feat: Use AWS with Gitpod 🚀

Author: Siddhant-K-code

.gitpod.yml

@@ -1,132 +1,33 @@
-## Learn more about this file at 'https://www.gitpod.io/docs/references/gitpod-yml'
-##
-## This '.gitpod.yml' file when placed at the root of a project instructs
-## Gitpod how to prepare & build the project, start development environments
-## and configure continuous prebuilds. Prebuilds when enabled builds a project
-## like a CI server so you can start coding right away - no more waiting for
-## dependencies to download and builds to finish when reviewing pull-requests
-## or hacking on something new.
-##
-## With Gitpod you can develop software from any device (even iPads) via
-## desktop or browser based versions of VS Code or any JetBrains IDE and
-## customise it to your individual needs - from themes to extensions, you
-## have full control.
-##
-## The easiest way to try out Gitpod is install the browser extenion:
-## 'https://www.gitpod.io/docs/browser-extension' or by prefixing
-## 'https://gitpod.io#' to the source control URL of any project.
-##
-## For example: 'https://gitpod.io#https://github.com/gitpod-io/gitpod'
-
-## The 'image' section defines which Docker image Gitpod should use.
-## By default, Gitpod uses a standard Docker Image called 'workspace-full'
-## which can be found at 'https://github.com/gitpod-io/workspace-images'
-##
-## Workspaces started based on this default image come pre-installed with
-## Docker, Go, Java, Node.js, C/C++, Python, Ruby, Rust, PHP as well as
-## tools such as Homebrew, Tailscale, Nginx and several more.
-##
-## If this image does not include the tools needed for your project then
-## a public Docker image or your own Docker file can be configured.
-##
-## Learn more about images at 'https://www.gitpod.io/docs/config-docker'
-
-#image: node:buster                        # use 'https://hub.docker.com/_/node'
-#
-#image:                                    # leave image undefined if using a Dockerfile
-#  file: .gitpod.Dockerfile                # relative path to the Dockerfile from the
-#                                          # root of the project
-
-image:
-  file: .gitpod/.gitpod.Dockerfile
-
-## The 'tasks' section defines how Gitpod prepares and builds this project
-## or how Gitpod can start development servers. With Gitpod, there are three
-## types of tasks:
-##
-## - before: Use this for tasks that need to run before init and before command.
-## - init: Use this to configure prebuilds of heavy-lifting tasks such as
-##         downloading dependencies or compiling source code.
-## - command: Use this to start your database or application when the workspace starts.
-##
-## Learn more about these tasks at 'https://www.gitpod.io/docs/config-start-tasks'
-
-#tasks:
-#  - before: |
-#      # commands to execute...
-#
-#  - init: |
-#      # sudo apt-get install python3     # can be used to install operating system
-#                                         # dependencies but these are not kept after the
-#                                         # prebuild completes thus Gitpod recommends moving
-#                                         # operating system dependency installation steps
-#                                         # to a custom Dockerfile to make prebuilds faster
-#                                         # and to keep your codebase DRY.
-#                                         # 'https://www.gitpod.io/docs/config-docker'
+# Learn more about this file at 'https://www.gitpod.io/docs/references/gitpod-yml'
 #
-#      # pip install -r requirements.txt  # install codebase dependencies
-#      # cmake                            # precompile codebase
+# This '.gitpod.yml' file when placed at the root of a project instructs
+# Gitpod how to prepare & build the project, start development environments
+# and configure continuous prebuilds. Prebuilds when enabled builds a project
+# like a CI server so you can start coding right away - no more waiting for
+# dependencies to download and builds to finish when reviewing pull-requests
+# or hacking on something new.
 #
-#  - name: Web Server
-#    openMode: split-left
-#    env:
-#      WEBSERVER_PORT: 8080
-#    command: |
-#     python3 -m http.server $WEBSERVER_PORT
-#
-#  - name: Web Browser
-#    openMode: split-right
-#    env:
-#      WEBSERVER_PORT: 8080
-#    command: |
-#     gp await-port $WEBSERVER_PORT
-#     lynx `gp url`
+# With Gitpod you can develop software from any device (even iPads) via
+# desktop or browser based versions of VS Code or any JetBrains IDE and
+# customise it to your individual needs - from themes to extensions, you
+# have full control.
 
 tasks:
+  - name: Initialize & Configure AWS
+    init: bash $GITPOD_REPO_ROOT/configure_aws_with_gitpod.sh
   - name: AWS SSO Login
     openMode: split-left
-    command: |
-      aws sso login
-  - name: Bash
+    command: aws sso login
+  - name: Bash Terminal
     openMode: split-right
-    command: |
-      bash
-
-## The 'ports' section defines various ports your may listen on are
-## configured in Gitpod on an authenticated URL. By default, all ports
-## are in private visibility state.
-##
-## Learn more about ports at 'https://www.gitpod.io/docs/config-ports'
-
-#ports:
-#  - port: 8080 # alternatively configure entire ranges via '8080-8090'
-#    visibility: private # either 'public' or 'private' (default)
-#    onOpen: open-browser # either 'open-browser', 'open-preview' or 'ignore'
+    command: bash
 
-## The 'vscode' section defines a list of Visual Studio Code extensions from
-## the OpenVSX.org registry to be installed upon workspace startup. OpenVSX
-## is an open alternative to the proprietary Visual Studio Code Marketplace
-## and extensions can be added by sending a pull-request with the extension
-## identifier to https://github.com/open-vsx/publish-extensions
-##
-## The identifier of an extension is always ${publisher}.${name}.
-##
-## For example: 'vscodevim.vim'
-##
-## Learn more at 'https://www.gitpod.io/docs/ides-and-editors/vscode'
-
-#vscode:
-#  extensions:
-#    - vscodevim.vim
-#    - esbenp.prettier-vscode@9.5.0
-#    - https://example.com/abc/releases/extension-0.26.0.vsix
-
-## The 'github' section defines configuration of continuous prebuilds
-## for GitHub repositories when the GitHub application
-## 'https://github.com/apps/gitpod-io' is installed in GitHub and granted
-## permissions to access the repository.
-##
-## Learn more at 'https://www.gitpod.io/docs/prebuilds'
+# The 'github' section defines configuration of continuous prebuilds
+# for GitHub repositories when the GitHub application
+# 'https://github.com/apps/gitpod-io' is installed in GitHub and granted
+# permissions to access the repository.
+#
+# Learn more at 'https://www.gitpod.io/docs/prebuilds'
 
 github:
   prebuilds:

.gitpod/.gitpod.Dockerfile

@@ -2,15 +2,9 @@
 
 Ever wondered how to integrate AWS Single Sign-On (SSO) and [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/) with Gitpod? Here's how...
 
-## Demo
-
-<a href="https://gitpod.io/#https://github.com/gitpod-io/demo-gitpod-with-aws"><img src="https://gitpod-staging.com/button/open-in-gitpod.svg"/></a>
-
-```bash
-$ command + command output that demonstrates pushing/pulling to/from ECR in Gitpod
-```
+## Secret Management
 
-### Secret Management
+### Secrets Key-Value Map
 
 ```bash
 sso_start_url = ${AWS_SSO_URL}
@@ -20,9 +14,25 @@ sso_role_name = ${AWS_ROLE_NAME}
 region = ${AWS_REGION}
 ```
 
-1. configure your secrests in gitpod here.
-2. Maybe you use vault or some other secret storage, that's okay. the key is to inject them into the config when the worksapce starts. heres how.
+### Configure secrets
+
+- Configure the following secrets [here in Gitpod settings](https://gitpod.io/variables):
+
+  - `AWS_SSO_URL`
+  - `AWS_SSO_REGION`
+  - `AWS_ACCOUNT_ID`
+  - `AWS_ROLE_NAME`
+  - `AWS_REGION`
+
+  <br>
+
+  > **Note**: You Can set scope at for all worskapces (⚠️) or at your Org. Level, at your Personal username level, or at Just Repo. Level. _Read More: [Configure Environment Variables](https://www.gitpod.io/docs/environment-variables#using-the-account-settings)_
+
+- Maybe you use vault or some other secret storage, that's okay. the key is to inject them into the config when the workspace starts.
+
+## Demo
 
+<a href="https://gitpod.io/#https://github.com/gitpod-io/demo-gitpod-with-aws"><img src="https://gitpod.io/button/open-in-gitpod.svg"/></a>
 
 ## Recommended Reading
 
@@ -31,7 +41,7 @@ region = ${AWS_REGION}
 - [One workspace per task](https://www.gitpod.io/docs/workspaces)
 - [Environment variables](https://www.gitpod.io/docs/environment-variables#using-the-account-settings)
 - [Custom Docker Image](https://www.gitpod.io/docs/config-docker)
-- [.gitpod.yml](https://www.gitpod.io/docs/config-gitpod-file)
+- [Config `.gitpod.yml`](https://www.gitpod.io/docs/config-gitpod-file)
 
 ### AWS
 

.gitpod/.gitpod.configure.sh

@@ -0,0 +1,101 @@
+#!/bin/bash
+set -e
+
+# update AWS CLI
+OLD_DIR="$PWD"
+TMP_DIR="$(mktemp -d)"
+echo "Updating AWS"
+cd "${TMP_DIR}" || exit 1
+
+curl -fSsl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+unzip -qq awscliv2.zip
+sudo ./aws/install --update
+rm awscliv2.zip
+
+cd "${OLD_DIR}" || exit 1
+rm -rf "${TMP_DIR}"
+
+# make sure we have ecr-login
+if [ ! -f /usr/local/bin/docker-credential-ecr-login ]; then
+    echo "Installing ecr-login helper"
+    OLD_DIR="$PWD"
+    TMP_DIR="$(mktemp -d)"
+    cd "${TMP_DIR}" || exit 1
+    ECR_LATEST=$(curl -s https://api.github.com/repos/awslabs/amazon-ecr-credential-helper/releases/latest | jq -r ".tag_name")
+    curl -o docker-credential-ecr-login -fSsL "https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/${ECR_LATEST##*v}/linux-amd64/docker-credential-ecr-login"
+    curl -o docker-credential-ecr-login.sha256 -fSsL "https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/${ECR_LATEST##*v}/linux-amd64/docker-credential-ecr-login.sha256"
+    sha256sum -c docker-credential-ecr-login.sha256
+    sudo mv docker-credential-ecr-login /usr/local/bin/docker-credential-ecr-login
+    sudo chmod +x /usr/local/bin/docker-credential-ecr-login
+    cd "${OLD_DIR}" || exit 1
+    rm -rf "${TMP_DIR}"
+fi
+
+# This should be moved to the workspace image.
+if ! command -v session-manager-plugin; then
+    echo "Installing AWS session manager plugin"
+
+      TMP_DIR="$(mktemp -d)"
+      cd "$TMP_DIR" || exit 1
+
+      curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"
+      sudo dpkg -i "session-manager-plugin.deb"
+
+      cd "$OLD_DIR"
+      rm -rf "$TMP_DIR"
+fi
+
+
+AWS_VARS=(AWS_SSO_URL AWS_SSO_REGION AWS_ACCOUNT_ID AWS_ROLE_NAME AWS_REGION)
+
+for AWS_VAR in "${AWS_VARS[@]}"; do
+  echo "$AWS_VAR is ${!AWS_VAR}"
+    if [[ -z "${!AWS_VAR}" ]]; then
+        echo "Error: AWS variable \"$AWS_VAR\" is unset"
+        AWS_VAR_UNSET=true
+    fi
+done
+
+if ! [[ -z "$AWS_VAR_UNSET" ]]; then
+    SCRIPT=$(realpath "$0")
+    echo "AWS Variables are not set, skipping autoconfig of files."
+    echo "Re-run ${SCRIPT} when AWS_ variables are set."
+    echo "set you AWS_ variables in https://gitpod.io/variables ." 
+    echo "For more help, you can refer these docs: https://www.gitpod.io/docs/environment-variables#using-the-account-settings ."
+    exit 1
+fi
+
+
+# create the config for SSO login
+
+# This assumes the below variables have been configured for this repo in gitpod
+# https://www.gitpod.io/docs/environment-variables#using-the-account-settings
+echo "Forcing AWS config to just use SSO credentials"
+[[ -d /home/gitpod/.aws ]] || mkdir /home/gitpod/.aws
+cat <<- AWSFILE > /home/gitpod/.aws/config
+[default]
+sso_start_url = ${AWS_SSO_URL}
+sso_region = ${AWS_SSO_REGION}
+sso_account_id = ${AWS_ACCOUNT_ID}
+sso_role_name = ${AWS_ROLE_NAME}
+region = ${AWS_REGION}
+AWSFILE
+
+# update docker config to use ecr-login
+# if we don't have a .docker/config.json, create:
+
+if [ ! -d /home/gitpod/.docker ]; then
+    mkdir -p /home/gitpod/.docker && echo '{}' > /home/gitpod/.docker/config.json
+elif [ ! -f /home/gitpod/.docker/config.json ]; then
+    echo '{}' > /home/gitpod/.docker/config.json
+fi
+
+echo "Ensuring Docker Config uses ecr-login for ECR repositories"
+
+cp /home/gitpod/.docker/config.json /home/gitpod/.docker/config_bak.json
+jq '.credHelpers["public.ecr.aws"]="ecr-login"' /home/gitpod/.docker/config.json > /home/gitpod/.docker/config_tmp.json
+jq ".credHelpers[\"${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com\"]=\"ecr-login\"" /home/gitpod/.docker/config_tmp.json > /home/gitpod/.docker/config.json
+rm /home/gitpod/.docker/config_tmp.json
+
+echo "All Things whcih are required for AWS SSO & ECR Login are Installed & Configured Successfully."
+echo "Now, You can Start an AWS SSO login session."