diff --git a/README.md b/README.md index 528f5bd..906347c 100644 --- a/README.md +++ b/README.md @@ -329,9 +329,11 @@ Most docker-compose scripts in this project rely on AWS Elastic Container Registry (ECR) for publishing and loading custom docker images. To make use of ECR you must set up the following shell enviromnent vars: ``` +export UC3_ACCOUNT_ID=`get_ssm_value_by_name admintool/uc3account` export AWS_ACCOUNT_ID=`aws sts get-caller-identity| jq -r .Account` export AWS_REGION=us-west-2 -export ECR_REGISTRY=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com +# export ECR_REGISTRY=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com +export ECR_REGISTRY=${UC3_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com ``` You also must set up docker login credentials with our ECR instance. This diff --git a/bin/docker_environment.sh b/bin/docker_environment.sh index e0defa7..02b6c25 100644 --- a/bin/docker_environment.sh +++ b/bin/docker_environment.sh @@ -1,8 +1,10 @@ # Setup docker env vars # +export UC3_ACCOUNT_ID=`get_ssm_value_by_name admintool/uc3account` export AWS_ACCOUNT_ID=`aws sts get-caller-identity| jq -r .Account` export AWS_REGION=us-west-2 -export ECR_REGISTRY=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com +# export ECR_REGISTRY=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com +export ECR_REGISTRY=${UC3_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com export JAVA_HOME=/usr/lib/jvm/java-11-openjdk export PATH=$JAVA_HOME/bin:$HOME/bin:$PATH export RAILS_ENV=test diff --git a/bin/fresh_build.sh b/bin/fresh_build.sh index fcd495e..25625e8 100755 --- a/bin/fresh_build.sh +++ b/bin/fresh_build.sh @@ -179,8 +179,9 @@ build_image_push() { build_image $1 $2 "$3" if test_flag 'push' then - docker push --quiet $1 >> $LOGDOCKER 2>&1 - eval_jobstat $? "FAIL" "Docker push $1" + # disable docker push to main account ECR + # docker push --quiet $1 >> $LOGDOCKER 2>&1 + # eval_jobstat $? "FAIL" "Docker push $1" else echo " Image push disabled" >> $LOGSUM fi diff --git a/build-config.yml b/build-config.yml index 0f2ed4f..3c3ff83 100644 --- a/build-config.yml +++ b/build-config.yml @@ -8,11 +8,11 @@ flagsets: main: &main description: "Complete build and test of docker stack images and maven assets. Scan ALL docker images." - push: true + push: fasle build-it: true build-stack: true - scan-unfixable: true - scan-fixable: true + scan-unfixable: false + scan-fixable: false run-maven: true run-maven-tests: true build-support: true @@ -20,7 +20,7 @@ flagsets: description: "Build docker images and push to ECR" build-it: true build-stack: true - push: true + push: false scan-unfixable: false scan-fixable: false run-maven: false @@ -41,8 +41,8 @@ flagsets: build-it: true build-stack: true push: false - scan-unfixable: true - scan-fixable: true + scan-unfixable: false + scan-fixable: false run-maven: false run-maven-tests: false build-support: false diff --git a/docs/docker_user_namespace_mapping.md b/docs/docker_user_namespace_mapping.md index 61c0487..5df5e7d 100644 --- a/docs/docker_user_namespace_mapping.md +++ b/docs/docker_user_namespace_mapping.md @@ -39,7 +39,7 @@ host. It does this by setting up a volume bind mount to `/var/run/docker.sock` From `merritt-docker/mrt-services/opensearch.yml`: ``` filebeat: - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/filebeat:dev + image: ${ECR_REGISTRY}/filebeat:dev container_name: filebeat build: context: opensearch/filebeat diff --git a/mrt-services/docker-compose.yml b/mrt-services/docker-compose.yml index b67691a..ffeb9d0 100644 --- a/mrt-services/docker-compose.yml +++ b/mrt-services/docker-compose.yml @@ -16,12 +16,12 @@ services: - zoo - store - inventory - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-ingest:dev + image: ${ECR_REGISTRY}/mrt-ingest:dev build: context: ingest/mrt-ingest dockerfile: Dockerfile args: - ECR_REGISTRY: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com + ECR_REGISTRY: ${ECR_REGISTRY} environment: SSM_SKIP_RESOLUTION: Y MERRITT_INGEST: ingest-docker @@ -45,12 +45,12 @@ services: hostname: store depends_on: - zoo - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-store:dev + image: ${ECR_REGISTRY}/mrt-store:dev build: context: store/mrt-store dockerfile: Dockerfile args: - ECR_REGISTRY: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com + ECR_REGISTRY: ${ECR_REGISTRY} ports: - published: 8081 target: 8080 @@ -79,12 +79,12 @@ services: depends_on: - zoo - ezid - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-inventory:dev + image: ${ECR_REGISTRY}/mrt-inventory:dev build: context: inventory/mrt-inventory dockerfile: Dockerfile args: - ECR_REGISTRY: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com + ECR_REGISTRY: ${ECR_REGISTRY} networks: merrittnet: ports: @@ -112,7 +112,7 @@ services: tty: true ui: container_name: ui - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-dashboard:dev + image: ${ECR_REGISTRY}/mrt-dashboard:dev build: context: ui/mrt-dashboard dockerfile: Dockerfile @@ -142,7 +142,7 @@ services: tty: true db-container: container_name: db-container - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-database + image: ${ECR_REGISTRY}/mrt-database build: context: mysql dockerfile: Dockerfile @@ -158,7 +158,7 @@ services: - my-db:/var/lib/mysql ldap: container_name: ldap - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-opendj + image: ${ECR_REGISTRY}/mrt-opendj build: context: ldap dockerfile: Dockerfile @@ -176,14 +176,14 @@ services: tty: true smtp: container_name: smtp - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/docker-hub/ghusta/fakesmtp + image: ${ECR_REGISTRY}/docker-hub/ghusta/fakesmtp networks: merrittnet: restart: unless-stopped # For pre-signed URL testing, you must create an entry in your /etc/hosts file to redirect my-minio-localhost-alias:8088 to localhost:8088. minio: container_name: minio - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-minio-it:dev + image: ${ECR_REGISTRY}/mrt-minio-it:dev ports: - published: 8088 target: 8088 @@ -200,7 +200,7 @@ services: restart: unless-stopped ezid: container_name: ezid - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mock-merritt-it:dev + image: ${ECR_REGISTRY}/mock-merritt-it:dev ports: - published: 4567 target: 4567 @@ -209,7 +209,7 @@ services: restart: unless-stopped merritt-init: container_name: merritt-init - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-init + image: ${ECR_REGISTRY}/mrt-init build: context: merritt-init dockerfile: Dockerfile @@ -233,13 +233,13 @@ services: curl -v -X POST http://audit:8080/audit/service/start?t=json replic: container_name: replic - # image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/scratch - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-replic:dev + # image: ${ECR_REGISTRY}/scratch + image: ${ECR_REGISTRY}/mrt-replic:dev build: context: replic/mrt-replic dockerfile: Dockerfile args: - ECR_REGISTRY: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com + ECR_REGISTRY: ${ECR_REGISTRY} networks: merrittnet: ports: @@ -257,13 +257,13 @@ services: tty: true audit: container_name: audit - # image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/scratch - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/mrt-audit:dev + # image: ${ECR_REGISTRY}/scratch + image: ${ECR_REGISTRY}/mrt-audit:dev build: context: audit/mrt-audit dockerfile: Dockerfile args: - ECR_REGISTRY: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com + ECR_REGISTRY: ${ECR_REGISTRY} networks: merrittnet: ports: @@ -287,7 +287,7 @@ services: networks: merrittnet: container_name: callback - image: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/callback + image: ${ECR_REGISTRY}/callback build: context: callback dockerfile: Dockerfile