Usagov 358 bin script updates, trying again with simpler include call

bin/README.md

@@ -0,0 +1,15 @@
+# USAgov 2021 Control Scripts
+
+Controls are divided into four parts: local control (base of the bin directory), cloudgov control (cloudgov directory), deployment control (deploy directory), and snapshot controls (snapshot-backups directory).
+
+Largely, the scripts intended for developer use are in the root directory.  Scripts intended for automation are found in the named directories.
+
+Additional scripts are found in the scripts directory which are used by the container at runtime.
+
+_All_ scripts are intended to be run from the project's root directory.
+
+## The difference between bin/bootstrap and bin/drupal-update
+
+Bootstrap is establishing or refreshing the configuration files for php, nginx, and new relic on all cms containers, as well as running Drupal updatedb, cim, and cr on cms container instance 0.
+
+bin/drupal-update (re-)installs the Drupal modules, builds the theme, and then runs bin/bootstrap.

bin/bootstrap

@@ -1,9 +1,28 @@
 #!/bin/bash
 set -e
 
+usage="
+$0: Does 'docker compose run' to automatically run scripts/bootstrap.sh
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
+fi
+
 # we do not directly call bootstrap
 # rather, bootstrap is automatically triggered
-# during container startup only when
+# during container startup. drupal config update runs only when
 # the container is declared to be index 0
 docker compose run \
   --rm \

bin/build

@@ -1,11 +1,26 @@
 #!/bin/bash
 set -e
 
-if [ -f env.local ]; then
-    . env.local
-    BUILD_ENV=LOCAL
+usage="
+$0: Builds CMS container.
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
 fi
 
+# If run locally, it will load the BUID and BGID from env.local.
 docker compose build \
   --build-arg BUID=${BUID:-$(id -u)} \
   --build-arg BGID=${BGID:-$(id -g)} \

bin/build-cis-scanner

@@ -1,5 +1,24 @@
 #!/bin/sh
 
+usage="
+$0: Builds the docker-bench-security container, used by bin/scan-container-cis.
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
+fi
+
 cd /tmp/
 git clone https://github.com/docker/docker-bench-security.git
 cd /tmp/docker-bench-security

bin/ccb

@@ -1,5 +1,28 @@
 #!/bin/bash
 
+usage="
+$0: Compares two branches and prints the difference between the two in comments
+labeled by the Jira ticket ID.
+
+Usage:
+   $0 -h
+   $0 branch1 branch2
+
+Options:
+-h:            show help and exit
+branch1:       the first branch
+branch2:       the second branch
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
+fi
+
 COMMIT_A=${1:-stage}
 COMMIT_B=${2:-prod}
 

bin/cloudgov/are-you-sure.sh

@@ -1,4 +1,26 @@
-#!/bin/sh
+#!/bin/bash
+
+usage="
+$0: Are you sure?!
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+
+NOTES:
+Interactive.  Y/N input.
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
+fi
 
 read -p "Are you sure? " -n 1 -r
 echo

bin/cloudgov/ato-checks/s3-bucket-encryption

@@ -1,5 +1,25 @@
 #!/bin/sh
 
+usage="
+$0: Gets the encryption configuration of the $S3_BUCKET bucket in the current space, for example, \"AES256\".
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
+fi
+
+
 # gather s3 credentials from storage key
 cf create-service-key storage storagekey
 S3INFO=$(cf service-key storage storagekey)
@@ -16,6 +36,6 @@ echo "AWS_SECRET_ACCESS_KEY=$S3_SECRET_ACCESS_KEY" >> $(pwd)/.aws/env
 echo "BUCKET_NAME=$S3_BUCKET" >> $(pwd)/.aws/env
 echo "AWS_DEFAULT_REGION=$S3_REGION" >> $(pwd)/.aws/env
 
-# pull down files excluding cached versions of css, js, and templates
+# get the encryption configuration of the $S3_BUCKET bucket in the current space
 docker run --rm -it --env-file=$(pwd)/.aws/env -v $(pwd)/s3/local/cms/public:/aws \
   amazon/aws-cli:latest s3api get-bucket-encryption --bucket $S3_BUCKET --output json

bin/cloudgov/bootstrap

@@ -1,4 +1,23 @@
 #!/bin/bash
 set -e
 
-cf ssh web -c 'source /etc/profile && /var/www/scripts/bootstrap.sh'
+usage="
+$0: SSH into CMS app and runs bootstrap.sh.
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
+fi
+
+cf ssh cms -c 'source /etc/profile && /var/www/scripts/bootstrap.sh'

bin/cloudgov/container-build

@@ -1,8 +1,31 @@
-#!/bin/sh
-#
-# This script will attempt to create a container image
-# to be used when launching cloud.gov images
-#
+#!/bin/bash
+
+usage="
+$0: Attempts to create a container image for web app to be used when launching cloud.gov images.
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+DOCKERUSER:    Docker Hub username (default: gsatts [don't change this])
+DOCKERREPO:    Docker Hub repo (default: usagov-2021 [don't change this])
+CONTAINERTAG:  Git tag of the container being created (default: $GITBRANCH)
+CONTAINERTAG2: Optional tag label
+
+NOTES:
+Arguments come from environment.
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
+fi
+
 DOCKERUSER=${DOCKERUSER:-gsatts}
 DOCKERREPO=${DOCKERREPO:-usagov-2021}
 
@@ -22,7 +45,7 @@ echo "Building ${DOCKERUSER}/${DOCKERREPO}:cms-${CONTAINERTAG} ${CONTAINERTAG2}"
 
 chmod -R u+w ./web/sites/default/
 
-export DOCKER_CONTENT_TRUST=1 
+export DOCKER_CONTENT_TRUST=1
 docker build --force-rm \
      -t $DOCKERUSER/$DOCKERREPO:cms-$CONTAINERTAG \
      -f .docker/Dockerfile-cms . \

bin/cloudgov/container-build-egress

@@ -1,8 +1,30 @@
-#!/bin/sh
-#
-# This script will attempt to create a container image
-# to be used when launching cloud.gov images
-#
+#!/bin/bash
+
+usage="
+$0: Attempts to create a container image for egress proxy to be used when launching cloud.gov images.
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+DOCKERUSER:    Docker Hub username (default: gsatts [don't change this])
+DOCKERREPO:    Docker Hub repo (default: usagov-2021 [don't change this])
+CONTAINERTAG:  Git tag of the container being created (default: $GITBRANCH)
+CONTAINERTAG2: Optional tag label
+
+NOTES:
+Arguments come from environment.
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
+fi
 
 DOCKERUSER=${DOCKERUSER:-gsatts}
 DOCKERREPO=${DOCKERREPO:-usagov-2021}

bin/cloudgov/container-build-newrelic

@@ -1,23 +1,32 @@
-#!/bin/sh
-#
-# This script will attempt to create a container image
-# to be used when launching cloud.gov images
-#
-
-# we might be running in circleci
-if [ -f /home/circleci/project/env.local ]; then
-  . /home/circleci/project/env.local
-fi
-# we might be running from a local dev machine
-SCRIPT_DIR="$(dirname "$(readlink "$0")")"
-if [ -f $SCRIPT_DIR/env.local ]; then
-  . $SCRIPT_DIR/env.local
-fi
-if [ -f ./env.local ]; then
-  . ./env.local
+#!/bin/bash
+
+usage="
+$0: Attempts to create a container image for new relic daemon proxy to be used when launching cloud.gov images.
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+DOCKERUSER:    Docker Hub username (default: gsatts [don't change this])
+DOCKERREPO:    Docker Hub repo (default: usagov-2021 [don't change this])
+CONTAINERTAG:  Git tag of the container being created (default: $GITBRANCH)
+CONTAINERTAG2: Optional tag label
+
+NOTES:
+Arguments come from environment.
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
 fi
 
-DOCKERUSER=${DOCKERUSER:-dnark}
+DOCKERUSER=${DOCKERUSER:-gsatts}
 DOCKERREPO=${DOCKERREPO:-usagov-2021}
 
 GITBRANCH=$(git symbolic-ref --short HEAD 2>/dev/null || echo "")

bin/cloudgov/container-push

@@ -1,8 +1,30 @@
-#!/bin/sh
-#
-# This script will attempt to store a container image on docker hub
-# to be used when launching cloud.gov images
-#
+#!/bin/bash
+
+usage="
+$0: Pushes built cms and waf containers to Docker Hub.
+
+Usage:
+   $0 -h
+
+Options:
+-h:            show help and exit
+DOCKERUSER:    Docker Hub username (default: gsatts [don't change this])
+DOCKERREPO:    Docker Hub repo (default: usagov-2021 [don't change this])
+CONTAINERTAG:  Git tag of the container being created
+CONTAINERTAG2: Optional tag label
+
+NOTES:
+Arguments come from environment.
+"
+
+PREAMBLE=$( pwd -P )/bin/includes/preamble.sh
+if [ -f "$PREAMBLE" ]; then
+  # shellcheck source=bin/includes/preamble.sh
+  . "$PREAMBLE"
+else
+   echo Cannot find preamble at "$PREAMBLE"
+   exit 1
+fi
 
 DOCKERUSER=${DOCKERUSER:-gsatts}
 DOCKERREPO=${DOCKERREPO:-usagov-2021}