From b242739a0760cac38fb66e916af56e41c8a3e013 Mon Sep 17 00:00:00 2001
From: Tom Broughton <hello@tombroughton.me>
Date: Wed, 25 Oct 2023 00:06:48 +0100
Subject: [PATCH] upload images and sample config

---
 app/config.json.sample | 86 ++++++++++++++++++++++++++++++++++++++++++
 image-build-upload.sh  | 64 +++++++++++++++++++++++++++++++
 2 files changed, 150 insertions(+)
 create mode 100644 app/config.json.sample
 create mode 100644 image-build-upload.sh

diff --git a/app/config.json.sample b/app/config.json.sample
new file mode 100644
index 0000000..1432ad2
--- /dev/null
+++ b/app/config.json.sample
@@ -0,0 +1,86 @@
+{
+  "listen": {
+    "ip": "0.0.0.0",
+    "port": 2222
+  },
+  "socketio": {
+    "serveClient": false,
+    "path": "/ssh/socket.io",
+    "origins": ["localhost:2222"],
+  },
+  "ipfilter": {
+    allowed_ips: ['127.21.0.1']
+  },
+  "user": {
+    "name": "aer",
+    "password": null,
+    "privatekey": null,
+    "overridebasic": false
+  },
+  "ssh": {
+    "host": null,
+    "port": 22,
+    "localAddress": null,
+    "localPort": null,
+    "term": "xterm-color",
+    "readyTimeout": 20000,
+    "keepaliveInterval": 120000,
+    "keepaliveCountMax": 10,
+    "allowedSubnets": []
+  },
+  "terminal": {
+    "cursorBlink": true,
+    "scrollback": 10000,
+    "tabStopWidth": 8,
+    "bellStyle": "sound",
+    "fontSize": 14
+  },
+  "header": {
+    "text": null,
+    "background": "green"
+  },
+  "session": {
+    "name": "rusi-gatsby-devops-container",
+    "secret": "set-by-gha"
+  },
+  "options": {
+    "challengeButton": true,
+    "allowreauth": false
+  },
+  "algorithms": {
+    "kex": [
+      "ecdh-sha2-nistp256",
+      "ecdh-sha2-nistp384",
+      "ecdh-sha2-nistp521",
+      "diffie-hellman-group-exchange-sha256",
+      "diffie-hellman-group14-sha1"
+    ],
+    "cipher": [
+      "aes128-ctr",
+      "aes192-ctr",
+      "aes256-ctr",
+      "aes128-gcm",
+      "aes128-gcm@openssh.com",
+      "aes256-gcm",
+      "aes256-gcm@openssh.com",
+      "aes256-cbc"
+    ],
+    "hmac": [
+      "hmac-sha2-256",
+      "hmac-sha2-512",
+      "hmac-sha1"
+    ],
+    "compress": [
+      "none",
+      "zlib@openssh.com",
+      "zlib"
+    ]
+  },
+  "serverlog": {
+    "client": false,
+    "server": false
+  },
+  "accesslog": false,
+  "verify": false,
+  "safeShutdownDuration": 300
+}
diff --git a/image-build-upload.sh b/image-build-upload.sh
new file mode 100644
index 0000000..37c6d9f
--- /dev/null
+++ b/image-build-upload.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+####################################
+# 
+# This script will build and upload a container to ECR
+#  flags --package-path | -p path to the package, default to pwd
+#  --checks-only | -c if = 1 will just check the registry if the package exists or not
+####################################
+
+
+RUSI_AWS_ECR_ACCOUNT_ID="615693933970"
+REPO_NAME="rusi-web-gatsby-devops-ops"
+IMAGE_VERSION="latest"
+REQ_BUILD=0 #we check local repo to see if image already exists
+REQ_UPLOAD=0 #we check the ecr repo to see if already exists
+
+
+echo "Authenticating with AWS ECR."
+AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account)
+if [[ -z "$AWS_ACCOUNT_ID" ]]; then
+    echo "Unable to get AWS account ID."
+    exit 1
+fi
+if [[ "${AWS_ACCOUNT_ID}" != "${RUSI_AWS_ECR_ACCOUNT_ID}" ]]; then
+    echo "You're not logged in to the RUSI aws account."
+    exit 1
+fi
+
+echo "Checking if repository exists"
+#note, we are calling the repository for a given image the same name as the image
+#create the repository if it doesn't exist
+aws ecr describe-repositories --repository-names "${REPO_NAME}" || aws ecr create-repository --repository-name "${REPO_NAME}"
+
+#check to see if the image version already exists in the repo
+echo "Checking if image version already exists in ECR"
+if [ -z $(aws ecr list-images --repository-name "${REPO_NAME}" --query imageIds[?imageTag==\'"${IMAGE_VERSION}"\'].imageTag --output text) ];then
+    echo "The container will need uploading"
+    REQ_UPLOAD="1"
+fi
+#Forcing until we have unique image versions in place
+REQ_UPLOAD="1"
+
+#no need to go any further if image version already in registry
+if [ "${REQ_UPLOAD}" == "0" ]; then
+    echo "Image version ${IMAGE_VERSION} already in Registry, exiting"
+    exit 0
+fi
+
+echo "Local ${REPO_NAME}:${IMAGE_VERSION} does not exist, building..."
+docker build -t ${REPO_NAME}:${IMAGE_VERSION} .
+
+#upload the image into ECR
+
+aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin "${AWS_ACCOUNT_ID}.dkr.ecr.eu-west-1.amazonaws.com" &> /dev/null
+
+ECR_IMAGE="${AWS_ACCOUNT_ID}.dkr.ecr.eu-west-1.amazonaws.com/${REPO_NAME}:${IMAGE_VERSION}"
+
+echo "Pushing drupal container to ECR" 
+
+docker tag "${REPO_NAME}:${IMAGE_VERSION}" $ECR_IMAGE
+
+if ! docker push $ECR_IMAGE; then
+    echo "Unable to push container to ECR"
+    exit 1
+fi