ECRアップデートスクリプト化実装

2024-08-27 11:42:24 +09:00 · 2024-08-27 11:42:24 +09:00 · d4bcbddeae
commit d4bcbddeae
parent edfc3cab8b
21 changed files with 254 additions and 0 deletions
--- a/vulnerability-scan/README.md
+++ b/vulnerability-scan/README.md
@ -0,0 +1,17 @@
+## 脆弱スキャン用ツール
+### 前提
+
+- `docker cli`インストール済み
+- `AWS CLI`インストール済み
+- AWS CLIでアカウント情報設定されていること
+
+### 実行方法
+
+- `vulnerability-scan`の直下フォルダで以下コマンド実行する
+
+```bash
+bash build-push-scanpoint.sh
+```
+
+- *実行したコマンド失敗したとき、スクリプトが停止する*
+- *その場合は`build-push-scanpoint`直下から失敗したコマンド単体実行できる*
--- a/vulnerability-scan/build-push-scanpoint.sh
+++ b/vulnerability-scan/build-push-scanpoint.sh
@ -0,0 +1,19 @@
+#!/bin/bash
+
+#ログイン認証確認
+if [[ $(aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com) == *"Login Succeeded"* ]]
+then
+    echo "AWS login succeeded"
+    cd build-push-scanpoint
+    bash build-dataimport.sh || { echo "build-dataimport.sh failed"; exit 1; }
+    bash build-sap-data-decrypt.sh || { echo "build-sap-data-decrypt.sh failed"; exit 1; }
+    bash build-check-view-security-option.sh || { echo "build-check-view-security-option.sh failed"; exit 1; }
+    bash build-crm-datafetch.sh || { echo "build-crm-datafetch.sh failed"; exit 1; }
+    bash build-jskult-dbdump.sh || { echo "build-jskult-dbdump.sh failed"; exit 1; }
+    bash build-jskult-batch-daily.sh || { echo "build-jskult-batch-daily.sh failed"; exit 1; }
+    bash build-jskult-batch-laundering.sh || { echo "build-jskult-batch-laundering.sh failed"; exit 1; }
+    bash build-jskult-webapp.sh || { echo "build-jskult-webapp.sh failed"; exit 1; }
+    bash build-export-dbdump.sh || { echo "build-export-dbdump.sh failed"; exit 1; }
+else
+    echo "AWS login failed"
+fi
--- a/vulnerability-scan/build-push-scanpoint/check-view-security-option.sh
+++ b/vulnerability-scan/build-push-scanpoint/check-view-security-option.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+cd ../../lambda/check-view-security-option || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; }
+
+pipenv update
+
+aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com
+
+docker build -t mbj-newdwh2021-staging-check-view-security-option-ecr . --no-cache
+
+docker tag mbj-newdwh2021-staging-check-view-security-option-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-check-view-security-option-ecr:scan-point
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-check-view-security-option-ecr:scan-point
+
--- a/vulnerability-scan/build-push-scanpoint/crm-datafetch.sh
+++ b/vulnerability-scan/build-push-scanpoint/crm-datafetch.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+cd ../../ecs/crm-datafetch || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; }
+
+pipenv update
+
+aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com
+
+docker build -t mbj-newdwh2021-staging-crm-datafetch-ecr . --no-cache
+
+docker tag mbj-newdwh2021-staging-crm-datafetch-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-crm-datafetch-ecr:scan-point
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-crm-datafetch-ecr:scan-point
+
--- a/vulnerability-scan/build-push-scanpoint/dataimport.sh
+++ b/vulnerability-scan/build-push-scanpoint/dataimport.sh
@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd ../../ecs/dataimport/ || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; }
+
+aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com
+
+docker build -t mbj-newdwh2021-staging-ecr . --no-cache
+
+docker tag mbj-newdwh2021-staging-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-ecr:scan-point
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-ecr:scan-point
--- a/vulnerability-scan/build-push-scanpoint/export-dbdump.sh
+++ b/vulnerability-scan/build-push-scanpoint/export-dbdump.sh
@ -0,0 +1,13 @@
+#!/bin/bash
+
+cd ../../ecs/export-dbdump || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; }
+
+pipenv update
+
+aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com
+
+docker build -t mbj-newdwh2021-staging-export-dbdump-ecr . --no-cache
+
+docker tag mbj-newdwh2021-staging-export-dbdump-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-export-dbdump-ecr:scan-point
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-export-dbdump-ecr:scan-point
--- a/vulnerability-scan/build-push-scanpoint/jskult-batch-daily.sh
+++ b/vulnerability-scan/build-push-scanpoint/jskult-batch-daily.sh
@ -0,0 +1,13 @@
+#!/bin/bash
+
+cd ../../ecs/jskult-batch-daily || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; }
+
+pipenv update
+
+aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com
+
+docker build -t mbj-newdwh2021-staging-jskult-batch-daily-ecr . --no-cache
+
+docker tag mbj-newdwh2021-staging-jskult-batch-daily-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-daily-ecr:scan-point
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-daily-ecr:scan-point
--- a/vulnerability-scan/build-push-scanpoint/jskult-batch-laundering.sh
+++ b/vulnerability-scan/build-push-scanpoint/jskult-batch-laundering.sh
@ -0,0 +1,13 @@
+#!/bin/bash
+
+cd ../../ecs/jskult-batch-laundering || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; }
+
+pipenv update
+
+aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com
+
+docker build -t mbj-newdwh2021-staging-jskult-batch-laundering-ecr . --no-cache
+
+docker tag mbj-newdwh2021-staging-jskult-batch-laundering-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-laundering-ecr:scan-point
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-laundering-ecr:scan-point
--- a/vulnerability-scan/build-push-scanpoint/jskult-dbdump.sh
+++ b/vulnerability-scan/build-push-scanpoint/jskult-dbdump.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+cd ../../ecs/jskult-dbdump || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; }
+
+pipenv update
+
+aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com
+
+docker build -t mbj-newdwh2021-staging-jskult-dbdump-ecr . --no-cache
+
+docker tag mbj-newdwh2021-staging-jskult-dbdump-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-dbdump-ecr:scan-point
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-dbdump-ecr:scan-point
+
--- a/vulnerability-scan/build-push-scanpoint/jskult-webapp.sh
+++ b/vulnerability-scan/build-push-scanpoint/jskult-webapp.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+cd ../../ecs/jskult-webapp || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; }
+
+pipenv update
+
+aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com
+
+docker build -t mbj-newdwh2021-staging-jskult-webapp-ecr . --no-cache
+
+docker tag mbj-newdwh2021-staging-jskult-webapp-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-webapp-ecr:scan-point
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-webapp-ecr:scan-point
+
--- a/vulnerability-scan/build-push-scanpoint/sap-data-decrypt.sh
+++ b/vulnerability-scan/build-push-scanpoint/sap-data-decrypt.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+
+cd ../../lambda/sap-data-decrypt || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; }
+
+aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com
+
+docker build -t mbj-newdwh2021-staging-sap-data-decrypt . --no-cache
+
+docker tag mbj-newdwh2021-staging-sap-data-decrypt:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-sap-data-decrypt:scan-point
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-sap-data-decrypt:scan-point
+
--- a/vulnerability-scan/retag-push-latest.sh
+++ b/vulnerability-scan/retag-push-latest.sh
@ -0,0 +1,19 @@
+#!/bin/bash
+
+#ログイン認証確認
+if [[ $(aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com) == *"Login Succeeded"* ]]
+then
+    echo "AWS login succeeded"
+    cd retag-push-latest
+    bash retag-dataimport.sh || { echo "retag-dataimport.sh failed"; exit 1; }
+    bash retag-sap-data-decrypt.sh || { echo "retag-sap-data-decrypt.sh failed"; exit 1; }
+    bash retag-check-view-security-option.sh || { echo "retag-check-view-security-option.sh failed"; exit 1; }
+    bash retag-crm-datafetch.sh || { echo "retag-crm-datafetch.sh failed"; exit 1; }
+    bash retag-jskult-dbdump.sh || { echo "retag-jskult-dbdump.sh failed"; exit 1; }
+    bash retag-jskult-batch-daily.sh || { echo "retag-jskult-batch-daily.sh failed"; exit 1; }
+    bash retag-jskult-batch-laundering.sh || { echo "retag-jskult-batch-laundering.sh failed"; exit 1; }
+    bash retag-jskult-webapp.sh || { echo "retag-jskult-webapp.sh failed"; exit 1; }
+    bash retag-export-dbdump.sh || { echo "retag-export-dbdump.sh failed"; exit 1; }
+else
+    echo "AWS login failed"
+fi
--- a/vulnerability-scan/retag-push-latest/retag-check-view-security-option.sh
+++ b/vulnerability-scan/retag-push-latest/retag-check-view-security-option.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker tag mbj-newdwh2021-staging-check-view-security-option-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-check-view-security-option-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-check-view-security-option-ecr:latest
+
+docker tag mbj-newdwh2021-staging-check-view-security-option-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-check-view-security-option-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-check-view-security-option-ecr:latest
--- a/vulnerability-scan/retag-push-latest/retag-crm-datafetch.sh
+++ b/vulnerability-scan/retag-push-latest/retag-crm-datafetch.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker tag mbj-newdwh2021-staging-crm-datafetch-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-crm-datafetch-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-crm-datafetch-ecr:latest
+
+docker tag mbj-newdwh2021-staging-crm-datafetch-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-crm-datafetch-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-crm-datafetch-ecr:latest
--- a/vulnerability-scan/retag-push-latest/retag-dataimport.sh
+++ b/vulnerability-scan/retag-push-latest/retag-dataimport.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker tag mbj-newdwh2021-staging-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-ecr:latest
+
+docker tag mbj-newdwh2021-staging-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-ecr:latest
--- a/vulnerability-scan/retag-push-latest/retag-export-dbdump.sh
+++ b/vulnerability-scan/retag-push-latest/retag-export-dbdump.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker tag mbj-newdwh2021-staging-export-dbdump-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-export-dbdump-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-export-dbdump-ecr:latest
+
+docker tag mbj-newdwh2021-staging-export-dbdump-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-export-dbdump-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-export-dbdump-ecr:latest
--- a/vulnerability-scan/retag-push-latest/retag-jskult-batch-daily.sh
+++ b/vulnerability-scan/retag-push-latest/retag-jskult-batch-daily.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker tag mbj-newdwh2021-staging-jskult-batch-daily-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-daily-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-daily-ecr:latest
+
+docker tag mbj-newdwh2021-staging-jskult-batch-daily-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-batch-daily-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-batch-daily-ecr:latest
--- a/vulnerability-scan/retag-push-latest/retag-jskult-batch-laundering.sh
+++ b/vulnerability-scan/retag-push-latest/retag-jskult-batch-laundering.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker tag mbj-newdwh2021-staging-jskult-batch-laundering-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-laundering-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-laundering-ecr:latest
+
+docker tag mbj-newdwh2021-staging-jskult-batch-laundering-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-batch-laundering-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-batch-laundering-ecr:latest
--- a/vulnerability-scan/retag-push-latest/retag-jskult-dbdump.sh
+++ b/vulnerability-scan/retag-push-latest/retag-jskult-dbdump.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker tag mbj-newdwh2021-staging-jskult-dbdump-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-dbdump-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-dbdump-ecr:latest
+
+docker tag mbj-newdwh2021-staging-jskult-dbdump-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-dbdump-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-dbdump-ecr:latest
--- a/vulnerability-scan/retag-push-latest/retag-jskult-webapp.sh
+++ b/vulnerability-scan/retag-push-latest/retag-jskult-webapp.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker tag mbj-newdwh2021-staging-jskult-webapp-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-webapp-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-webapp-ecr:latest
+
+docker tag mbj-newdwh2021-staging-jskult-webapp-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-webapp-ecr:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-webapp-ecr:latest
--- a/vulnerability-scan/retag-push-latest/retag-sap-data-decrypt.sh
+++ b/vulnerability-scan/retag-push-latest/retag-sap-data-decrypt.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker tag mbj-newdwh2021-staging-sap-data-decrypt 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-sap-data-decrypt:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-sap-data-decrypt:latest
+
+docker tag mbj-newdwh2021-staging-sap-data-decrypt 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-sap-data-decrypt:latest
+
+docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-sap-data-decrypt:latest