fix: ssm change name

Author: hypolas

.github/workflows/docker-build.yml

@@ -3,7 +3,7 @@ name: Build and Push Docker Images
 on:
   push:
     branches: [ main, develop ]
-    tags: [ 'v*' ]
+    tags: [ v* ]
   pull_request:
     branches: [ main ]
   workflow_dispatch:

.github/workflows/security-scan.yml

@@ -6,7 +6,7 @@ on:
   pull_request:
     branches: [ main ]
   schedule:
-    - cron: '0 2 * * 1'  # Weekly on Monday at 2 AM
+    - cron: 0 2 * * 1  # Weekly on Monday at 2 AM
 
 env:
   REGISTRY: docker.io
@@ -40,22 +40,22 @@ jobs:
     - name: Run Trivy vulnerability scanner
       uses: aquasecurity/trivy-action@master
       with:
-        image-ref: 'azure-agent:scan'
-        format: 'sarif'
-        output: 'trivy-results.sarif'
+        image-ref: azure-agent:scan
+        format: sarif
+        output: trivy-results.sarif
 
     - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       if: always()
       with:
-        sarif_file: 'trivy-results.sarif'
+        sarif_file: trivy-results.sarif
 
     - name: Run Trivy vulnerability scanner (table output)
       uses: aquasecurity/trivy-action@master
       with:
-        image-ref: 'azure-agent:scan'
-        format: 'table'
-        output: 'trivy-results.txt'
+        image-ref: azure-agent:scan
+        format: table
+        output: trivy-results.txt
 
     - name: Generate security summary
       if: always()

AWS-SSM.md

@@ -1,6 +1,6 @@
 # Binaire AWS SSM
 
-**aws-ssm** est automatiquement installé depuis le dépôt `hypolas/aws-ssm-light`.
+**aws-ssm** est automatiquement installé depuis le dépôt `hypolas/aws-ssm-lite`.
 
 ## Avantages du binaire aws-ssm
 - ✅ **Léger** : ~10MB vs ~100MB+ pour AWS CLI

Dockerfile

@@ -61,7 +61,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 
 COPY download-github-binary.sh /tmp/
 RUN chmod +x /tmp/download-github-binary.sh && \
-    /tmp/download-github-binary.sh "hypolas/aws-ssm-light" "aws-ssm"
+    /tmp/download-github-binary.sh "hypolas/aws-ssm-lite" "aws-ssm"
 
 # Stage 4: Download Docker CLI
 FROM ubuntu:22.04 AS docker-downloader

README.md

@@ -99,7 +99,7 @@ services:
     build:
       context: .
       args:
-        # aws-ssm installed by default (hypolas/aws-ssm-light)
+        # aws-ssm installed by default (hypolas/aws-ssm-lite)
         INSTALL_AWS_SSM: "true"
 
     container_name: azure-devops-agent
@@ -299,7 +299,7 @@ chmod +x deploy-agents.sh
 - 🔢 **Multi-instance**: Multiple agent management via AGENT_NUMBER
 - 🌐 **Production-ready**: Optimized for cloud environments
 
-### ⚡ Optimized aws-ssm Binary (hypolas/aws-ssm-light)
+### ⚡ Optimized aws-ssm Binary (hypolas/aws-ssm-lite)
 
 The image automatically integrates the **aws-ssm binary** to replace AWS CLI:
 

docker-compose.yml

@@ -5,7 +5,7 @@ services:
     build:
       context: .
       args:
-        # aws-ssm installed by default (hypolas/aws-ssm-light)
+        # aws-ssm installed by default (hypolas/aws-ssm-lite)
         INSTALL_AWS_SSM: "true"
 
     container_name: azure-devops-agent

entrypoint.sh

@@ -3,74 +3,74 @@ set -e
 
 # Function to be called on shutdown
 cleanup() {
-    echo "Container stopped. Running cleanup..."
-    cd "$INSTALL_FOLDER/$AGENT_NUMBER"
-    ./config.sh remove --unattended --auth pat --token "$AZP_TOKEN"
-    echo "Agent successfully unregistered."
-    exit 0
+	echo "Container stopped. Running cleanup..."
+	cd "$INSTALL_FOLDER/$AGENT_NUMBER"
+	./config.sh remove --unattended --auth pat --token "$AZP_TOKEN"
+	echo "Agent successfully unregistered."
+	exit 0
 }
 
 # Trap SIGTERM and call cleanup
 trap cleanup SIGTERM
 
 # Add azureagent user to Docker group if /var/run/docker.sock exists
 if [ -S /var/run/docker.sock ]; then
-    DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock)
-    echo "Adding azureagent user to GID $DOCKER_SOCK_GID for Docker access..."
-    sudo groupadd -g "$DOCKER_SOCK_GID" -f dockerhost 2>/dev/null || true
-    sudo usermod -aG "$DOCKER_SOCK_GID" azureagent 2>/dev/null || true
-    # sudo groupadd -g "$DOCKER_SOCK_GID" docker|| true
+	DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock)
+	echo "Adding azureagent user to GID $DOCKER_SOCK_GID for Docker access..."
+	sudo groupadd -g "$DOCKER_SOCK_GID" -f dockerhost 2>/dev/null || true
+	sudo usermod -aG "$DOCKER_SOCK_GID" azureagent 2>/dev/null || true
+	# sudo groupadd -g "$DOCKER_SOCK_GID" docker|| true
 fi
 
 # Verify required environment variables
 if [ -z "$AZP_URL" ]; then
-    echo "Error: AZP_URL must be defined"
-    exit 1
+	echo "Error: AZP_URL must be defined"
+	exit 1
 fi
 
 # Retrieve Azure DevOps token from AWS Secrets Manager if not provided
 if [ -z "$AZP_TOKEN" ]; then
-    if [ -n "$AZURE_DEVOPS_TOKEN_SECRET_ARN" ] && [ -n "$AWS_REGION" ]; then
-        echo "Retrieving Azure DevOps token from AWS Secrets Manager..."
-
-        # Use official aws-ssm (hypolas/aws-ssm-light) first
-        if command -v aws-ssm >/dev/null 2>&1; then
-            echo "Using aws-ssm (hypolas/aws-ssm-light)..."
-            # Syntax: aws-ssm <secret-id> [region]
-            SECRET_TOKEN=$(aws-ssm "$AZURE_DEVOPS_TOKEN_SECRET_ARN" "$AWS_REGION" 2>/dev/null)
-        elif command -v light_ssm >/dev/null 2>&1; then
-            echo "Using light_ssm (fallback)..."
-            SECRET_TOKEN=$(light_ssm "$AZURE_DEVOPS_TOKEN_SECRET_ARN" "$AWS_REGION" 2>/dev/null)
-        else
-            echo "❌ No AWS Secrets Manager client available (aws-ssm or light_ssm)"
-            echo "Install aws-ssm from hypolas/aws-ssm-light or enable INSTALL_AWS_SSM=true"
-            exit 1
-        fi
-
-        if [ -n "$SECRET_TOKEN" ] && [ "$SECRET_TOKEN" != "null" ]; then
-            AZP_TOKEN="$SECRET_TOKEN"
-            echo "✅ Token retrieved from AWS Secrets Manager"
-        else
-            echo "❌ Failed to retrieve token from Secrets Manager"
-            exit 1
-        fi
-    else
-        echo "❌ AZP_TOKEN not provided and AWS Secrets Manager not configured"
-        echo "Provide either AZP_TOKEN, or AWS_REGION + AZURE_DEVOPS_TOKEN_SECRET_ARN"
-        exit 1
-    fi
+	if [ -n "$AZURE_DEVOPS_TOKEN_SECRET_ARN" ] && [ -n "$AWS_REGION" ]; then
+		echo "Retrieving Azure DevOps token from AWS Secrets Manager..."
+
+		# Use official aws-ssm (hypolas/aws-ssm-lite) first
+		if command -v aws-ssm >/dev/null 2>&1; then
+			echo "Using aws-ssm (hypolas/aws-ssm-lite)..."
+			# Syntax: aws-ssm <secret-id> [region]
+			SECRET_TOKEN=$(aws-ssm "${AZURE_DEVOPS_TOKEN_SECRET_ARN}" "${AWS_REGION}" 2>/dev/null)
+		elif command -v light_ssm >/dev/null 2>&1; then
+			echo "Using light_ssm (fallback)..."
+			SECRET_TOKEN=$(light_ssm "${AZURE_DEVOPS_TOKEN_SECRET_ARN}" "${AWS_REGION}" 2>/dev/null)
+		else
+			echo "❌ No AWS Secrets Manager client available (aws-ssm or light_ssm)"
+			echo "Install aws-ssm from hypolas/aws-ssm-lite or enable INSTALL_AWS_SSM=true"
+			exit 1
+		fi
+
+		if [[ -n ${SECRET_TOKEN} ]] && [[ ${SECRET_TOKEN} != "null" ]]; then
+			AZP_TOKEN="${SECRET_TOKEN}"
+			echo "✅ Token retrieved from AWS Secrets Manager"
+		else
+			echo "❌ Failed to retrieve token from Secrets Manager"
+			exit 1
+		fi
+	else
+		echo "❌ AZP_TOKEN not provided and AWS Secrets Manager not configured"
+		echo "Provide either AZP_TOKEN, or AWS_REGION + AZURE_DEVOPS_TOKEN_SECRET_ARN"
+		exit 1
+	fi
 else
-    echo "✅ Azure DevOps token provided directly"
+	echo "✅ Azure DevOps token provided directly"
 fi
 
-if [ -z "$AZP_POOL" ]; then
-    echo "Error: AZP_POOL must be defined"
-    exit 1
+if [[ -z ${AZP_POOL} ]]; then
+	echo "Error: AZP_POOL must be defined"
+	exit 1
 fi
 
-if [ -z "$AGENT_NUMBER" ]; then
-    echo "Error: AGENT_NUMBER must be defined"
-    exit 1
+if [[ -z ${AGENT_NUMBER} ]]; then
+	echo "Error: AGENT_NUMBER must be defined"
+	exit 1
 fi
 
 # Set default values if necessary
@@ -80,29 +80,29 @@ DEFAULT_VOLUMES=${DEFAULT_VOLUMES:-"/var/run/docker.sock:/var/run/docker.sock,/c
 
 # Retrieve INSTANCE_ID from AWS metadata if not provided
 if [ -z "$INSTANCE_ID" ]; then
-    echo "Retrieving INSTANCE_ID from AWS using IMDSv2..."
-
-    # Retrieve IMDSv2 token to secure metadata access
-    IMDS_TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
-        -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" \
-        -s 2>/dev/null) || true
-
-    if [ -n "$IMDS_TOKEN" ]; then
-        # Use token to retrieve instance ID
-        INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \
-            -s "http://169.254.169.254/latest/meta-data/instance-id" 2>/dev/null) || true
-    fi
-
-    echo "INSTANCE_ID from IMDSv2: $INSTANCE_ID"
-
-    if [ -z "$INSTANCE_ID" ] || [ "$INSTANCE_ID" = "" ]; then
-        echo "Warning: Unable to retrieve AWS INSTANCE_ID, using hostname"
-        INSTANCE_ID=$(hostname)
-    else
-        echo "INSTANCE_ID retrieved from AWS: $INSTANCE_ID"
-    fi
+	echo "Retrieving INSTANCE_ID from AWS using IMDSv2..."
+
+	# Retrieve IMDSv2 token to secure metadata access
+	IMDS_TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
+		-H "X-aws-ec2-metadata-token-ttl-seconds: 21600" \
+		-s 2>/dev/null) || true
+
+	if [ -n "$IMDS_TOKEN" ]; then
+		# Use token to retrieve instance ID
+		INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \
+			-s "http://169.254.169.254/latest/meta-data/instance-id" 2>/dev/null) || true
+	fi
+
+	echo "INSTANCE_ID from IMDSv2: $INSTANCE_ID"
+
+	if [ -z "$INSTANCE_ID" ] || [ "$INSTANCE_ID" = "" ]; then
+		echo "Warning: Unable to retrieve AWS INSTANCE_ID, using hostname"
+		INSTANCE_ID=$(hostname)
+	else
+		echo "INSTANCE_ID retrieved from AWS: $INSTANCE_ID"
+	fi
 else
-    echo "INSTANCE_ID provided: $INSTANCE_ID"
+	echo "INSTANCE_ID provided: $INSTANCE_ID"
 fi
 
 echo "=========================================="
@@ -121,21 +121,21 @@ echo "=========================================="
 # Configure the agent
 echo "Configuring Azure DevOps agent..."
 /opt/setup-scripts/configure-agent.sh \
-    "$INSTALL_FOLDER" \
-    "$AZP_URL" \
-    "$AZP_TOKEN" \
-    "$AZP_POOL" \
-    "$AZP_AGENT_NAME" \
-    "$AGENT_NUMBER" \
-    "$INSTANCE_ID"
+	"$INSTALL_FOLDER" \
+	"$AZP_URL" \
+	"$AZP_TOKEN" \
+	"$AZP_POOL" \
+	"$AZP_AGENT_NAME" \
+	"$AGENT_NUMBER" \
+	"$INSTANCE_ID"
 
 # Add capabilities
 echo "Adding capabilities..."
 /opt/setup-scripts/add-capabilities.sh \
-    "$DEFAULT_CONTAINER_IMAGE" \
-    "$DEFAULT_VOLUMES" \
-    "$AGENT_NUMBER" \
-    "$INSTALL_FOLDER"
+	"$DEFAULT_CONTAINER_IMAGE" \
+	"$DEFAULT_VOLUMES" \
+	"$AGENT_NUMBER" \
+	"$INSTALL_FOLDER"
 
 echo "Configuration complete. Starting agent..."
 

test-aws-ssm-quick.sh

@@ -36,7 +36,7 @@ for platform in "${PLATFORMS[@]}"; do
         echo 'Recherche de aws-ssm pour: '\$OS'-'\$GITHUB_ARCH
         
         # Récupérer les assets depuis GitHub
-        ASSETS=\$(curl -s https://api.github.com/repos/hypolas/aws-ssm-light/releases/latest | jq -r '.assets[].browser_download_url')
+        ASSETS=\$(curl -s https://api.github.com/repos/hypolas/aws-ssm-lite/releases/latest | jq -r '.assets[].browser_download_url')
         
         echo 'Assets disponibles:'
         echo \"\$ASSETS\"

test-aws-ssm.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-echo "🧪 Test d'intégration aws-ssm (hypolas/aws-ssm-light)"
+echo "🧪 Test d'intégration aws-ssm (hypolas/aws-ssm-lite)"
 echo "================================================="
 
 # Test 1: Vérifier si aws-ssm est disponible
@@ -69,7 +69,7 @@ fi
 echo
 echo "📊 Résumé du test aws-ssm"
 echo "========================"
-echo "🎯 Binaire officiel: hypolas/aws-ssm-light"
+echo "🎯 Binaire officiel: hypolas/aws-ssm-lite"
 echo "📦 Taille optimisée: ~10MB vs ~100MB+ (AWS CLI)"
 echo "⚡ Performance: ~50ms vs ~1-2s (AWS CLI)"
 echo "🔒 Sécurité: Tests automatisés + checksums SHA256"

test-platforms.sh

@@ -88,7 +88,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \\
 COPY download-github-binary.sh /tmp/
 RUN chmod +x /tmp/download-github-binary.sh
 RUN echo "Testing aws-ssm download for $platform..." && \\
-    if /tmp/download-github-binary.sh "hypolas/aws-ssm-light" "aws-ssm"; then \\
+    if /tmp/download-github-binary.sh "hypolas/aws-ssm-lite" "aws-ssm"; then \\
         echo "✅ aws-ssm disponible pour $platform"; \\
         aws-ssm --version 2>/dev/null || echo "Installed but version not available"; \\
     else \\