DevSecOps: Pushing code to AWS CodeCommit.
From the first lesson, we created a new repository had gave it a unique name — I named mine DevSecOps-Journey. We then cloned it to the local environment. We will now be working on the local computer, then will push code to the AWS repo.
If we check, both local and AWS repo should be empty — we will be pushing files to this repo in this exercise.
We will download the vulnerable web application in the repository — which will allow us to create a pipeline that will automatically build out the application and perform various tests on that application.
The code is provided by Snyk — a software security vendor with various software security tools which are devsecops friendly — which means they can be embedded in the pipeline very easily.
Download the Java Reachability Playground files, extract and copy all files into the directory folder we made in the last exercise. My folder is DevSecOps-Journey- so that’s where I’ll paste the files into.
In the next steps, we will push the code using terminal or Powershell if on Windows.
- To ensure that you have all the files — run the ls bash command(see above).
2. Run git status — you will see the new files highlighted in red — as those are currently untracked files
3. Run git add *, and then rerun git status again. This time the files should be highlighted in green. Add * indicates all new files will be added to the commit.
4. Run git commit -m “adding new software files” to push the or commit the files.
Commit means you are creating a snapshot of the project at that point and the -m flag represents that we are adding a note — for tracking purposes. A very good practice to notate why the changes are being made.
5. Run git push >>more than likely you’ll be prompted to provide your credentials we created in the last lesson. Enter both user and password.
You’ll get a summary of what was pushed. Verify that it was pushed in the repo we intended, and a new master branch is created.
At this point — if you refresh the repository in AWS, you’ll find a new page full of details — the files we jus pushed. Take a few minutes to review the Readme.md file.
~ If you’ve been able to follow along so far, great job. We covered quite a few items and it might be worth taking a few minutes to review the steps again.
~ If you didn’t quite get the same results — don’t be discouraged, let me know and we can walk through the steps again.
~ If this was the first time using git on your local computer — you may have received the following message while running git push— “*** Please tell me who you are.” Just run the two commands and you’ll be back on your way to pushing the code.
Next time, we will be building the buildspec.yml file, and will be leveraging SonarCloud to test our code in the pipeline. I’ll see you then
Great thanks to CYBERPROS Solutions family — Nic Moy and Jerson W. Delgado for your guidance and help throughout this journey.
