WIP: DEVOPS-991: added deployment of docker images to ECR via Github Actions

.github/workflows/deploy.yml

@@ -0,0 +1,40 @@
+name: Deploy ScoutSuite Docker Image to ECR
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  build_and_push:
+    name: Build and Push Docker Images to ECR
+    runs-on: ubuntu-16.04
+
+    steps:
+      - name: Git Checkout
+        uses: actions/checkout@v2
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: ECR login
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build, tag, and push ScoutSuite image to ECR
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: ifit/scoutsuite
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $ECR_REPOSITORY .
+          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:latest
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest

IFIT.md

@@ -1,8 +1,20 @@
 # iFit
 
-See corresponding CloudFormation template for ECR repository information
+[![Deployments](https://github.com/ifit/ScoutSuite/workflows/Deploy%20ScoutSuite%20Docker%20Image%20to%20ECR/badge.svg)](https://github.com/ifit/ScoutSuite/actions?query=workflow%3A%22Build%20and%20Push%20Docker%20Images%20to%20ECR%22)
 
-## Build Steps
+See corresponding [ScouteSuite CloudFormation template](https://github.com/ifit/the-diagram/blob/master/cloudformation/scout-suite.yml) for ECR repository information
+
+## Deployments
+
+Github Actions build, tag (short `sha1` && `latest`), and push docker images to ECR for every PR/Push to the `master` branch via the [`Deploy ScoutSuite Docker Image to ECR`](../.github/workflows/deploy.yml) workflow using a dedicated [IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) with [least priveledge granted](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege) and keeping AWS Access Keys stored as [GitHub Actions secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets).
+
+The ECR LifecyclePolicy for the ScouteSuite Repo only retains 3 docker images. Each time the task runs the `lastest` image will be used.
+
+### RollingBack
+
+To rollback a bad deploy/broken image you can delete the defective image, and ensure that the image in the rpo you wish to be used is tagged as `latest`.
+
+## Manual Build Steps
 
 ### Log into ECR
 
@@ -21,7 +33,8 @@ See corresponding CloudFormation template for ECR repository information
 * `docker push <account_id>.dkr.ecr.<region>.amazonaws.com/scout-suite/scout-suite:latest`
 
 ## Changelog
-
+* 2020-09-11
+  * added deployments of docker images to ECR via Github Actions
 * 2020-07-03
   * Add ability to push output report to a parameterized S3 bucket (pulled from env var)
   * Set mime types on objects pushed to S3