Merge pull request #311 from Secure-Compliance-Solutions-LLC/dev

V21.4.4-v2
Secure-Compliance-Solutions-LLC · Nov 27, 2021 · ed96bc9 · ed96bc9
2 parents d1b84b8 + 56c565e
commit ed96bc9
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 62 deletions.
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -0,0 +1,33 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+template: |
+  # What's Changed
+  $CHANGES
+categories:
+  - title: 'Breaking'
+    label: 'type: breaking'
+  - title: 'New'
+    label: 'type: feature'
+  - title: 'Bug Fixes'
+    label: 'type: bug'
+  - title: 'Maintenance'
+    label: 'type: maintenance'
+  - title: 'Dependency Updates'
+    label: 'type: dependencies'
+
+version-resolver:
+  major:
+    labels:
+      - 'type: breaking'
+  minor:
+    labels:
+      - 'type: feature'
+  patch:
+    labels:
+      - 'type: bug'
+      - 'type: maintenance'
+      - 'type: dependencies'
+      - 'type: security'
+
+exclude-labels:
+  - 'skip-changelog'
diff --git a/.github/workflows/docker-publish-debian.yml b/.github/workflows/docker-publish-debian.yml
@@ -4,9 +4,11 @@ on:
   push:
     branches: [master]
   pull_request:
-    branches: [master, dev]
+    branches: [master]
   create:
     tags:
+  release:
+    types: [published, edited]
 
 concurrency: ci-debian-${{ github.ref }}
 
@@ -38,26 +40,6 @@ jobs:
         id: vars
         run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}
 
-      - name: Download artifact
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed
-          # Required, if artifact is from a different repo
-          github_token: ${{secrets.GITHUB_TOKEN}}
-          # Required, workflow file name or ID
-          workflow: build-apk.yml
-          # Optional, will use the branch
-          branch: master
-          # Optional, uploaded artifact name,
-          # will download all artifacts if not specified
-          # and extract them in respective subdirectories
-          # https://github.com/actions/download-artifact#download-all-artifacts
-          name: apk-builds
-          # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input)
-          path: ${{ github.workspace }}/apk-build/
-          # Optional, defaults to current repo
-          repo: Secure-Compliance-Solutions-LLC/GVM-APK-build
-
       - name: Build the Docker image
         run: docker build . --file Dockerfile.debian --build-arg OPT_PDF=1 --tag ${{ env.IMAGE_REPOSITORY_GHCR }}:${{ github.sha }}
 
@@ -102,6 +84,8 @@ jobs:
 
   build_test_anchore:
     name: Build and Test - Anchore
+    # ...but only when a `release` is `published` (combined with `on`)
+    if: github.event_name == 'release'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
@@ -115,26 +99,6 @@ jobs:
         id: vars
         run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}
 
-      - name: Download artifact
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed
-          # Required, if artifact is from a different repo
-          github_token: ${{secrets.GITHUB_TOKEN}}
-          # Required, workflow file name or ID
-          workflow: build-apk.yml
-          # Optional, will use the branch
-          branch: master
-          # Optional, uploaded artifact name,
-          # will download all artifacts if not specified
-          # and extract them in respective subdirectories
-          # https://github.com/actions/download-artifact#download-all-artifacts
-          name: apk-builds
-          # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input)
-          path: ${{ github.workspace }}/apk-build/
-          # Optional, defaults to current repo
-          repo: Secure-Compliance-Solutions-LLC/GVM-APK-build
-
       - name: Build the Docker image
         run: docker build . --file Dockerfile.debian --build-arg OPT_PDF=1 --tag ${{ env.IMAGE_REPOSITORY_GHCR }}:${{ github.sha }}
 
@@ -218,26 +182,6 @@ jobs:
           fi
           echo -n "${IMAGE_NAME_GHCR}"
 
-      - name: Download artifact
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed
-          # Required, if artifact is from a different repo
-          github_token: ${{secrets.GITHUB_TOKEN}}
-          # Required, workflow file name or ID
-          workflow: build-apk.yml
-          # Optional, will use the branch
-          branch: master
-          # Optional, uploaded artifact name,
-          # will download all artifacts if not specified
-          # and extract them in respective subdirectories
-          # https://github.com/actions/download-artifact#download-all-artifacts
-          name: apk-builds
-          # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input)
-          path: ${{ github.workspace }}/apk-build/
-          # Optional, defaults to current repo
-          repo: Secure-Compliance-Solutions-LLC/GVM-APK-build
-
       # Extract metadata (tags, labels) for Docker
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
@@ -375,3 +319,8 @@ jobs:
           build-args: |
             SETUP=1
             OPT_PDF=1
+
+      - name: Update changelog
+        uses: thomaseizinger/[email protected]
+        with:
+          version: ${{ github.event.inputs.version }}
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches: [master]
   pull_request:
-    branches: [master, dev]
+    branches: [master]
   create:
     tags:
 

diff --git a/Readme.md b/Readme.md
@@ -25,6 +25,42 @@ You want to send GVM/OpenVAS results to Elasticsearch, try our [GVM Logstash pro
 
 If you would like something added to the documentation please create a issue [GVM-Docker Gitbook Repo](https://github.com/Secure-Compliance-Solutions-LLC/gitbook/issues)
 
+## Quick Start
+
+- Now all `-data` images are full pre-initialized (with available data from the build time)
+
+> Pre Initialized (-data) images, have a web ui password: `adminpassword` and should be changed after the deployment. Also the Postgres got a default password: `none`
+
+### Github Registry
+
+```
+docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master-data-full
+docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master-data
+docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master-full
+docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master
+```
+
+
+### Docker Hub
+
+```
+docker pull securecompliance/gvm:debian-master-data-full
+docker pull securecompliance/gvm:debian-master-data
+docker pull securecompliance/gvm:debian-master-full
+docker pull securecompliance/gvm:debian-master
+```
+
+## Estimated Hardware Requirements
+
+| Hosts              | CPU Cores     | Memory    | Disk Space |
+| :----------------- | :------------ | :-------- | :--------- |
+| 512 active IPs     | 4@2GHz cores  | 8 GB RAM  | 30 GB      |
+| 2,500 active IPs   | 6@2GHz cores  | 12 GB RAM | 60 GB      |
+| 10,000 active IPs  | 8@3GHz cores  | 16 GB RAM | 250 GB     |
+| 25,000 active IPs  | 16@3GHz cores | 32 GB RAM | 1 TB       |
+| 100,000 active IPs | 32@3GHz cores | 64 GB RAM | 2 TB       |
+
+
 ## Architecture
 
 The key points to take away from the diagram below, is the way our setup establishes connection with the remote sensor, and the available ports on the GMV-Docker container. You can still use any add on tools you've used in the past with OpenVAS on 9390. One of the latest/best upgrades allows you connect directly to postgres using your favorite database tool.