Skip to content

Commit

Permalink
Merge pull request #230 from Secure-Compliance-Solutions-LLC/dev
Browse files Browse the repository at this point in the history
Release v21.4.2/v21.4.1 packages and release
  • Loading branch information
austinsonger authored Jul 21, 2021
2 parents f0128ed + 8118062 commit 5564a21
Show file tree
Hide file tree
Showing 8 changed files with 235 additions and 7 deletions.
204 changes: 204 additions & 0 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
name: Docker Image Build and Release

on:
push:
branches: [master]
# Publish semver tags as releases.
tags: ["v*.*.*"]
pull_request:
branches: [master, dev]

concurrency: ci-${{ github.ref }}

env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
IMAGE_NAME_GHCR: ghcr.io/${{ github.repository }}
IMAGE_NAME_DOCKER: securecompliance/gvm

permissions:
contents: read
packages: write

jobs:
build_apks:
name: Build APKs
runs-on: ubuntu-latest

outputs:
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ steps.meta.outputs.tags }}

steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
submodules: recursive

- uses: docker/setup-buildx-action@v1
id: buildx
with:
install: true

# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Login to GitHub Container Registry ${{ env.REGISTRY }}
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Relase Prepare
id: releasePreare
run: |
echo -n "::set-output name=images::"
if [ "${GITHUB_EVENT_NAME}" != "pull_request" ]; then
echo -n "${IMAGE_NAME_DOCKER}"
echo -n ","
fi
echo -n "${IMAGE_NAME_GHCR}"
- name: Download artifact
uses: dawidd6/action-download-artifact@v2
with:
# Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed
# Required, if artifact is from a different repo
github_token: ${{secrets.GITHUB_TOKEN}}
# Required, workflow file name or ID
workflow: build-apk.yml
# Optional, will use the branch
branch: master
# Optional, uploaded artifact name,
# will download all artifacts if not specified
# and extract them in respective subdirectories
# https://github.com/actions/download-artifact#download-all-artifacts
name: apk-builds
# Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input)
path: ${{ github.workspace }}/apk-build/
# Optional, defaults to current repo
repo: Secure-Compliance-Solutions-LLC/GVM-APK-build

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta2
uses: docker/metadata-action@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: ${{ steps.releasePreare.outputs.images }}
tags: |
type=ref,event=branch,prefix=,suffix=
type=ref,event=pr,prefix=,suffix=
type=semver,pattern={{version}},prefix=,suffix=
type=semver,pattern={{raw}},prefix=,suffix=
type=semver,pattern={{major}}.{{minor}},prefix=,suffix=
type=sha,prefix=,suffix=
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: ${{ steps.meta2.outputs.tags }}
labels: ${{ steps.meta2.outputs.labels }}
build-args: |
SETUP=0
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta3
uses: docker/metadata-action@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: ${{ steps.releasePreare.outputs.images }}
tags: |
type=ref,event=branch,prefix=,suffix=-full
type=ref,event=tag,prefix=,suffix=-full
type=ref,event=pr,prefix=,suffix=-full
type=semver,pattern={{version}},prefix=,suffix=-full
type=semver,pattern={{raw}},prefix=,suffix=-full
type=semver,pattern={{major}}.{{minor}},prefix=,suffix=-full
type=sha,prefix=,suffix=-full
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image -full tag
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: ${{ steps.meta3.outputs.tags }}
labels: ${{ steps.meta3.outputs.labels }}
build-args: |
SETUP=0
OPT_PDF=1
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta4
uses: docker/metadata-action@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: ${{ steps.releasePreare.outputs.images }}
tags: |
type=ref,event=branch,prefix=,suffix=-data
type=ref,event=pr,prefix=,suffix=-data
type=semver,pattern={{version}},prefix=,suffix=-data
type=semver,pattern={{raw}},prefix=,suffix=-data
type=semver,pattern={{major}}.{{minor}},prefix=,suffix=-data
type=sha,prefix=,suffix=-data
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image with -data tag
uses: docker/build-push-action@v2
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta4.outputs.tags }}
labels: ${{ steps.meta4.outputs.labels }}
build-args: |
SETUP=1
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta5
uses: docker/metadata-action@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: ${{ steps.releasePreare.outputs.images }}
tags: |
type=ref,event=branch,prefix=,suffix=-data-full
type=ref,event=pr,prefix=,suffix=-data-full
type=semver,pattern={{version}},prefix=,suffix=-data-full
type=semver,pattern={{raw}},prefix=,suffix=-data-full
type=semver,pattern={{major}}.{{minor}},prefix=,suffix=-data-full
type=sha,prefix=,suffix=-data-full
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image with -data-full tag
uses: docker/build-push-action@v2
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta5.outputs.tags }}
labels: ${{ steps.meta5.outputs.labels }}
build-args: |
SETUP=1
OPT_PDF=1
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,4 @@ $RECYCLE.BIN/
# Windows shortcuts
*.lnk

apk-build/
4 changes: 0 additions & 4 deletions .gitmodules

This file was deleted.

4 changes: 4 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ ARG DEBUG=N
ARG RELAYHOST=smtp
ARG SMTPPORT=25
ARG AUTO_SYNC=true
ARG CERTIFICATE=none
ARG CERTIFICATE_KEY=none
ARG HTTPS=true
ARG TZ=Etc/UTC
ARG SSHD=false
Expand All @@ -37,6 +39,8 @@ ENV SUPVISD=${SUPVISD:-supervisorctl} \
SMTPPORT=${SMTPPORT:-25} \
AUTO_SYNC=${AUTO_SYNC:-true} \
HTTPS=${HTTPS:-true} \
CERTIFICATE=${CERTIFICATE:-none} \
CERTIFICATE_KEY=${CERTIFICATE_KEY:-none} \
TZ=${TZ:-Etc/UTC} \
SSHD=${SSHD:-false} \
DB_PASSWORD=${DB_PASSWORD:-none} \
Expand Down
1 change: 0 additions & 1 deletion apk-build
Submodule apk-build deleted from 5ebb44
15 changes: 15 additions & 0 deletions config/supervisord.conf
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,21 @@ stopsignal=TERM
stopasgroup=true
killasgroup=true

[program:gsad-https-owncert]
command=/usr/bin/gsad -f --verbose --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 --ssl-certificate=%(ENV_CERTIFICATE)s --ssl-private-key=%(ENV_CERTIFICATE_KEY)s --timeout=%(ENV_TIMEOUT)s --no-redirect --mlisten=127.0.0.1 --mport=9390 --port=9392
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s_err.log
priority=30
user=gvm
startretries=5
startsecs=10
autorestart=true
autostart=false
depends_on=redis,postgresql,ospd-openvas,gvmd
stopsignal=KILL
stopasgroup=true
killasgroup=true

[program:gsad-https]
command=/usr/bin/gsad -f --verbose --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 --timeout=%(ENV_TIMEOUT)s --no-redirect --mlisten=127.0.0.1 --mport=9390 --port=9392
stdout_logfile=/var/log/supervisor/%(program_name)s.log
Expand Down
2 changes: 2 additions & 0 deletions scripts/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ export RELAYHOST=${RELAYHOST:-smtp}
export SMTPPORT=${SMTPPORT:-25}
export AUTO_SYNC=${AUTO_SYNC:-true}
export HTTPS=${HTTPS:-true}
export CERTIFICATE=${CERTIFICATE:-none}
export CERTIFICATE_KEY=${CERTIFICATE_KEY:-none}
export TZ=${TZ:-Etc/UTC}
export DEBUG=${DEBUG:-N}
export SSHD=${SSHD:-false}
Expand Down
11 changes: 9 additions & 2 deletions scripts/start.sh
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ export RELAYHOST=${RELAYHOST:-smtp}
export SMTPPORT=${SMTPPORT:-25}
export AUTO_SYNC=${AUTO_SYNC:-true}
export HTTPS=${HTTPS:-true}
export CERTIFICATE=${CERTIFICATE:-none}
export CERTIFICATE_KEY=${CERTIFICATE_KEY:-none}
export TZ=${TZ:-Etc/UTC}
export SSHD=${SSHD:-false}
export DB_PASSWORD=${DB_PASSWORD:-none}
Expand Down Expand Up @@ -104,7 +106,7 @@ until (pg_isready --username=postgres >/dev/null 2>&1 && psql --username=postgre
sleep 1
done

if [[ ! -d "/etc/ssh" ]] || [[ -d "/etc/ssh/" && $(find /etc/ssh/ -type d -empty) ]]; then
if [[ ! -d "/etc/ssh" ]] || [[ -d "/etc/ssh/" && $(find /etc/ssh/ -maxdepth 0 -empty) ]]; then
mkdir /etc/ssh
ssh-keygen -A
fi
Expand Down Expand Up @@ -251,7 +253,12 @@ if [ ! -f "/var/lib/gvm/.created_gvm_user" ]; then
fi

echo "Starting Greenbone Security Assistant..."
if [ "${HTTPS}" == "true" ]; then
if [ "${HTTPS}" == "true" ] && [ -e "${CERTIFICATE}" ] && [ -e "${CERTIFICATE_KEY}" ]; then
${SUPVISD} start gsad-https-owncert
if [ "${DEBUG}" == "Y" ]; then
${SUPVISD} status gsad-https-owncert
fi
elif [ "${HTTPS}" == "true" ]; then
${SUPVISD} start gsad-https
if [ "${DEBUG}" == "Y" ]; then
${SUPVISD} status gsad-https
Expand Down

0 comments on commit 5564a21

Please sign in to comment.