avatarTeri Radichel

Summarize

Cloning git Repositories in a Container

ACM.280 Executing commands when building an image versus when you run a container based on the image

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Git Security | Application Security | Secure Code | AWS Security | Container Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the last post we looked at how to tell if you’re running inside a container.

In this post we’re going to consider a few things about cloning a source code repository in a container.

Cloning a software repository in a Dockerfile

First of all, we can clone a repository in a Dockerfile. I’ve already shown you how to use the RUN command in our initial post where were installed git in a repository. We can alter the Dockerfile to look like this:

Now run the build command we used in the prior post. If you want to find that command you can use history:

history | grep build

Then type an exclamation point (!) and the number to re-execute the prior command. In my example above:

!1005

You can see in the steps below that each of the commands ran successfully.

Run the docker images command again.

docker images

Here you’ll see the docker-test was built again just a couple of minutes ago.

Run the command to get to the command line inside the container:

docker run -t -i docker-test

List the files.

ls -al

You can see that the SecurityMetricsAutomation folder is added.

You can list the files in that folder and see that it looks correct.

But here’s the thing. If we run that command we are grabbing the code at the time we build the container. That code is then embedded into the image. When we run the container based on that image, it will not update our code from GitHub.

Now we could go ahead and start with a copy of the repository in the container. that way we would only need to pull any changes. that might be faster. But we just need to be aware of when that code executes and that if we use this container in our Lambda function it won’t update to the latest code.

I’d like to go ahead cone the repository each time the container is executed.

One thing I can do is write a file in the docker container dynamically. Since I basically need to run one line of code I am going to add this:

Note that I am adding the line at the top to ensure the script is executed using bash. Otherwise you might see this error:

exec /tmp/clone.sh: exec format error

I also am going to change the permissions of the file to make it executable. Note that I am going to show you additional things you should do for security in later posts.

Now the last thing I am doing to do is define the ENTRYPOINT. This is the executable that will run when the container is stared. I’m going to run the script I created.

Here’s the complete Dockerfile:

Note that the file to clone the repository get created, but the action to clone the repository is not taken.

Now run the container.

docker run -t -i docker-test

Here you can see that the repository got cloned when I ran the container.

So the scenario is that every time we run the container it pulls the latest code. If we use this container in a Lambda function, then we will be able to specify the entry point for the Lambda function as well. (Note that this container needs adjustments to work with Lambda…I’m getting to that in upcoming posts.)

OK cool. We cloned a public repository. Now I want to make this container work in a Lambda function. First, I need to explain a few other concepts.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Container
Git
Clone
Repository
Entrypoint
Recommended from ReadMedium
avatarMeng Li
Python Program Banned from Apple App Store Due to a Single String

App Store Rejection: The Hidden String Costing Python Developers

5 min read
avatarPiotr
6 Essential Linux Command Line Tools for DevOps Engineers

The Swiss Army Knife of DevOps CLI Tools

4 min read
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarWenqi Glantz
The Hidden Cost of Parallel Processing in GitHub Actions

Why monolithic workflows might be the better option for your short-running workflow jobs

6 min read
avatarOliver Lövström
Pre-commit for Python

Getting started with Pre-commit and Pre-commit linter configuration for new Python developers.

3 min read
avatarBagus Tris Atmaja
Creating aliases for Github Copilot CLI

The NPM version of Github (gh) CLI has nice shortcuts ??, ?, and gh?; however the gh version, which is more advanced and sophisticated…

2 min read