✨ (new): Adds new custodian container and scripts

.github/workflows/docker.yml

@@ -0,0 +1,59 @@
+name: ci
+
+on:
+  push:
+    branches: [ main ]
+    tags:
+      - "v*.*.*"
+  pull_request:
+    branches: [ main ]
+    types: [ opened, synchronize, reopened, closed, labeled, unlabeled ]
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            bendoerr-terraform-modules/terraform-aws-fargate-on-demand-custodian
+            ghcr.io/bendoerr-terraform-modules/terraform-aws-fargate-on-demand-custodian
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha  
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: custodian
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/infracost.yml

@@ -1,3 +1,5 @@
+name: ci
+
 on:
   pull_request:
     branches: [ main ]

.github/workflows/test.yml

@@ -1,3 +1,5 @@
+name: ci
+
 on:
   push:
     branches: [ main ]

.github/workflows/tflint.yml

@@ -1,3 +1,5 @@
+name: ci
+
 on:
   push:
     branches: [ main ]

.github/workflows/tfsec.yml

@@ -1,3 +1,5 @@
+name: ci
+
 on:
   push:
     branches: [ main ]

custodian/Dockerfile

@@ -0,0 +1,15 @@
+FROM amazon/aws-cli
+
+RUN yum install -y \
+    net-tools \
+    jq \
+    nmap-ncat \
+    && \
+    yum clean all
+
+COPY ./custodian .
+COPY ./dns-updater .
+COPY ./event-emitter .
+COPY ./task-reaper .
+
+ENTRYPOINT ["./watchdog.sh"]

custodian/custodian

@@ -0,0 +1,132 @@
+#!/usr/bin/env bash
+#
+
+################################################################################
+# Sanity
+################################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# Going to use pattern matching with multiple patterns to validate event type
+# https://www.gnu.org/software/bash/manual/bash.html#Pattern-Matching
+set -o extglob
+
+################################################################################
+# Globals
+################################################################################
+
+# shellcheck disable=SC2155
+declare -r SCRIPT_NAME="$(basename "$0")"
+
+# Global SNS_TOPIC so that an event can be sent on sigterm
+declare SIGTERM_SNS_TOPIC="${SNS_TOPIC_ARN:-}"
+
+################################################################################
+# Helpers
+################################################################################
+
+function io::print_help() {
+  printf '\n%s\n' "Ben's Terraform AWS Fargate on Demand Custodian"
+  printf 'Usage: %s [-h|--help] [options]\n' "$(basename "$0")"
+  printf '\t%s\n' "-h, --help: Prints help"
+  printf '\t%s\n' ""
+  printf '\n%s\n' "Required Options"
+  printf '\t%s\n' "--dns-zone-id   (DNS_ZONE_ID)   Route 53 Zone ID containing the record to update"
+  printf '\t%s\n' "--dns-record    (DNS_RECORD)    Route 53 record to update"
+  printf '\t%s\n' ""
+  printf '\n%s\n' "Options"
+  printf '\t%s\n' "--revert-value  (REVERT_VALUE)  Route 53 record value to set"
+  printf '\t%s\n' "--revert-type   (REVERT_TYPE)   Route 53 record type"
+  printf '\t%s\n' "--topic         (SNS_TOPIC_ARN) SNS Topic to send events"
+  printf '\t%s\n' ""
+}
+
+function io::info() {
+  xopts=("--tag" "${SCRIPT_NAME}" "--id=$$")
+  if [[ -t 0 ]]; then
+    xopts+=("--stderr")
+  fi
+  logger "${xopts[@]}" "INFO  $*"
+}
+
+function io::die() {
+  local msg="${1}"
+  local ret="${2:-1}"
+  local print_help="${3:-}"
+
+  if [[ ${print_help} == "print help" ]]; then
+    io::print_help >&2
+  fi
+
+  logger --tag "${SCRIPT_NAME}" --id="$$" --stderr "ERROR ${msg}"
+
+  exit "${ret}"
+}
+
+function io:die_missing_value() {
+  local key="${1}"
+  io::die "missing value for argument '${key}'"
+}
+
+################################################################################
+# Trap
+################################################################################
+
+function sigterm() {
+  io::info "Terminating..."
+
+  io::info "Stopping task..."
+  task-reaper
+
+  io::info "Emitting stop event..."
+  event-emitter --type 'start' --topic "${SIGTERM_SNS_TOPIC}"
+
+  io::info "... done"
+  exit 0
+}
+trap sigterm SIGTERM
+
+################################################################################
+# Main
+################################################################################
+
+function main() {
+  local -a args
+  IFS=" " read -r -a args <<< "$@"
+
+  while test $# -gt 0; do
+    key="${1}"
+    shift
+
+    case "${key}" in
+    --help | -h)
+      io::print_help
+      exit 0
+      ;;
+    --topic)
+      if [[ $# -lt 1 ]]; then
+        io::die_missing_value "${key}"
+      fi
+      SIGTERM_SNS_TOPIC="${1}"
+      shift
+      ;;
+    esac
+  done
+
+  io::info "Emitting start event..."
+  event-emitter --type 'start' "${args[@]}"
+
+  io::info "Updating DNS record..."
+  dns-updater "${args[@]}"
+
+  ## TODO WATCH
+
+  io::info "Stopping task..."
+  task-reaper
+
+  io::info "Emitting stop event..."
+  event-emitter --type 'start' --topic "${SIGTERM_SNS_TOPIC}"
+
+}