Add nipper to compose file and authorize with ECR (#235)

Author: cameron-dunn-sublime

.github/workflows/docker-deploy-dev.yml

@@ -26,8 +26,8 @@ jobs:
         with:
           driver: docker
 
-      - name: Build mantis
-        id: build-mantis
+      - name: Build letsencrypt
+        id: build-letsencrypt
         uses: docker/build-push-action@v2
         with:
           push: true

.github/workflows/docker-tests.yml

@@ -14,10 +14,32 @@ jobs:
     name: Validate Platform Installation
     runs-on: ubuntu-22.04
 
+    permissions:
+      id-token: write
+      contents: read
+
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
+      # main should never require private images
+      - name: Configure AWS Credentials
+        if: github.ref != 'refs/heads/main'
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::948971135452:role/ci-sublime-platform-ecr-read
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        if: github.ref != 'refs/heads/main'
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registries: "948971135452"
+
+      - name: Make ECR credentials available to sudo
+        if: github.ref != 'refs/heads/main'
+        run: sudo cp -r $HOME/.docker /root/
+
       - name: Install Platform
         run: |
           interactive=false clone_platform=false ./install-and-launch.sh

docker-compose.yml

@@ -34,6 +34,21 @@ services:
       - "6379:6379"
     networks:
       - net
+  sublime_nipper:
+    image: 948971135452.dkr.ecr.us-east-1.amazonaws.com/nipper-python-dev:dev
+    restart: unless-stopped
+    container_name: sublime_nipper
+    env_file: sublime.env
+    ports:
+      - "8300:8000"
+    networks:
+      - net
+    environment:
+      NIPPER_BUCKET: "nipper-artifacts"
+      BUCKET_ENDPOINT_URL: "http://sublimes3:8110"
+      DD_TRACE_ENABLED: false
+    depends_on:
+      - sublime_create_buckets
   sublime_strelka_frontend:
     image: sublimesec/strelka-frontend:0.3
     restart: unless-stopped
@@ -122,7 +137,8 @@ services:
       az storage container create --name email-screenshots &&
       az storage container create --name events &&
       az storage container create --name message-storage &&
-      az storage container create --name message-export
+      az storage container create --name message-export &&
+      az storage container create --name nipper-artifacts
       "
   # Keep this name as sublimes3 because underscores don't play nice with certain endpoint validation
   sublimes3:
@@ -157,6 +173,7 @@ services:
       /usr/bin/mc mb myminio/events;
       /usr/bin/mc mb myminio/message-storage;
       /usr/bin/mc mb myminio/message-export;
+      /usr/bin/mc mb myminio/nipper-artifacts;
       /usr/bin/mc ls myminio;
       exit 0;
       "