Feature/docker automation - Implement Automatic Docker Container Publishing (Closes #324)

.github/workflows/publish.yml

@@ -64,8 +64,53 @@ jobs:
         with:
           password: ${{ secrets.PYPI_PASSWORD }}
 
+# New job to build and push the Docker image to Docker Hub
+  publish-docker:
+    needs: test # Ensure the package tests pass first
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Get all tags for versioning
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker Metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: salesforce/cloudsplaining
+          # Create tags like 'v0.9.1' and 'latest' for the primary version
+          tags: |
+            type=semver,pattern={{version}}
+            type=raw,value=latest,enable=true
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          # Use the secrets that maintainers must create
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and Push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true # Push the image to Docker Hub
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64 # Publish multi-arch images (recommended)
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
   update-brew:
-    needs: publish-package
+    needs: 
+      - publish-package
+      - publish-docker
     runs-on: ubuntu-latest
     permissions:
       contents: write

cloudsplaining/command/scan.py

@@ -104,6 +104,14 @@
     is_flag=True,
     help="Flag risky trust policies in roles.",
 )
+@click.option(
+    "-dA",
+    "--disable-appendices",
+    required=False,
+    default=False,
+    is_flag=True,
+    help="Disable the Guidance and Appendices tabs in the HTML report.",
+)
 def scan(
     input_file: str,
     exclusions_file: str,
@@ -114,6 +122,8 @@ def scan(
     verbosity: int,
     severity: list[str],
     flag_trust_policies: bool,
+    # New argument to disable appendices in the HTML report:
+    disable_appendices: bool,
 ) -> None:  # pragma: no cover
     """
     Given the path to account authorization details files and the exclusions config file, scan all inline and
@@ -152,6 +162,8 @@ def scan(
             flag_conditional_statements=flag_conditional_statements,
             flag_resource_arn_statements=flag_resource_arn_statements,
             flag_trust_policies=flag_trust_policies,
+            # Dependency injection of new argument to disable appendices in the HTML report:
+            disable_appendices=disable_appendices,
             severity=severity,
         )
         html_output_file = os.path.join(output, f"iam-report-{account_name}.html")
@@ -185,6 +197,8 @@ def scan(
                 output,
                 write_data_files=True,
                 minimize=minimize,
+                # dependency injection of new argument to disable appendices in the HTML report:
+                disable_appendices=disable_appendices,
                 severity=severity,
             )
             html_output_file = os.path.join(output, f"iam-report-{account_name}.html")
@@ -235,6 +249,8 @@ def scan_account_authorization_details(
     flag_resource_arn_statements: bool = ...,
     flag_trust_policies: bool = ...,
     severity: list[str] | None = ...,
+    # New argument to disable appendices in the HTML report:
+    disable_appendices: bool = ...,
 ) -> str: ...
 
 
@@ -250,6 +266,8 @@ def scan_account_authorization_details(
     flag_resource_arn_statements: bool = False,
     flag_trust_policies: bool = False,
     severity: list[str] | None = None,
+    # New argument to disable appendices in the HTML report:
+    disable_appendices: bool = False,
 ) -> str | dict[str, Any]:  # pragma: no cover
     """
     Given the path to account authorization details files and the exclusions config file, scan all inline and
@@ -280,6 +298,8 @@ def scan_account_authorization_details(
         account_name=account_name,
         results=results,
         minimize=minimize,
+        # dependency injection of new argument to disable appendices in the HTML report:
+        disable_appendices=disable_appendices,
     )
     rendered_report = html_report.get_html_report()
 

cloudsplaining/output/report.py

@@ -25,11 +25,15 @@ def __init__(
         account_name: str,
         results: dict[str, dict[str, Any]],
         minimize: bool = False,
+        # New argument to disable appendices in the HTML report:
+        disable_appendices: bool = False,
     ) -> None:
         self.account_name = account_name
         self.account_id = account_id
         self.report_generated_time = datetime.datetime.now().strftime("%Y-%m-%d")
         self.minimize = minimize
+        # dependency injection of new argument to disable appendices in the HTML report:
+        self.disable_appendices = disable_appendices
         self.results = f"var iam_data = {json.dumps(results, default=str)}"
         self.template_config = TemplateConfig()
 
@@ -79,6 +83,8 @@ def get_html_report(self) -> str:
             appendices_content=self.template_config.appendices_content,
             show_guidance_nav=self.template_config.show_guidance_nav,
             show_appendices_nav=self.template_config.show_appendices_nav,
+            # dependency injection of new argument to disable appendices in the HTML report:
+            disable_appendices=self.disable_appendices, 
         )
         template_path = os.path.dirname(__file__)
         env = Environment(loader=FileSystemLoader(template_path))  # noqa: S701

cloudsplaining/output/template.html

@@ -36,12 +36,14 @@
     var appendices_content;
     var show_guidance_nav;
     var show_appendices_nav;
+    var disable_appendices;
     account_id = "{{ t.account_id }}";
     account_name = "{{ t.account_name }}";
     report_generated_time = "{{ t.report_generated_time }}";
     cloudsplaining_version = "{{ t.cloudsplaining_version }}";
     show_guidance_nav = "{{ t.show_guidance_nav }}";
     show_appendices_nav = "{{ t.show_appendices_nav }}";
+    disable_appendices = "{{ t.disable_appendices }}";
     guidance_content = "{{ t.guidance_content|safe if t.show_guidance_nav else '' }}";
     appendices_content = "{{ t.appendices_content|safe if t.show_appendices_nav else '' }}";