include tunnel command file

sn0wm1ku · Jan 31, 2024 · 5360ab9 · 5360ab9
1 parent 44e3c46
commit 5360ab9
Show file tree

Hide file tree

Showing 7 changed files with 63 additions and 23 deletions.
diff --git a/.env b/.env
@@ -0,0 +1,6 @@
+############################################
+# AWS_PROFILE : AWS Profile Name
+# RDS_TYPE    : RDS Type (Instance or Cluster)
+############################################
+AWS_PROFILE=
+RDS_TYPE=
diff --git a/.envrc b/.envrc
@@ -0,0 +1,3 @@
+dotenv
+AWS_PROFILE=sandbox
+RDS_TYPE=Instance
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
         uses: actions/Checkout@v4 #version in small letter
       - name: Build
         run: |
-          docker build .
+          docker build --file Docker/Dockerfile .
       
 
 
diff --git a/Dockerfile → Docker/Dockerfile b/Dockerfile → Docker/Dockerfile
@@ -3,8 +3,12 @@ ADD https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bi
 RUN dpkg -i "session-manager-plugin.deb"
 FROM phpmyadmin:fpm-alpine
 COPY --from=sessionmanagerplugin /usr/local/sessionmanagerplugin/bin/session-manager-plugin /usr/local/bin/
+
 # COPY cert.key /etc/nginx/ssl/
 # COPY cert.crt /etc/nginx/ssl/
+COPY ./Docker/aws-host-tunnel /workspace/
+COPY ./Docker/nginx.conf /etc/nginx/http.d/
+COPY ./Docker/entrypoint.sh /usr/local/bin/
 RUN apk update && apk upgrade && \
     apk add aws-cli --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community/ && \
     apk add gcompat git nginx
@@ -42,28 +46,8 @@ RUN apk update && apk upgrade && \
 #     nginx &\n\
 #     cd /workspace && ops/docker/development/sh/aws-host-tunnel >> /proc/1/fd/2 &\n\
 #     wait" > /usr/local/bin/entrypoint.sh && chmod +x /usr/local/bin/entrypoint.sh
-RUN echo  -e "server { \n\
-    listen 80 default_server; \n\
-    server_name _; \n\
-    root /var/www/html; \n\
-    index index.php index.html; \n\
-    \n\
-    location / {  \n\
-    try_files \$uri \$uri/ =404; \n\
-    } \n\
-    \n\
-    location ~ \.php$ { \n\
-    fastcgi_pass 127.0.0.1:9000; \n\
-    fastcgi_index index.php; \n\
-    fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; \n\
-    include fastcgi_params; \n\
-    } \n\
-    } \n" > /etc/nginx/http.d/nginx.conf && cat /etc/nginx/http.d/nginx.conf && \
+RUN cat /etc/nginx/http.d/nginx.conf && \
     mv /etc/nginx/http.d/default.conf /etc/nginx/http.d/default.conf-disabled && \
     nginx -t && nginx && \
-    echo -e "#!/bin/sh\n\
-    /docker-entrypoint.sh php-fpm &\n\
-    nginx &\n\
-    cd /workspace && ops/docker/development/sh/aws-host-tunnel >> /proc/1/fd/2 &\n\
-    wait" > /usr/local/bin/entrypoint.sh && chmod +x /usr/local/bin/entrypoint.sh
+    chmod +x /usr/local/bin/entrypoint.sh
 ENTRYPOINT [ "/bin/sh", "/usr/local/bin/entrypoint.sh" ]
diff --git a/Docker/aws-host-tunnel b/Docker/aws-host-tunnel
@@ -0,0 +1,25 @@
+#!/bin/sh -eu
+
+# (Boilerplate Variables)
+SCRIPT_NAME=$(basename "$0")
+PROJECT_ROOT=$(git rev-parse --show-toplevel)
+PROJECT_NAME=$(basename $PROJECT_ROOT | sed s/-//g)
+
+# (Always on the root dir of the git repository)
+cd $PROJECT_ROOT
+
+########################################################################
+# SECRET_NAME=$(aws secretsmanager list-secrets --query "SecretList[*].Name" --profile $AWS_PROFILE | tr -d '[]"')
+# DBPASS_RAW=$(aws secretsmanager get-secret-value --secret-id $SECRET_NAME --query SecretString --profile $AWS_PROFILE | sed 's/\\//g' | sed 's/^"//' | sed 's/"$//')
+# DBPASS=$(echo $DBPASS_RAW | awk -F: '{print $2}' | awk -F, '{print $1}')
+# echo DB Password = $DBPASS
+if [ $RDS_TYPE = 'Instance' ]; then
+    AWS_CMD=describe-db-instances
+else
+    AWS_CMD=describe-db-clusters
+fi
+
+AWS_MYSQL_ENDPOINT=$(aws rds $AWS_CMD --query "DB${RDS_TYPE}s[*].Endpoint" --output json --profile $AWS_PROFILE)
+BASTION_INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=bastion" --query "Reservations[*].Instances[*].InstanceId" --output text --profile $AWS_PROFILE)
+SSM_PARAM=$(echo $AWS_MYSQL_ENDPOINT | jq '{"portNumber": [(.[] | .Port | tostring)], "localPortNumber": [(.[] | .Port | tostring)], "host": [(.[] | .Address)]}')
+aws ssm start-session --target $BASTION_INSTANCE_ID --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters "$SSM_PARAM" --profile $AWS_PROFILE
diff --git a/Docker/entrypoint.sh b/Docker/entrypoint.sh
@@ -0,0 +1,5 @@
+#!/bin/sh\n\
+/docker-entrypoint.sh php-fpm
+nginx
+cd /workspace && ./aws-host-tunnel >>/proc/1/fd/2
+wait
diff --git a/Docker/nginx.conf b/Docker/nginx.conf
@@ -0,0 +1,17 @@
+server {
+  listen 80 default_server;
+  server_name _;
+  root /var/www/html;
+  index index.php index.html;
+
+  location / {
+    try_files \$uri \$uri/ =404;
+  }
+
+  location ~ \.php$ {
+    fastcgi_pass 127.0.0.1:9000;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
+    include fastcgi_params;
+  }
+}