diff --git a/backend/voice-agent/Dockerfile b/backend/voice-agent/Dockerfile index 38f46c0..fd63faa 100644 --- a/backend/voice-agent/Dockerfile +++ b/backend/voice-agent/Dockerfile @@ -13,44 +13,59 @@ # ======================== # Stage 1: Build / Install # ======================== -FROM python:3.12-slim AS builder +# Using Amazon Linux 2023 for better AWS integration and security +FROM public.ecr.aws/amazonlinux/amazonlinux:2023 AS builder ENV PYTHONDONTWRITEBYTECODE=1 \ PIP_NO_CACHE_DIR=1 \ PIP_DISABLE_PIP_VERSION_CHECK=1 -# Build tools for any native extensions (gcc, python3-dev) -RUN apt-get update && apt-get install -y --no-install-recommends \ +# Build tools for any native extensions (gcc, python3-devel) +# Amazon Linux 2023 uses OpenSSL (no gnutls/mbedtls vulnerabilities) +RUN yum install -y \ gcc \ - python3-dev \ - && rm -rf /var/lib/apt/lists/* + python3.13 \ + python3.13-devel \ + python3.13-pip \ + && yum clean all WORKDIR /app # Copy requirements first for better layer caching COPY requirements.txt . -# Install Python dependencies into a virtual env for clean copy -RUN python -m venv /app/venv +# Set Python 3.13 as default and install dependencies into a virtual env +RUN alternatives --install /usr/bin/python3 python3 /usr/bin/python3.13 1 \ + && alternatives --set python3 /usr/bin/python3.13 \ + && python3 -m venv /app/venv + ENV PATH="/app/venv/bin:$PATH" RUN pip install --no-cache-dir -r requirements.txt # ======================== # Stage 2: Runtime # ======================== -FROM python:3.12-slim +# Using Amazon Linux 2023 for better AWS integration and security +FROM public.ecr.aws/amazonlinux/amazonlinux:2023 ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 -# Runtime-only system dependencies (no gcc/python3-dev) -RUN apt-get update && apt-get install -y --no-install-recommends \ +# Runtime-only system dependencies (no gcc/python3-devel) +# Amazon Linux 2023 uses OpenSSL (no gnutls/mbedtls vulnerabilities) +RUN yum install -y \ + python3.13 \ + python3.13-libs \ # Audio processing - libsndfile1 \ - ffmpeg \ - # Networking (health checks) - curl \ - && rm -rf /var/lib/apt/lists/* + libsndfile \ + # User management tools + shadow-utils \ + # Networking (health checks) - curl-minimal already installed + && yum clean all + +# Set Python 3.13 as default +RUN alternatives --install /usr/bin/python3 python3 /usr/bin/python3.13 1 \ + && alternatives --set python3 /usr/bin/python3.13 # Create non-root user for security RUN useradd --create-home --shell /bin/bash appuser diff --git a/buildspec-appointment-agent.yml b/buildspec-appointment-agent.yml new file mode 100644 index 0000000..3aa9868 --- /dev/null +++ b/buildspec-appointment-agent.yml @@ -0,0 +1,28 @@ +version: 0.2 + +phases: + pre_build: + commands: + - echo Logging in to Amazon ECR... + - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $ECR_REGISTRY + - aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws + - IMAGE_TAG=${CODEBUILD_RESOLVED_SOURCE_VERSION:-latest} + - echo Building appointment-agent with image tag $IMAGE_TAG + + build: + commands: + - echo Build started on `date` + - cd backend/agents/appointment-agent + - docker build -t appointment-agent . + - docker tag appointment-agent $ECR_REGISTRY/$ECR_REPOSITORY:appointment-agent-$IMAGE_TAG + - docker tag appointment-agent $ECR_REGISTRY/$ECR_REPOSITORY:appointment-agent-latest + + post_build: + commands: + - echo Pushing the Docker images... + - docker push $ECR_REGISTRY/$ECR_REPOSITORY:appointment-agent-$IMAGE_TAG + - docker push $ECR_REGISTRY/$ECR_REPOSITORY:appointment-agent-latest + +env: + variables: + AWS_DEFAULT_REGION: us-east-1 diff --git a/buildspec-crm-agent.yml b/buildspec-crm-agent.yml new file mode 100644 index 0000000..e638145 --- /dev/null +++ b/buildspec-crm-agent.yml @@ -0,0 +1,32 @@ +version: 0.2 + +# CodeBuild buildspec for building and pushing crm-agent container + +phases: + pre_build: + commands: + - echo Logging in to Amazon ECR... + - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $ECR_REGISTRY + - aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws + - IMAGE_TAG=${CODEBUILD_RESOLVED_SOURCE_VERSION:-latest} + - echo Building crm-agent with image tag $IMAGE_TAG + + build: + commands: + - echo Build started on `date` + - echo Building the Docker image for crm-agent... + - cd backend/agents/crm-agent + - docker build -t $ECR_REPOSITORY:crm-agent-$IMAGE_TAG . + - docker tag $ECR_REPOSITORY:crm-agent-$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:crm-agent-$IMAGE_TAG + - docker tag $ECR_REPOSITORY:crm-agent-$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:crm-agent-latest + + post_build: + commands: + - echo Build completed on `date` + - echo Pushing the Docker images... + - docker push $ECR_REGISTRY/$ECR_REPOSITORY:crm-agent-$IMAGE_TAG + - docker push $ECR_REGISTRY/$ECR_REPOSITORY:crm-agent-latest + +env: + variables: + AWS_DEFAULT_REGION: us-east-1 diff --git a/buildspec-kb-agent.yml b/buildspec-kb-agent.yml new file mode 100644 index 0000000..7cf1f85 --- /dev/null +++ b/buildspec-kb-agent.yml @@ -0,0 +1,28 @@ +version: 0.2 + +phases: + pre_build: + commands: + - echo Logging in to Amazon ECR... + - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $ECR_REGISTRY + - aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws + - IMAGE_TAG=${CODEBUILD_RESOLVED_SOURCE_VERSION:-latest} + - echo Building kb-agent with image tag $IMAGE_TAG + + build: + commands: + - echo Build started on `date` + - cd backend/agents/knowledge-base-agent + - docker build -t kb-agent . + - docker tag kb-agent $ECR_REGISTRY/$ECR_REPOSITORY:kb-agent-$IMAGE_TAG + - docker tag kb-agent $ECR_REGISTRY/$ECR_REPOSITORY:kb-agent-latest + + post_build: + commands: + - echo Pushing the Docker images... + - docker push $ECR_REGISTRY/$ECR_REPOSITORY:kb-agent-$IMAGE_TAG + - docker push $ECR_REGISTRY/$ECR_REPOSITORY:kb-agent-latest + +env: + variables: + AWS_DEFAULT_REGION: us-east-1 diff --git a/buildspec-voice-agent.yml b/buildspec-voice-agent.yml new file mode 100644 index 0000000..4c92f49 --- /dev/null +++ b/buildspec-voice-agent.yml @@ -0,0 +1,42 @@ +version: 0.2 + +# CodeBuild buildspec for building and pushing voice-agent container +# Addresses security vulnerabilities by building with updated Dockerfile + +phases: + pre_build: + commands: + - echo Logging in to Amazon ECR... + - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $ECR_REGISTRY + - IMAGE_TAG=${CODEBUILD_RESOLVED_SOURCE_VERSION:-latest} + - echo Building voice-agent with image tag $IMAGE_TAG + - echo Attempting to pull Amazon Linux base image to warm Docker cache... + - docker pull public.ecr.aws/amazonlinux/amazonlinux:2023 || echo "Docker pull failed, will try during build" + + build: + commands: + - echo Build started on `date` + - echo Building the Docker image for voice-agent... + - cd backend/voice-agent + - docker build -t $ECR_REPOSITORY:$IMAGE_TAG . + - docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + - docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest + + post_build: + commands: + - echo Build completed on `date` + - echo Pushing the Docker images... + - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + - docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest + - echo Writing image definitions file... + - printf '[{"name":"voice-agent","imageUri":"%s"}]' $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG > imagedefinitions.json + +artifacts: + files: + - imagedefinitions.json + +env: + variables: + AWS_DEFAULT_REGION: us-east-1 + ECR_REGISTRY: 972801262139.dkr.ecr.us-east-1.amazonaws.com + ECR_REPOSITORY: cdk-hnb659fds-container-assets-972801262139-us-east-1