forked from uniquesreedhar/Swiggy_clone
-
Notifications
You must be signed in to change notification settings - Fork 0
/
buildspec.yaml
84 lines (68 loc) · 3.55 KB
/
buildspec.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
version: 0.2
env:
parameter-store:
DOCKER_REGISTRY_USERNAME: /cicd/docker-credentials/username
DOCKER_REGISTRY_PASSWORD: /cicd/docker-credentials/password
DOCKER_REGISTRY_URL: /cicd/docker-registry/url
SONAR_TOKEN: /cicd/sonar/sonar-token
SONAR_SERVER: /cicd/sonar/sonar-server
AWS_ACCESS_KEY_ID: /cicd/sonar/AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY: /cicd/sonar/AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION: /cicd/sonar/AWS_DEFAULT_REGION
phases:
install:
runtime-versions:
python: 3.11
java: corretto17
pre_build:
commands:
- echo "Installing dependencies..."
- echo "Performing Trivy file scan before building the image..."
- wget https://github.com/aquasecurity/trivy/releases/download/v0.19.2/trivy_0.19.2_Linux-64bit.tar.gz
- tar zxvf trivy_0.19.2_Linux-64bit.tar.gz
- export PATH=$PATH:$PWD
- trivy filesystem --exit-code 0 --no-progress . >> trivyfilescan.txt
- echo "Downloading and installing OWASP Dependency-Check..."
- wget https://github.com/jeremylong/DependencyCheck/releases/download/v7.0.2/dependency-check-7.0.2-release.zip
- unzip dependency-check-7.0.2-release.zip
- export SONAR_SCANNER_VERSION=4.7.0.2747
- export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
- curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
- unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
- export PATH=$SONAR_SCANNER_HOME/bin:$PATH
- export SONAR_SCANNER_OPTS="-server"
- echo "Installing AWS CLI..."
- curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
- unzip awscliv2.zip
- chmod +x ./aws/install
- sudo ./aws/install --update
- echo "Configuring AWS CLI..."
- export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
- export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
- export AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION
- aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
- aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
- aws configure set default.region $AWS_DEFAULT_REGION
build:
commands:
- echo "Running tests..."
- echo "Building Docker image..."
- echo "$DOCKER_REGISTRY_PASSWORD" | docker login -u "$DOCKER_REGISTRY_USERNAME" --password-stdin "$DOCKER_REGISTRY_URL"
- docker build -t "$DOCKER_REGISTRY_URL/$DOCKER_REGISTRY_USERNAME/swiggy:latest" .
- docker push "$DOCKER_REGISTRY_URL/$DOCKER_REGISTRY_USERNAME/swiggy:latest"
- echo "Performing Trivy image scan after building the image..."
- trivy image "$DOCKER_REGISTRY_URL/$DOCKER_REGISTRY_USERNAME/swiggy:latest" >> trivyimage.txt
- aws s3 cp trivyimage.txt s3://my-ews-baket19090/
post_build:
commands:
- echo "Running OWASP Dependency-Check scan..."
- cd dependency-check/bin
- ./dependency-check.sh --scan . --format ALL
- echo "Build completed successfully!"
- echo "Running SonarQube analysis..."
- sonar-scanner -Dsonar.projectKey=swiggy -Dsonar.sources=. -Dsonar.host.url=http://$SONAR_SERVER:9000/ -Dsonar.login=$SONAR_TOKEN
- echo "Uploading Trivy scan report to S3..."
# - aws ses send-email --from "[email protected]" --to "[email protected]" --subject "CodeBuild Status: $CODEBUILD_BUILD_ID" --text "Build status: $CODEBUILD_BUILD_STATUS" --region "ap-south-1"
artifacts:
files:
- appspec.yaml