Initial commit

Author: ghuntley

Diff for: .gitpod.Dockerfile

@@ -0,0 +1,72 @@
+# syntax=docker/dockerfile:1.4
+FROM gitpod/workspace-full
+
+USER root
+
+COPY --from=amazon/aws-cli:latest /usr/local/aws-cli/ /usr/local/aws-cli/
+
+# make sure we have these handy utilities
+RUN apt install -y inetutils-ping traceroute curl wget
+
+RUN chmod +x /usr/local/aws-cli/v2/current/bin/aws && ln -s /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws
+
+RUN chmod -R +x /usr/local/bin
+
+USER gitpod
+
+# below is an inline bash script to populate this container with a helper script to run at login
+# this is really a terrible idea and why aws_init.sh is used instead
+RUN <<'EOF' bash
+set -e
+
+# install ECR credential helper:
+ECR_LATEST=$(curl -s https://api.github.com/repos/awslabs/amazon-ecr-credential-helper/releases/latest | jq -r ".tag_name")
+curl -o docker-credential-ecr-login -fSsL "https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/${ECR_LATEST##*v}/linux-amd64/docker-credential-ecr-login"
+sudo mv docker-credential-ecr-login /usr/local/bin/docker-credential-ecr-login
+sudo chmod +x /usr/local/bin/docker-credential-ecr-login
+
+mkdir -p /home/gitpod/.aws/
+
+cat <<'AWSINIT' >  /home/gitpod/.aws/init.sh
+#!/bin/bash
+set -e
+
+# create the config for SSO login
+# This assumes the below variables have been configured for this repo in gitpod
+# https://www.gitpod.io/docs/environment-variables#using-the-account-settings
+cat <<- AWSFILE > /home/gitpod/.aws/config
+[default]
+sso_start_url = ${AWS_SSO_URL}
+sso_region = ${AWS_SSO_REGION}
+sso_account_id = ${AWS_ACCOUNT_ID}
+sso_role_name = ${AWS_ROLE_NAME}
+region = ${AWS_REGION}
+AWSFILE
+
+# update docker config to use ecr-login
+
+# make sure we have ecr-login
+if [ ! -f /usr/local/bin/docker-credential-ecr-login ]; then
+    ECR_LATEST=$(curl -s https://api.github.com/repos/awslabs/amazon-ecr-credential-helper/releases/latest | jq -r ".tag_name")
+    curl -o docker-credential-ecr-login -fSsL "https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/${ECR_LATEST##*v}/linux-arm64/docker-credential-ecr-login"
+    sudo mv docker-credential-ecr-login /usr/local/bin/docker-credential-ecr-login
+    sudo chmod +x /usr/local/bin/docker-credential-ecr-login
+fi
+
+# if we don't have a .docker/config.json, create:
+
+if [ ! -d /home/gitpod/.docker ]; then
+    mkdir -p /home/gitpod/.docker && echo '{}' > /home/gitpod/.docker/config.json
+elif [ ! -f /home/gitpod/.docker/config.json ]; then
+    echo '{}' > /home/gitpod/.docker/config.json
+fi
+
+jq '.credHelpers["public.ecr.aws"]="ecr-login"' /home/gitpod/.docker/config.json > /home/gitpod/.docker/config_tmp.json
+jq ".credHelpers[\"${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com\"]=\"ecr-login\"" /home/gitpod/.docker/config_tmp.json > /home/gitpod/.docker/config.json
+
+AWSINIT
+
+chmod +x /home/gitpod/.aws/init.sh
+
+EOF
+

Diff for: .gitpod.yml

@@ -0,0 +1,22 @@
+# image:
+#   file: .gitpod.Dockerfile
+
+# multi-repo
+# additionalRepositories:
+#   - url: https://github.com/<redacted>/something
+#     checkoutLocation: something
+
+# List the start up tasks. Learn more https://www.gitpod.io/docs/config-start-tasks/
+tasks:
+  - before: |
+      curl -fsSL https://openpgpkey.sneezingdog.com/.well-known/openpgpkey/sneezingdog.com/hu/jexrgxceciag7yppi57igp7m3shxc98r | gpg --import
+
+  - command: |
+      # this will install all AWS tools and then open a browser window to authenticate your AWS session
+      bash $GITPOD_REPO_ROOT/aws_init.sh
+      # put things you want to do with AWS after this line
+
+# List the ports to expose. Learn more https://www.gitpod.io/docs/config-ports/
+# ports:
+#   - port: 3000
+#     onOpen: open-preview

Diff for: LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Gitpod
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Diff for: README.md

@@ -0,0 +1,18 @@
+# Gitpod with AWS
+
+If your software project is comprised of multiple source control repositories it is possible to configure Gitpod to clone these additional repositories through the configuration keys of `additionalRepositories` and `mainConfiguration` in the [.gitpod.yml](https://www.gitpod.io/docs/references/gitpod-yml) file which removes the need to run multiple workspaces, and makes it easier to configure services which need to be aware of each other.
+
+Learn more about cloning additional repositories and delegation at https://www.gitpod.io/docs/multi-repo-workspaces
+
+## Demo
+
+This repository uses `mainConfiguration` to delegate the configuration of Gitpod to https://github.com/gitpod-io/demo-multi-repo-frontend and makes it possible to open the same workspace from any issue, branch or other context URL.
+
+<a href="https://gitpod.io/#https://github.com/gitpod-io/demo-gitpod-with-aws"><img src="https://gitpod-staging.com/button/open-in-gitpod.svg"/></a>
+
+```bash
+$ cd /workspaces
+$ ls -ltr
+drwxr-xr-x 3 gitpod gitpod 69 Jun 22 02:37 demo-multi-repo-frontend
+drwxr-xr-x 3 gitpod gitpod 69 Jun 22 02:37 backend
+```

Diff for: aws_init.sh

@@ -0,0 +1,98 @@
+#!/bin/bash
+set -e
+
+#update AWS
+OLD_DIR="$PWD"
+TMP_DIR="$(mktemp -d)"
+echo "Updating AWS"
+cd "${TMP_DIR}" || exit 1
+
+curl -fSsl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+unzip -qq awscliv2.zip
+sudo ./aws/install --update
+
+cd "${OLD_DIR}" || exit 1
+rm -rf "${TMP_DIR}"
+
+# make sure we have ecr-login
+if [ ! -f /usr/local/bin/docker-credential-ecr-login ]; then
+    echo "Installing ecr-login helper"
+    OLD_DIR="$PWD"
+    TMP_DIR="$(mktemp -d)"
+    cd "${TMP_DIR}" || exit 1
+    ECR_LATEST=$(curl -s https://api.github.com/repos/awslabs/amazon-ecr-credential-helper/releases/latest | jq -r ".tag_name")
+    curl -o docker-credential-ecr-login -fSsL "https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/${ECR_LATEST##*v}/linux-amd64/docker-credential-ecr-login"
+    curl -o docker-credential-ecr-login.sha256 -fSsL "https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/${ECR_LATEST##*v}/linux-amd64/docker-credential-ecr-login.sha256"
+    sha256sum -c docker-credential-ecr-login.sha256
+    sudo mv docker-credential-ecr-login /usr/local/bin/docker-credential-ecr-login
+    sudo chmod +x /usr/local/bin/docker-credential-ecr-login
+    cd "${OLD_DIR}" || exit 1
+    rm -rf "${TMP_DIR}"
+fi
+
+# This should be moved to the workspace image, but we can shave that yak later.
+if ! command -v session-manager-plugin; then
+    echo "Installing AWS session manager plugin"
+
+      TMP_DIR="$(mktemp -d)"
+      cd "$TMP_DIR" || exit 1
+
+      curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"
+      sudo dpkg -i "session-manager-plugin.deb"
+
+      cd "$OLD_DIR"
+      rm -rf "$TMP_DIR"
+fi
+
+
+AWS_VARS=(AWS_SSO_URL AWS_SSO_REGION AWS_ACCOUNT_ID AWS_ROLE_NAME AWS_REGION)
+
+for AWS_VAR in "${AWS_VARS[@]}"; do
+  echo "$AWS_VAR is ${!AWS_VAR}"
+    if [[ -z "${!AWS_VAR}" ]]; then
+        echo "Error: AWS variable \"$AWS_VAR\" is unset"
+        AWS_VAR_UNSET=true
+    fi
+done
+
+if ! [[ -z "$AWS_VAR_UNSET" ]]; then
+    SCRIPT=$(realpath "$0")
+    echo "AWS Variables are not set, skipping autoconfig of files"
+    echo "Re-run ${SCRIPT} when AWS_ variables are set"
+    exit 1
+fi
+
+
+# create the config for SSO login
+# This assumes the below variables have been configured for this repo in gitpod
+# https://www.gitpod.io/docs/environment-variables#using-the-account-settings
+echo "Forcing AWS config to just use SSO credentials"
+[[ -d /home/gitpod/.aws ]] || mkdir /home/gitpod/.aws
+cat <<- AWSFILE > /home/gitpod/.aws/config
+[default]
+sso_start_url = ${AWS_SSO_URL}
+sso_region = ${AWS_SSO_REGION}
+sso_account_id = ${AWS_ACCOUNT_ID}
+sso_role_name = ${AWS_ROLE_NAME}
+region = ${AWS_REGION}
+AWSFILE
+
+# update docker config to use ecr-login
+# if we don't have a .docker/config.json, create:
+
+if [ ! -d /home/gitpod/.docker ]; then
+    mkdir -p /home/gitpod/.docker && echo '{}' > /home/gitpod/.docker/config.json
+elif [ ! -f /home/gitpod/.docker/config.json ]; then
+    echo '{}' > /home/gitpod/.docker/config.json
+fi
+
+echo "Ensuring Docker Config uses ecr-login for ECR repositories"
+
+cp /home/gitpod/.docker/config.json /home/gitpod/.docker/config_bak.json
+jq '.credHelpers["public.ecr.aws"]="ecr-login"' /home/gitpod/.docker/config.json > /home/gitpod/.docker/config_tmp.json
+jq ".credHelpers[\"${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com\"]=\"ecr-login\"" /home/gitpod/.docker/config_tmp.json > /home/gitpod/.docker/config.json
+rm /home/gitpod/.docker/config_tmp.json
+
+echo "Start an AWS SSO login session"
+
+BROWSER="/ide/bin/helpers/browser.sh" aws sso login