AWS CLI feature (#1326)

Author: Rabadash8820

script-library/README.md

@@ -14,6 +14,7 @@ Some scripts have special installation instructions (like `desktop-lite-debian.s
 
 | Document | Script | Maintainers |
 |----------|--------|------------|
+| [AWS CLI Install Script](docs/awscli.md) | `awscli-debian.sh` | VS Code and GitHub Codespaces teams |
 | [Azure CLI Install Script](docs/azcli.md) | `azcli-debian.sh` | VS Code and GitHub Codespaces teams |
 | [Common Script](docs/common.md) | `common-debian.sh`<br />`common-alpine.sh`<br />`common-redhat.sh` (Community) | VS Code and GitHub Codespaces teams |
 | [Desktop (Lightweight) Install Script](docs/desktop-lite.md) | `desktop-lite-debian.sh` | VS Code and GitHub Codespaces teams|
@@ -97,7 +98,7 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive  \
     && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 ```
 
-As before, the last line is technically optional, but minimizes the size of the layer by removing temporary contents.  
+As before, the last line is technically optional, but minimizes the size of the layer by removing temporary contents.
 
 You can also use `wget`:
 
@@ -153,4 +154,3 @@ See [CONTRIBUTING.md](../CONTRIBUTING.md) for details on contributing definition
 Copyright (c) Microsoft Corporation. All rights reserved.
 
 Licensed under the MIT License. See [LICENSE](https://github.com/microsoft/vscode-dev-containers/blob/main/LICENSE)
-

script-library/awscli-debian.sh

@@ -0,0 +1,143 @@
+#!/usr/bin/env bash
+#-------------------------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
+#
+# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/awscli.md
+# Maintainer: The VS Code and Codespaces Teams
+#
+# Syntax: ./awscli-debian.sh [AWS CLI version]
+
+set -e
+
+AWSCLI_VERSION=${1:-"latest"}
+AWSCLI_GPG_KEY=FB5DB77FD5C118B80511ADA8A6310ACC4672475C
+AWSCLI_GPG_KEY_MATERIAL="-----BEGIN PGP PUBLIC KEY BLOCK-----
+mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG
+ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx
+PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G
+TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz
+gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk
+C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG
+94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO
+lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG
+fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG
+EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX
+XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB
+tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4WIQT7
+Xbd/1cEYuAURraimMQrMRnJHXAUCXYKvtQIbAwUJB4TOAAULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRCmMQrMRnJHXJIXEAChLUIkg80uPUkGjE3jejvQSA1aWuAM
+yzy6fdpdlRUz6M6nmsUhOExjVIvibEJpzK5mhuSZ4lb0vJ2ZUPgCv4zs2nBd7BGJ
+MxKiWgBReGvTdqZ0SzyYH4PYCJSE732x/Fw9hfnh1dMTXNcrQXzwOmmFNNegG0Ox
+au+VnpcR5Kz3smiTrIwZbRudo1ijhCYPQ7t5CMp9kjC6bObvy1hSIg2xNbMAN/Do
+ikebAl36uA6Y/Uczjj3GxZW4ZWeFirMidKbtqvUz2y0UFszobjiBSqZZHCreC34B
+hw9bFNpuWC/0SrXgohdsc6vK50pDGdV5kM2qo9tMQ/izsAwTh/d/GzZv8H4lV9eO
+tEis+EpR497PaxKKh9tJf0N6Q1YLRHof5xePZtOIlS3gfvsH5hXA3HJ9yIxb8T0H
+QYmVr3aIUes20i6meI3fuV36VFupwfrTKaL7VXnsrK2fq5cRvyJLNzXucg0WAjPF
+RrAGLzY7nP1xeg1a0aeP+pdsqjqlPJom8OCWc1+6DWbg0jsC74WoesAqgBItODMB
+rsal1y/q+bPzpsnWjzHV8+1/EtZmSc8ZUGSJOPkfC7hObnfkl18h+1QtKTjZme4d
+H17gsBJr+opwJw/Zio2LMjQBOqlm3K1A4zFTh7wBC7He6KPQea1p2XAMgtvATtNe
+YLZATHZKTJyiqA==
+=vYOk
+-----END PGP PUBLIC KEY BLOCK-----"
+
+if [ "$(id -u)" -ne 0 ]; then
+    echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
+    exit 1
+fi
+
+# Get central common setting
+get_common_setting() {
+    if [ "${common_settings_file_loaded}" != "true" ]; then
+        curl -sfL "https://aka.ms/vscode-dev-containers/script-library/settings.env" 2>/dev/null -o /tmp/vsdc-settings.env || echo "Could not download settings file. Skipping."
+        common_settings_file_loaded=true
+    fi
+    if [ -f "/tmp/vsdc-settings.env" ]; then
+        local multi_line=""
+        if [ "$2" = "true" ]; then multi_line="-z"; fi
+        local result="$(grep ${multi_line} -oP "$1=\"?\K[^\"]+" /tmp/vsdc-settings.env | tr -d '\0')"
+        if [ ! -z "${result}" ]; then declare -g $1="${result}"; fi
+    fi
+    echo "$1=${!1}"
+}
+
+# Function to run apt-get if needed
+apt_get_update_if_needed()
+{
+    if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then
+        echo "Running apt-get update..."
+        apt-get update
+    else
+        echo "Skipping apt-get update."
+    fi
+}
+
+# Checks if packages are installed and installs them if not
+check_packages() {
+    if ! dpkg -s "$@" > /dev/null 2>&1; then
+        apt_get_update_if_needed
+        apt-get -y install --no-install-recommends "$@"
+    fi
+}
+
+export DEBIAN_FRONTEND=noninteractive
+
+check_packages curl ca-certificates gnupg2 dirmngr
+
+verify_aws_cli_gpg_signature() {
+    local filePath=$1
+    local sigFilePath=$2
+
+    get_common_setting AWSCLI_GPG_KEY
+    get_common_setting AWSCLI_GPG_KEY_MATERIAL
+    local awsCliPublicKeyFile=aws-cli-public-key.pem
+    echo "${AWSCLI_GPG_KEY_MATERIAL}" > "${awsCliPublicKeyFile}"
+    gpg --quiet --import "${awsCliPublicKeyFile}"
+
+    gpg --batch --quiet --verify "${sigFilePath}" "${filePath}"
+    local status=$?
+
+    gpg --batch --quiet --delete-keys "${AWSCLI_GPG_KEY}"
+    rm "${awsCliPublicKeyFile}"
+
+    return ${status}
+}
+
+install() {
+    local scriptZipFile=awscli.zip
+    local scriptSigFile=awscli.sig
+
+    # See Linux install docs at https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
+    if [ "${AWSCLI_VERSION}" != "latest" ]; then
+        local versionStr=-${AWSCLI_VERSION}
+    fi
+    architecture=$(dpkg --print-architecture)
+    case "${architecture}" in
+        amd64) architectureStr=x86_64 ;;
+        arm64) architectureStr=aarch64 ;;
+        *)
+            echo "AWS CLI does not support machine architecture '$architecture'. Please use an x86-64 or ARM64 machine."
+            exit 1
+    esac
+    local scriptUrl=https://awscli.amazonaws.com/awscli-exe-linux-${architectureStr}${versionStr}.zip
+    curl "${scriptUrl}" -o "${scriptZipFile}"
+    curl "${scriptUrl}.sig" -o "${scriptSigFile}"
+
+    verify_aws_cli_gpg_signature "$scriptZipFile" "$scriptSigFile"
+    if (( $? > 0 )); then
+        echo "Could not verify GPG signature of AWS CLI install script. Make sure you provided a valid version."
+        exit 1
+    fi
+
+    unzip "${scriptZipFile}"
+    ./aws/install
+
+    rm -rf ./aws
+}
+
+echo "(*) Installing AWS CLI..."
+
+install
+
+echo "Done!"

script-library/container-features/README.md

@@ -8,15 +8,15 @@ This folder includes some explorations around dynamic container feature injectio
 
 **Registering a feature**
 
-Create the install script in the [script-library](../../script-library/) directory with the naming convention `<lowercase-feature-name>-<target-os>.sh`. EG `python-debian.sh` or `common-alpine.sh`
+Create the install script in the [script-library](../../script-library/) directory with the naming convention `<lowercase-feature-name>-<target-os>.sh`. E.g., `python-debian.sh` or `common-alpine.sh`
 
 Add a new object to the [devcontainer-features.json](../../script-library/container-features/src/devcontainer-features.json) file:
 
 ```json
 {
     "id": "<lowercase-feature-name>", // Must match the <lowercase-feature-name> used to name the install script.
     "name": "Display Name of Feature",
-    "documentationURL": "https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/<lowercase-feature-name>.md", 
+    "documentationURL": "https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/<lowercase-feature-name>.md",
     "options": {
         "scriptArgument$1": {
             "type": "string", // Either "string" or "boolean"
@@ -31,7 +31,7 @@ Add a new object to the [devcontainer-features.json](../../script-library/contai
         }
     },
     "buildArg": "_VSC_INSTALL_<CAPITALIZED_ID>", // Must match the ENV VAR defined in the feature-scripts.env file.
-    "extensions": [], // Array of VS Code extensions to install with this feature. 
+    "extensions": [], // Array of VS Code extensions to install with this feature.
     "include": [] // Array of base containers this script can be used on.
 }
 ```
@@ -43,7 +43,7 @@ _VSC_INSTALL_<FEATURE>="<feature>-debian.sh ${_BUILD_ARG_<FEATURE>_<OPTION1>:-<o
 ```
 
 - Options declared in `devcontainer-features.json` are mapped using the naming convention `_BUILD_ARG_<FEATURE>_<OPTIONNAME>` and their default should match the declared default for that option.
-- EG `_VSC_INSTALL_AZURE_CLI="azcli-debian.sh ${_BUILD_ARG_AZURE_CLI_VERSION:-latest}"`
+- E.g., `_VSC_INSTALL_AZURE_CLI="azcli-debian.sh ${_BUILD_ARG_AZURE_CLI_VERSION:-latest}"`
 
 **Feature testing**
 
@@ -59,21 +59,25 @@ _VSC_INSTALL_<FEATURE>="<feature>-debian.sh ${_BUILD_ARG_<FEATURE>_<OPTION1>:-<o
 Repeat as needed to iterate from a clean workspace.
 
 *Unit tests*
+
 - Add your feature to the [run-scripts.sh](../../script-library/test/regression/run-scripts.sh) file to ensure it is included in CI tests.
 
 - Your addition should take the form `runScript <feature> <non-default-args>`.
 
-EG
+E.g.:
+
 ```sh
 runScript dotnet "3.1 true ${USERNAME} false /opt/dotnet dotnet"
 ```
 
 - If your script takes the installation user as an argument, be sure to specify it as ${USERNAME} in the tests for programatic testing.
 
 *Regression tests*
+
 - Add your feature to the [test-features.env](../../script-library/container-features/test-features.env) file to include it in regression tests of the container-feature functionality. By setting the `_VSC_INSTALL_<FEATURE>` ENV VAR to true and adding the expected _BUILD_ARG options for your feature.
 
-EG
+E.g.:
+
 ```
     _VSC_INSTALL_DOTNET=true
     _BUILD_ARG_DOTNET_VERSION=latest
@@ -82,11 +86,12 @@ EG
 
 **Feature documentation**
 
-Add your new feature to the list of scripts in the [script-library README.md](https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/README.md#scripts).
+Add your new feature to the list of scripts in the [script-library README.md](../../script-library/README.md#scripts).
+
+Add documentation for your new feature script to the [script-library/docs](../../script-library/docs) directory.
 
-Add documentation for your new feature script to the [script-library/docs](https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs) directory.
+Documentation should include:
 
-Documentation should include: 
 - the status of the script, supported operating systems, and maintainer.
 - the syntax expected to run as a feature or script
 - a description of the script arguments
@@ -97,6 +102,7 @@ Feel free to use other scripts in that directory as inspiration.
 ### Best practices for writing feature install scripts
 
 - Decouple sections of the shellscript that handle user setup, helper functions, and feature installation. Doing so will apply a logical and natural flow to the script for future developers and maintainers to follow. One way to denote this distinction is to use in-line comments throughout the script.
+
     ```md
     # Logical flow recommended:
     1. File header and description.
@@ -109,6 +115,7 @@ Feel free to use other scripts in that directory as inspiration.
     ```
 
 - One way to make troubleshooting the script easier when writing a bash shell script is to echo error messages to `STDERR`. A possible way we implemented this in bash scripts is to create an `err()` function like so:
+
     ```sh
     # Setup STDERR.
     err() {
@@ -119,12 +126,14 @@ Feel free to use other scripts in that directory as inspiration.
     ```
 
 - If writing a bash shellscript, we recommend using double quotes and braces when referencing named variables:
+
     ```sh
     variable="My example var"
     echo "${variable}"
     ```
 
 - One method to to ensure the global space in a script is not too crowded with unnecessary variables is to assign return values from functions to a new variable, and use the keyword `local` for vars inside of functions. For example:
+
     ```sh
     test_function() {
         local test = "hello world!"
@@ -134,6 +143,7 @@ Feel free to use other scripts in that directory as inspiration.
     ```
 
 - If using temporary files within the script, we recommend removing all those files once they are no longer needed. One method for doing this is running a cleanup function with a `trap` method when the script exits:
+
     ```sh
     # Cleanup temporary directory and associated files when exiting the script.
     cleanup() {
@@ -150,7 +160,7 @@ Feel free to use other scripts in that directory as inspiration.
 
 - Consider using [shellcheck](https://github.com/koalaman/shellcheck) or the [vscode-shellcheck extension](https://github.com/vscode-shellcheck/vscode-shellcheck) to apply linting and static code analysis to the bash script to ensure it is formatted correctly.
 
-- Consider using common helper functions from [shared/utils.sh](../../script-library/shared/utils.sh) when managing common tasks (like updating PATH variables, or managing gpg keys) by copying them directly into your script.  
+- Consider using common helper functions from [shared/utils.sh](../../script-library/shared/utils.sh) when managing common tasks (like updating PATH variables, or managing gpg keys) by copying them directly into your script.
     - NOTE: This is done to minimize the impact that any change can have on existing working scripts.
     - Similarly, if you add a helper function to your script that could benefit others in the future, consider adding it to the `shared/utils.sh` file as well.