Skip to content

Ensure omnibus on windows can be rebuilt multiple times #174

Ensure omnibus on windows can be rebuilt multiple times

Ensure omnibus on windows can be rebuilt multiple times #174

Workflow file for this run

name: Verify
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
actions: none
checks: none
contents: read
deployments: none
id-token: none
issues: none
discussions: none
packages: none
pages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none
on:
push:
branches:
- '*'
pull_request:
branches:
- '*'
jobs:
# The job checkout structure is:
# .
# ├── metasploit-omnibus
# └── metasploit-framework (Only if ARM or Windows builds)
#
docker_arm:
runs-on: ${{ matrix.os }}
timeout-minutes: 600
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
# From: 'ls ./docker/'
docker:
# Skipped as not working
# - { dockerfile: 'debian-aarch64', previousImage: '' }
- { name: 'debian-armv7', previousDockerhubImage: 'rapid7/msf-debian-armv7-omnibus:2020_03' }
name: ${{ matrix.os }} - ${{ matrix.docker.name }}
steps:
- name: Checkout omnibus
uses: actions/checkout@v4
with:
path: metasploit-omnibus
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
id: changes
with:
filters: |
docker:
- 'docker/**'
working-directory: metasploit-omnibus
# Set the env vars for either a new build, or a previously successful build
- name: Set docker build metadata
run: |
export BUILD_DATE=$(date "+%Y_%m")
echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV"
if test "${HAS_MODIFIED_DOCKERFILES}" = 'true'; then
echo 'New build required'
echo "DOCKER_IMAGE=rapid7/${DOCKER_NAME}-omnibus:${BUILD_DATE}" >> "$GITHUB_ENV"
else
echo 'Reusing old image'
echo "DOCKER_IMAGE=${PREVIOUS_DOCKERHUB_IMAGE}" >> "$GITHUB_ENV"
fi
env:
HAS_MODIFIED_DOCKERFILES: ${{ steps.changes.outputs.docker }}
DOCKER_NAME: ${{ matrix.docker.name }}
PREVIOUS_DOCKERHUB_IMAGE: ${{ matrix.docker.previousDockerhubImage }}
- name: Build Docker image
if: steps.changes.outputs.docker == 'true'
run: |
/bin/bash -x -c "cd metasploit-omnibus && docker build --tag ${DOCKER_IMAGE} -f ./docker/${DOCKER_NAME}/Dockerfile ./docker/${DOCKER_NAME}"
env:
DOCKER_NAME: ${{ matrix.docker.name }}
# Checkout again - but with the submodules enabled to start a real build
- name: Checkout omnibus and submodules
uses: actions/checkout@v4
with:
submodules: true
path: metasploit-omnibus
# Checkout framework
- name: Checkout metasploit-framework code
uses: actions/checkout@v4
with:
repository: rapid7/metasploit-framework
path: metasploit-framework
- name: Run omnibus
run: |
echo "Building new image from ${DOCKER_IMAGE}"
mkdir -p metasploit-omnibus/certs
curl -L -o metasploit-omnibus/certs/ca-certificates.crt https://curl.haxx.se/ca/cacert.pem
cat > Dockerfile_temp <<EOF
FROM ${DOCKER_IMAGE}
RUN ["cross-build-start"]
COPY metasploit-omnibus /metasploit-omnibus
COPY metasploit-framework /metasploit-framework
RUN bash -l -c "cd /metasploit-omnibus && make"
RUN ["cross-build-end"]
EOF
cat > Dockerfile_temp.dockerignore <<EOF
*
!metasploit-omnibus
!metasploit-framework
EOF
export TEMP_DOCKER_IMAGE=${DOCKER_IMAGE}-build-artifacts
docker build --no-cache --rm --tag ${TEMP_DOCKER_IMAGE} --file Dockerfile_temp .
# Create the temp image and copy out the build assets
id=$(docker create ${TEMP_DOCKER_IMAGE})
docker cp $id:/metasploit-omnibus/pkg metasploit-omnibus
docker rm -v $id
docker rmi ${TEMP_DOCKER_IMAGE}
docker_intel:
runs-on: ${{ matrix.os }}
timeout-minutes: 180
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
# From: 'ls ./docker/'
docker:
- name: 'centos6-x64'
previousDockerhubImage: 'rapid7/msf-centos6-x64-omnibus:2020_03'
# Currently fails as it uses an older Ruby version:
- name: 'fedora30-x64'
# XXX: Previous dockerhub image fails as using Ruby 2.5.3 still
previousDockerhubImage: 'rapid7/msf-fedora30-x64-omnibus:2019_09'
# Currently fails on rate limiting on Kali's side:
# - name: 'kali109-x64'
# previousDockerhubImage: 'rapid7/msf-kali109-x64-omnibus:2020_03'
- name: 'ubuntu1204-x64'
previousDockerhubImage: 'rapid7/msf-ubuntu1204-x86-omnibus:2021_11'
- name: 'ubuntu1204-x86'
previousDockerhubImage: 'rapid7/msf-ubuntu1204-x64-omnibus:2019_01'
linux32: true
- name: 'ubuntu1804-x64'
previousDockerhubImage: 'rapid7/msf-ubuntu1804-x64-omnibus:2019_09'
name: ${{ matrix.os }} - ${{ matrix.docker.name }}
steps:
- name: Checkout omnibus
uses: actions/checkout@v4
with:
path: metasploit-omnibus
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
id: changes
with:
filters: |
docker:
- 'docker/**'
working-directory: metasploit-omnibus
# Set the env vars for either a new build, or a previously successful build
- name: Set docker build metadata
run: |
export BUILD_DATE=$(date "+%Y_%m")
echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV"
if test "${HAS_MODIFIED_DOCKERFILES}" = 'true'; then
echo 'New build required'
echo "DOCKER_IMAGE=rapid7/${DOCKER_NAME}-omnibus:${BUILD_DATE}" >> "$GITHUB_ENV"
else
echo 'Reusing old image'
echo "DOCKER_IMAGE=${PREVIOUS_DOCKERHUB_IMAGE}" >> "$GITHUB_ENV"
fi
env:
HAS_MODIFIED_DOCKERFILES: ${{ steps.changes.outputs.docker }}
DOCKER_NAME: ${{ matrix.docker.name }}
PREVIOUS_DOCKERHUB_IMAGE: ${{ matrix.docker.previousDockerhubImage }}
- name: Build Docker image
if: steps.changes.outputs.docker == 'true'
run: |
/bin/bash -x -c "cd metasploit-omnibus && docker build --tag ${DOCKER_IMAGE} -f ./docker/${IMAGE_NAME}/Dockerfile ./docker/${IMAGE_NAME}"
env:
IMAGE_NAME: ${{ matrix.docker.name }}
# Checkout again - but with the submodules enabled to start a real build
- name: Checkout omnibus and submodules
uses: actions/checkout@v4
with:
submodules: true
path: metasploit-omnibus
- name: Run omnibus
run: |
mkdir -p metasploit-omnibus/certs
curl -L -o metasploit-omnibus/certs/ca-certificates.crt https://curl.haxx.se/ca/cacert.pem
# If required, change reported architecture in new program environment and set personality flags
if [ ! -z "${LINUX32}" ] ; then
echo 'setting linux32'
/bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${DOCKER_IMAGE} linux32 /bin/bash -l -c 'cd metasploit-omnibus && ARCH=x86_64 make'"
else
/bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${DOCKER_IMAGE} /bin/bash -l -c 'cd metasploit-omnibus && make'"
fi
env:
LINUX32: ${{ matrix.docker.linux32 }}
osx:
runs-on: ${{ matrix.os }}
timeout-minutes: 180
strategy:
fail-fast: false
matrix:
os:
- macos-11
ruby:
- 3.0.6
name: ${{ matrix.os }}
steps:
- name: Checkout omnibus
uses: actions/checkout@v4
with:
submodules: true
path: metasploit-omnibus
- name: Setup Ruby
env:
BUNDLE_FORCE_RUBY_PLATFORM: true
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
cache-version: 4
working-directory: metasploit-omnibus
- name: Run omnibus
run: |
sudo mkdir -p /var/cache/omnibus
sudo mkdir -p /opt/metasploit-framework
sudo chown `whoami` /var/cache/omnibus
sudo chown `whoami` /opt/metasploit-framework
cd metasploit-omnibus
make
windows:
runs-on: ${{ matrix.os }}
timeout-minutes: 180
strategy:
fail-fast: false
matrix:
os:
- windows-2022
ruby:
- 3.0.6
name: ${{ matrix.os }}
steps:
# https://github.com/actions/runner-images/issues/5143
# https://github.com/actions/runner-images/issues/9701
- name: Install visual studio components
run: |
Set-Location "C:\Program Files (x86)\Microsoft Visual Studio\Installer\"
$InstallPath = "C:\Program Files\Microsoft Visual Studio\2022\Enterprise"
$componentsToRemove= @(
"Microsoft.VisualStudio.Component.VC.Redist.MSM"
)
[string]$workloadArgs = $componentsToRemove | ForEach-Object {" --add " + $_}
$Arguments = ('/c', "vs_installer.exe", 'modify', '--installPath', "`"$InstallPath`"",$workloadArgs, '--quiet', '--norestart', '--nocache')
# should be run twice
$process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden
$process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden
- name: Checkout omnibus
uses: actions/checkout@v4
with:
submodules: true
path: metasploit-omnibus
- name: Setup Ruby
env:
BUNDLE_FORCE_RUBY_PLATFORM: true
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: false
cache-version: 4
working-directory: metasploit-omnibus
# Github actions with Ruby requires Bundler 2.2.18+
# https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows
bundler: 2.2.33
# If you need to build a custom version of pcaprub:
# - name: Checkout pcaprub
# uses: actions/checkout@v4
# with:
# repository: pcaprub/pcaprub
# path: pcaprub
# ref: '5440ca93dafd15e7d3bb009fc1bb9a15e80d03f9'
# - name: Create pcaprub gem
# run: |
# cd pcaprub
# bundle
# rake gem
# Checkout framework
- name: Checkout metasploit-framework code
uses: actions/checkout@v4
with:
repository: rapid7/metasploit-framework
path: metasploit-framework
- name: Extract xz files
run: |
cd metasploit-omnibus
xz -d local/cache/*.xz
ls local/cache
- name: Run omnibus
shell: cmd
env:
MSYSTEM: MINGW64
run: |
cd metasploit-omnibus
make dependencies
rem Don't run the main build itslef under `make`, as the process will be spawned under msys2
rem and the ridk.cmd Ruby installer will forcibly kill the msys2 process before attempting to install ruby
ruby bin/omnibus build metasploit-framework