buildspec.yml

version: 0.2

phases:

  install: 
    runtime-versions:
      python: 3.9
    commands:
      # initialize environment
      - |
        if [ "${BRANCH}" != prod ]
        then
          export ENV="-${BRANCH}"
        else
          export ENV=""
        fi
        apt-get update -y
        apt-get install -y wait-for-it
      # start up Docker
      - |
        nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
        timeout 15 sh -c "until docker info; do echo .; sleep 1; done" 
      # log into ECR
      - |
        aws ecr get-login-password --region $AWS_DEFAULT_REGION |\
          docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
      # pull base images
      - | 
        bash -c '
          docker pull $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/${APPLICATION}-owasp:${BRANCH^}    
        '
      # # install Testing and Documentation Dependencies
      # - |
      #   pip install behave==1.2.6 \
      #               behave-html-formatter==0.9.8 \
      #               requests==2.26.0 \
      #               selenium==4.0.0 \
      #               git-remote-codecommit==1.15.1
      # Download Sonar Scanner
      - |
        curl https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip \
            -o "sonar_scanner.zip"
        unzip sonar_scanner.zip > /dev/null 2>&1
        export PATH=$(pwd)/sonar-scanner-4.6.2.2472-linux/bin/:$PATH
  
  pre_build:
    commands:
      # TODO: Run Unit Tests
 
      # TODO: Linting
      
      # SonarQube static code analysis
      - |
        sonar-scanner \
          -Dsonar.projectKey=${APPLICATION}-frontend${ENV} \
          -Dsonar.host.url=https://$SONAR_URL \
          -Dsonar.login=$SONAR_TOKEN \
          -Dsonar.log.level=DEBUG \
          -Dsonar.sources=$(pwd)/frontend/src/ \
          -Dsonar.exclusions=**/*.json,**/*.css,**/*.scss,**/*.svg,**/*.html \
          -Dsonar.sourceEncoding=UTF-8 \
      # see: https://docs.sonarqube.org/latest/analysis/coverage/

  build:
    commands:
      - |
        bash -c '
          docker build -t ${APPLICATION}-backend:${BRANCH^} .
          docker tag ${APPLICATION}-backend:${BRANCH^} \
              $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/${APPLICATION}-frontend:${BRANCH^}
        '
  
  post_build:
    commands:
      # Start Up Cluster
      # - |
      #   bash -c '
      #     docker run --publish 8000:8000 \
      #              --name ${APPLICATION}_backend \
      #              --env COGNITO_USER_POOL=$POOL_ID \
      #              --env COGNITO_AUDIENCE=$CLIENT_ID \
      #              --env COGNITO_AWS_REGION=$AWS_DEFAULT_REGION \
      #              --env APP_ENV=test \
      #              --env APP_PORT=8000 \
      #              --detach \
      #              $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/${APPLICATION}-backend:${BRANCH^}
      #     wait-for-it localhost:8000
      #     docker run --publish 8080:8080 \
      #               --name ${APPLICATION}_frontend
      #               --detach \
      #               $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/${APPLICATION}-frontend:${BRANCH^}
      #     wait-for-it localhost:8080
      #   '

      # BDD Tests 
      # - |
      #   bash -c '
      #     git clone codecommit://${APPLICATION}-test-harness
      #     cd ${APPLICATION}-test-harness/python
      #     export FRONTEND_HOST_URL="http://localhost:8080"
      #     chmod +x ./configure && ./configure web
      #     behave -t "@Web" \
      #           --no-skipped \
      #           --summary \
      #           --outfile behave-report-frontend.html \
      #           --format behave_html_formatter:HTMLFormatter \
      #             || true
      #     aws s3 cp ./behave-report-frontend.html \
      #               s3://${APPLICATION}-coverage/test-coverage/bdd/behave-report-frontend.html
      #     cd ../..
      #   '

      # OWASP ZAP Scan
      # - |
      #   bash -c '
      #     mkdir -p $(pwd)/out
      #     chmod 777 $(pwd)/out
      #     docker run --volume $(pwd)/out:/zap/wrk/:rw \
      #                --network host \
      #                --tty \
      #                894427396428.dkr.ecr.us-east-1.amazonaws.com/innolab-owasp:Dev \
      #                zap-full-scan.py -t http://localhost:8080 -r OWASP_report_frontend.html
      #     aws s3 cp ./out/OWASP_report_frontend.html s3://${APPLICATION}-data-files/zap_report/OWASP_report_frontend.html
      #   '
        
      # TODO: Generate Documentation
        

      # Invalidate Coverage Distribution Cache
      # - |
      #   aws cloudfront create-invalidation \
      #       --distribution-id $COVERAGE_DISTRIBUTION_ID \
      #       --paths "/*"

      # Kill Cluster
      # - |
      #   bash -c '
      #     docker container stop ${APPLICATION}_backend && docker container rm ${APPLICATION}_backend
      #   '

      # Push image to ECR -> Signal deploy pipeline to take over
      - |
        bash -c '
          docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/${APPLICATION}-frontend:${BRANCH^}
        '