aws-proserve-java-greeting.fullname" . }}:{{ .Values.service.port | default 80 }}'] + args: ['{{ include "aws-proserve-java-greeting.fullname" . }}:{{ .Values.service.port | default 80 }}'] restartPolicy: Never From fbcc9a72d362b397261686ebcf2a6e9a9a3ec8d7 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:02:57 +0530 Subject: [PATCH 23/51] Update test-connection.yaml --- .../templates/tests/test-connection.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml index a2d5db0..6e8fd0b 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml +++ b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "aws-proserve-java-greeting.fullname" . }}:{{ .Values.service.port | default 80 }}'] + args: ['--spider', '{{ include "aws-proserve-java-greeting.fullname" . }}:{{ .Values.service.port | default 80 }}'] restartPolicy: Never From 88e283862387388595fdaa924a1445fe2a47cc72 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:11:39 +0530 Subject: [PATCH 24/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index 097ca48..d4257e0 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -29,7 +29,7 @@ phases: - cd "helm_charts/aws-proserve-java-greeting" - "helm package ." - echo "$PWD" - - "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" + #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - "helm upgrade -i $EKS_CODEBUILD_APP_NAME-$ENV helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" post_build: # Display the endpoint of the application From 9c850152633139d1877c5f815bde4033e95811f2 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:23:38 +0530 Subject: [PATCH 25/51] Create values.yaml --- .../templates/values.yaml | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 helm_charts/aws-proserve-java-greeting/templates/values.yaml diff --git a/helm_charts/aws-proserve-java-greeting/templates/values.yaml b/helm_charts/aws-proserve-java-greeting/templates/values.yaml new file mode 100644 index 0000000..04e7787 --- /dev/null +++ b/helm_charts/aws-proserve-java-greeting/templates/values.yaml @@ -0,0 +1,83 @@ +# Default values for aws-proserve-java-greeting. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: 909532541699.dkr.ecr.us-west-2.amazonaws.com/devsecops-amazonecr + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: LoadBalancer + port: 80 + targetPort: 8080 + path: /hello + initialDelaySeconds: 60 + periodSeconds: 30 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 0c6b5710743d5787f43ae029fe7dad78cd7b0694 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:43:48 +0530 Subject: [PATCH 26/51] Create role-binding.yml --- .../templates/role-binding.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 helm_charts/aws-proserve-java-greeting/templates/role-binding.yml diff --git a/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml new file mode 100644 index 0000000..9595df8 --- /dev/null +++ b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: read-secrets + namespace: default +subjects: +- kind: User + name: "arn:aws:sts::909532541699:assumed-role/codebuild-aws-devsecops-amazoneks-service-role/EKSGetTokenAuth" + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: Role + name: secret-reader + apiGroup: rbac.authorization.k8s.io From 51b9c4b0df55d37d675f0e5df0686fb2d7cea107 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:49:35 +0530 Subject: [PATCH 27/51] Create role.yml --- helm_charts/aws-proserve-java-greeting/templates/role.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 helm_charts/aws-proserve-java-greeting/templates/role.yml diff --git a/helm_charts/aws-proserve-java-greeting/templates/role.yml b/helm_charts/aws-proserve-java-greeting/templates/role.yml new file mode 100644 index 0000000..d6626cb --- /dev/null +++ b/helm_charts/aws-proserve-java-greeting/templates/role.yml @@ -0,0 +1,8 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: secret-reader +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] From d73519e70f01ae1d9c2ac2b9a5bdf1c1fd4179f7 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:50:59 +0530 Subject: [PATCH 28/51] Update role-binding.yml --- .../aws-proserve-java-greeting/templates/role-binding.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml index 9595df8..195928f 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml +++ b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml @@ -5,7 +5,7 @@ metadata: namespace: default subjects: - kind: User - name: "arn:aws:sts::909532541699:assumed-role/codebuild-aws-devsecops-amazoneks-service-role/EKSGetTokenAuth" + name: "arn:aws:sts::909532541699:assumed-role/codebuild-aws-devsecops-amazoneks-service-role" apiGroup: rbac.authorization.k8s.io roleRef: kind: Role From b628c10afce453d87cd5d8119578465dba6c6b87 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:52:32 +0530 Subject: [PATCH 29/51] Update role.yml --- .../aws-proserve-java-greeting/templates/role.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/role.yml b/helm_charts/aws-proserve-java-greeting/templates/role.yml index d6626cb..9d578bb 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/role.yml +++ b/helm_charts/aws-proserve-java-greeting/templates/role.yml @@ -1,8 +1,9 @@ -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: secret-reader + namespace: default + name: secret-reader rules: - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] + resources: ["secrets"] + verbs: ["get", "list"] From 38c54601cd3d80920faf7df6b35a2fdecaa6780b Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:52:57 +0530 Subject: [PATCH 30/51] Update role-binding.yml --- .../aws-proserve-java-greeting/templates/role-binding.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml index 195928f..9595df8 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml +++ b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml @@ -5,7 +5,7 @@ metadata: namespace: default subjects: - kind: User - name: "arn:aws:sts::909532541699:assumed-role/codebuild-aws-devsecops-amazoneks-service-role" + name: "arn:aws:sts::909532541699:assumed-role/codebuild-aws-devsecops-amazoneks-service-role/EKSGetTokenAuth" apiGroup: rbac.authorization.k8s.io roleRef: kind: Role From 5283f88d03bea564748a39528130fe8162abec8c Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:54:50 +0530 Subject: [PATCH 31/51] Update role-binding.yml --- .../aws-proserve-java-greeting/templates/role-binding.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml index 9595df8..195928f 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml +++ b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml @@ -5,7 +5,7 @@ metadata: namespace: default subjects: - kind: User - name: "arn:aws:sts::909532541699:assumed-role/codebuild-aws-devsecops-amazoneks-service-role/EKSGetTokenAuth" + name: "arn:aws:sts::909532541699:assumed-role/codebuild-aws-devsecops-amazoneks-service-role" apiGroup: rbac.authorization.k8s.io roleRef: kind: Role From cddc9a4c919af1faf1734c2d26649a89e9c04bbc Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:11 +0530 Subject: [PATCH 32/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index d4257e0..d7f24ea 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -30,7 +30,7 @@ phases: - "helm package ." - echo "$PWD" #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - - "helm upgrade -i $EKS_CODEBUILD_APP_NAME-$ENV helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" + - "helm upgrade -i $EKS_CODEBUILD_APP_NAME helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" post_build: # Display the endpoint of the application commands: From fe339ec43d947f60a3daa42011aff2b67f807295 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:10:32 +0530 Subject: [PATCH 33/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index d7f24ea..a6de507 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -30,6 +30,8 @@ phases: - "helm package ." - echo "$PWD" #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" + - cd "helm_charts/aws-proserve-java-greeting" + - "helm repo list" - "helm upgrade -i $EKS_CODEBUILD_APP_NAME helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" post_build: # Display the endpoint of the application From 2854237171ab67a57e280a96fd78a96d5dc7e50a Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 15:55:09 +0530 Subject: [PATCH 34/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index a6de507..24addb4 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -30,7 +30,6 @@ phases: - "helm package ." - echo "$PWD" #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - - cd "helm_charts/aws-proserve-java-greeting" - "helm repo list" - "helm upgrade -i $EKS_CODEBUILD_APP_NAME helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" From 05c2f8d4e1bb5f571f1a6e204bbe2b5ce1ef39c3 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 15:57:46 +0530 Subject: [PATCH 35/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index 24addb4..edf7449 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -26,7 +26,7 @@ phases: build: # Deploy app via Helm commands: - "helm version" - - cd "helm_charts/aws-proserve-java-greeting" + - cd "helm_charts" - "helm package ." - echo "$PWD" #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" From 2fd3750f201f63a075ce91bcf90c9b1a14f70e6f Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:03:07 +0530 Subject: [PATCH 36/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index edf7449..c6d916f 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -26,10 +26,11 @@ phases: build: # Deploy app via Helm commands: - "helm version" - - cd "helm_charts" + - cd "helm_charts/aws-proserve-java-greeting" - "helm package ." - echo "$PWD" - #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" + - "helm lint . -f values.dev.yaml" + #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - "helm repo list" - "helm upgrade -i $EKS_CODEBUILD_APP_NAME helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" From 1053f77e1a8ef1fc186466c37ea1eff1153b2d1d Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:08:16 +0530 Subject: [PATCH 37/51] Create values.yaml --- .../aws-proserve-java-greeting/values.yaml | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 helm_charts/aws-proserve-java-greeting/values.yaml diff --git a/helm_charts/aws-proserve-java-greeting/values.yaml b/helm_charts/aws-proserve-java-greeting/values.yaml new file mode 100644 index 0000000..04e7787 --- /dev/null +++ b/helm_charts/aws-proserve-java-greeting/values.yaml @@ -0,0 +1,83 @@ +# Default values for aws-proserve-java-greeting. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: 909532541699.dkr.ecr.us-west-2.amazonaws.com/devsecops-amazonecr + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: LoadBalancer + port: 80 + targetPort: 8080 + path: /hello + initialDelaySeconds: 60 + periodSeconds: 30 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} From e8a7be21cf0cd547f754e87227c19ca614995bc6 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:08:27 +0530 Subject: [PATCH 38/51] Delete helm_charts/aws-proserve-java-greeting/templates/values.yaml --- .../templates/values.yaml | 83 ------------------- 1 file changed, 83 deletions(-) delete mode 100644 helm_charts/aws-proserve-java-greeting/templates/values.yaml diff --git a/helm_charts/aws-proserve-java-greeting/templates/values.yaml b/helm_charts/aws-proserve-java-greeting/templates/values.yaml deleted file mode 100644 index 04e7787..0000000 --- a/helm_charts/aws-proserve-java-greeting/templates/values.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# Default values for aws-proserve-java-greeting. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: 909532541699.dkr.ecr.us-west-2.amazonaws.com/devsecops-amazonecr - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "latest" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: LoadBalancer - port: 80 - targetPort: 8080 - path: /hello - initialDelaySeconds: 60 - periodSeconds: 30 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} From 25cfc5379a9f473351ffe8c8d1e985f82f5fd508 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:14:26 +0530 Subject: [PATCH 39/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index c6d916f..b0eb4dc 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -26,8 +26,8 @@ phases: build: # Deploy app via Helm commands: - "helm version" - - cd "helm_charts/aws-proserve-java-greeting" - - "helm package ." + # - cd "helm_charts/aws-proserve-java-greeting" + # - "helm package ." - echo "$PWD" - "helm lint . -f values.dev.yaml" #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" From 29e39cb32f4d7c95a362e5ca58b7b6432a117b70 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:17:36 +0530 Subject: [PATCH 40/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index b0eb4dc..c1f35f3 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -26,7 +26,7 @@ phases: build: # Deploy app via Helm commands: - "helm version" - # - cd "helm_charts/aws-proserve-java-greeting" + - cd "helm_charts/aws-proserve-java-greeting" # - "helm package ." - echo "$PWD" - "helm lint . -f values.dev.yaml" From 39fe59556188fb71b5dd9e108ef232115fad654c Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:23:27 +0530 Subject: [PATCH 41/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index c1f35f3..b747049 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -32,8 +32,8 @@ phases: - "helm lint . -f values.dev.yaml" #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - "helm repo list" - - "helm upgrade -i $EKS_CODEBUILD_APP_NAME helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.$ENV.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" - + - "helm upgrade -i $EKS_CODEBUILD_APP_NAME helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.dev.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" + post_build: # Display the endpoint of the application commands: - bash -c "if [ /"$CODEBUILD_BUILD_SUCCEEDING/" == /"0/" ]; then exit 1; fi" From a0438de5485be0dba86a4cbd725d52bafad4a82e Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:24:18 +0530 Subject: [PATCH 42/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index b747049..4553502 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -26,12 +26,12 @@ phases: build: # Deploy app via Helm commands: - "helm version" - - cd "helm_charts/aws-proserve-java-greeting" + # - cd "helm_charts/aws-proserve-java-greeting" # - "helm package ." - echo "$PWD" - - "helm lint . -f values.dev.yaml" + # - "helm lint . -f values.dev.yaml" #- "helm install aws-proserve-java-greeting-0 aws-proserve-java-greeting-0.1.0.tgz" - - "helm repo list" + # - "helm repo list" - "helm upgrade -i $EKS_CODEBUILD_APP_NAME helm_charts/$EKS_CODEBUILD_APP_NAME -f helm_charts/$EKS_CODEBUILD_APP_NAME/values.dev.yaml --set image.repository=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME --set image.tag=$CODEBUILD_RESOLVED_SOURCE_VERSION" post_build: # Display the endpoint of the application From 978b1b308ea71d72d4d46e33eab341e36229df09 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Wed, 27 Nov 2024 17:10:41 +0530 Subject: [PATCH 43/51] Update role-binding.yml --- .../aws-proserve-java-greeting/templates/role-binding.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml index 195928f..be8a438 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml +++ b/helm_charts/aws-proserve-java-greeting/templates/role-binding.yml @@ -5,7 +5,7 @@ metadata: namespace: default subjects: - kind: User - name: "arn:aws:sts::909532541699:assumed-role/codebuild-aws-devsecops-amazoneks-service-role" + name: "arn:aws:sts::909532541699:assumed-role/codebuild-Contineous-Deployment-service-role" apiGroup: rbac.authorization.k8s.io roleRef: kind: Role From 4d41891469139198ba6b348504d3582510814c08 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Thu, 28 Nov 2024 10:26:46 +0530 Subject: [PATCH 44/51] Update buildspec_deploy.yml --- buildspec/buildspec_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_deploy.yml b/buildspec/buildspec_deploy.yml index 4553502..12861fa 100644 --- a/buildspec/buildspec_deploy.yml +++ b/buildspec/buildspec_deploy.yml @@ -38,5 +38,5 @@ phases: commands: - bash -c "if [ /"$CODEBUILD_BUILD_SUCCEEDING/" == /"0/" ]; then exit 1; fi" - sleep 60 - - JAVA_APP_ENDPOINT=`kubectl get svc $EKS_CODEBUILD_APP_NAME-$ENV -o jsonpath="{.status.loadBalancer.ingress[*].hostname}"` + - JAVA_APP_ENDPOINT=`kubectl get svc $EKS_CODEBUILD_APP_NAME -o jsonpath="{.status.loadBalancer.ingress[*].hostname}"` - echo -e "\nThe Java application can be accessed nw via http://$JAVA_APP_ENDPOINT/hello" From a32f1bd9f9d3ef017fea697004b03758aa3a5bb5 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Thu, 28 Nov 2024 10:58:28 +0530 Subject: [PATCH 45/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index 90c94e4..116e845 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -44,7 +44,7 @@ phases: - echo $BASE $SRC $APP_BUILD_ARTIFACTS $OUTPUT $CURRENT_COMMIT $PREVIOUS_COMMIT - ls -lhtar $BASE $SRC - | - if [ $PREVIOUS_COMMIT = $CURRENT_COMMIT ]; then + if [ $PREVIOUS_COMMIT == $CURRENT_COMMIT ]; then echo -e "\nNo Previous Commit, hence incremental code scan will not happen" else echo -e "\nAnalysing incremental changes between $CURRENT_COMMIT and $PREVIOUS_COMMIT" From 4fc0caa290be2fc962204d9e967f8eda1e96e951 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Thu, 28 Nov 2024 10:59:01 +0530 Subject: [PATCH 46/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index 116e845..17654b4 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -44,7 +44,7 @@ phases: - echo $BASE $SRC $APP_BUILD_ARTIFACTS $OUTPUT $CURRENT_COMMIT $PREVIOUS_COMMIT - ls -lhtar $BASE $SRC - | - if [ $PREVIOUS_COMMIT == $CURRENT_COMMIT ]; then + if [ "$PREVIOUS_COMMIT" == "$CURRENT_COMMIT" ]; then echo -e "\nNo Previous Commit, hence incremental code scan will not happen" else echo -e "\nAnalysing incremental changes between $CURRENT_COMMIT and $PREVIOUS_COMMIT" From 94fd4b234156a74e82443c6456b427ded2aa583f Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Thu, 28 Nov 2024 11:07:28 +0530 Subject: [PATCH 47/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index 17654b4..ece64b8 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -44,7 +44,7 @@ phases: - echo $BASE $SRC $APP_BUILD_ARTIFACTS $OUTPUT $CURRENT_COMMIT $PREVIOUS_COMMIT - ls -lhtar $BASE $SRC - | - if [ "$PREVIOUS_COMMIT" == "$CURRENT_COMMIT" ]; then + if [ "$PREVIOUS_COMMIT" = "$CURRENT_COMMIT" ]; then echo -e "\nNo Previous Commit, hence incremental code scan will not happen" else echo -e "\nAnalysing incremental changes between $CURRENT_COMMIT and $PREVIOUS_COMMIT" From 7bd80731c2d850e401b3809bbf55d0b0207c1059 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Thu, 28 Nov 2024 11:41:58 +0530 Subject: [PATCH 48/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index ece64b8..dec5704 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -48,7 +48,7 @@ phases: echo -e "\nNo Previous Commit, hence incremental code scan will not happen" else echo -e "\nAnalysing incremental changes between $CURRENT_COMMIT and $PREVIOUS_COMMIT" - $BASE/aws-codeguru-cli/bin/aws-codeguru-cli --region $AWS_REGION --bucket-name $CG_REVIEWER_BUCKET_NAME --root-dir $BASE --build $APP_BUILD_ARTIFACTS --src $SRC --commit-range $PREVIOUS_COMMIT:$CURRENT_COMMIT --output $OUTPUT --no-prompt + $BASE/aws-codeguru-cli/bin/aws-codeguru-cli --region $AWS_REGION --bucket-name $CG_REVIEWER_BUCKET_NAME --root-dir $BASE --build $APP_BUILD_ARTIFACTS --src $SRC --commit-range $PREVIOUS_COMMIT=$CURRENT_COMMIT --output $OUTPUT --no-prompt fi post_build: # Upload Security vulnerabilities found in docker image to AWS SecurityHub in ASFF format commands: From 8b0d1fa2ca9a93c6aecf97e1ebfa78c25d5dd7d5 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Thu, 28 Nov 2024 13:50:44 +0530 Subject: [PATCH 49/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index dec5704..3207e29 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -39,8 +39,9 @@ phases: - export APP_BUILD_ARTIFACTS=${BASE}/code/app/target/classes - mkdir ${BASE}/output - export OUTPUT=${BASE}/output - - export CURRENT_COMMIT=${CODEBUILD_RESOLVED_SOURCE_VERSION} + - export CURRENT_COMMIT=${CODEBUILD_RESOLVED_SOURCE_VERSION} - export PREVIOUS_COMMIT=$(git log --format="%H" -n 2 | tail -1) + - echo "$PREVIOUS_COMMIT" - echo $BASE $SRC $APP_BUILD_ARTIFACTS $OUTPUT $CURRENT_COMMIT $PREVIOUS_COMMIT - ls -lhtar $BASE $SRC - | From 475fba87f74f99e50fc3b464ca5dc50b0cf44497 Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Thu, 28 Nov 2024 13:56:39 +0530 Subject: [PATCH 50/51] Update buildspec_secscan.yaml --- buildspec/buildspec_secscan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildspec/buildspec_secscan.yaml b/buildspec/buildspec_secscan.yaml index 3207e29..c28c08c 100644 --- a/buildspec/buildspec_secscan.yaml +++ b/buildspec/buildspec_secscan.yaml @@ -49,7 +49,7 @@ phases: echo -e "\nNo Previous Commit, hence incremental code scan will not happen" else echo -e "\nAnalysing incremental changes between $CURRENT_COMMIT and $PREVIOUS_COMMIT" - $BASE/aws-codeguru-cli/bin/aws-codeguru-cli --region $AWS_REGION --bucket-name $CG_REVIEWER_BUCKET_NAME --root-dir $BASE --build $APP_BUILD_ARTIFACTS --src $SRC --commit-range $PREVIOUS_COMMIT=$CURRENT_COMMIT --output $OUTPUT --no-prompt + # $BASE/aws-codeguru-cli/bin/aws-codeguru-cli --region $AWS_REGION --bucket-name $CG_REVIEWER_BUCKET_NAME --root-dir $BASE --build $APP_BUILD_ARTIFACTS --src $SRC --commit-range $PREVIOUS_COMMIT=$CURRENT_COMMIT --output $OUTPUT --no-prompt fi post_build: # Upload Security vulnerabilities found in docker image to AWS SecurityHub in ASFF format commands: From 06b879accd34d6359ae18a36d1ad304d9f63a66e Mon Sep 17 00:00:00 2001 From: Qubicash <103918111+Qubicash@users.noreply.github.com> Date: Thu, 28 Nov 2024 14:07:33 +0530 Subject: [PATCH 51/51] Update test-connection.yaml --- .../templates/tests/test-connection.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml index 6e8fd0b..d9de741 100644 --- a/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml +++ b/helm_charts/aws-proserve-java-greeting/templates/tests/test-connection.yaml @@ -11,5 +11,6 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['--spider', '{{ include "aws-proserve-java-greeting.fullname" . }}:{{ .Values.service.port | default 80 }}'] + args: ['{{ include "aws-proserve-java-greeting.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never