Ensure omnibus on windows can be rebuilt multiple times #175
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Verify | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
permissions: | |
actions: none | |
checks: none | |
contents: read | |
deployments: none | |
id-token: none | |
issues: none | |
discussions: none | |
packages: none | |
pages: none | |
pull-requests: none | |
repository-projects: none | |
security-events: none | |
statuses: none | |
on: | |
push: | |
branches: | |
- '*' | |
pull_request: | |
branches: | |
- '*' | |
jobs: | |
# The job checkout structure is: | |
# . | |
# ├── metasploit-omnibus | |
# └── metasploit-framework (Only if ARM or Windows builds) | |
# | |
docker_arm: | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 600 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
# From: 'ls ./docker/' | |
docker: | |
# Skipped as not working | |
# - { dockerfile: 'debian-aarch64', previousImage: '' } | |
- { name: 'debian-armv7', previousDockerhubImage: 'rapid7/msf-debian-armv7-omnibus:2020_03' } | |
name: ${{ matrix.os }} - ${{ matrix.docker.name }} | |
steps: | |
- name: Checkout omnibus | |
uses: actions/checkout@v4 | |
with: | |
path: metasploit-omnibus | |
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 | |
id: changes | |
with: | |
filters: | | |
docker: | |
- 'docker/**' | |
working-directory: metasploit-omnibus | |
# Set the env vars for either a new build, or a previously successful build | |
- name: Set docker build metadata | |
run: | | |
export BUILD_DATE=$(date "+%Y_%m") | |
echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV" | |
if test "${HAS_MODIFIED_DOCKERFILES}" = 'true'; then | |
echo 'New build required' | |
echo "DOCKER_IMAGE=rapid7/${DOCKER_NAME}-omnibus:${BUILD_DATE}" >> "$GITHUB_ENV" | |
else | |
echo 'Reusing old image' | |
echo "DOCKER_IMAGE=${PREVIOUS_DOCKERHUB_IMAGE}" >> "$GITHUB_ENV" | |
fi | |
env: | |
HAS_MODIFIED_DOCKERFILES: ${{ steps.changes.outputs.docker }} | |
DOCKER_NAME: ${{ matrix.docker.name }} | |
PREVIOUS_DOCKERHUB_IMAGE: ${{ matrix.docker.previousDockerhubImage }} | |
- name: Build Docker image | |
if: steps.changes.outputs.docker == 'true' | |
run: | | |
/bin/bash -x -c "cd metasploit-omnibus && docker build --tag ${DOCKER_IMAGE} -f ./docker/${DOCKER_NAME}/Dockerfile ./docker/${DOCKER_NAME}" | |
env: | |
DOCKER_NAME: ${{ matrix.docker.name }} | |
# Checkout again - but with the submodules enabled to start a real build | |
- name: Checkout omnibus and submodules | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
path: metasploit-omnibus | |
# Checkout framework | |
- name: Checkout metasploit-framework code | |
uses: actions/checkout@v4 | |
with: | |
repository: rapid7/metasploit-framework | |
path: metasploit-framework | |
- name: Run omnibus | |
run: | | |
echo "Building new image from ${DOCKER_IMAGE}" | |
mkdir -p metasploit-omnibus/certs | |
curl -L -o metasploit-omnibus/certs/ca-certificates.crt https://curl.haxx.se/ca/cacert.pem | |
cat > Dockerfile_temp <<EOF | |
FROM ${DOCKER_IMAGE} | |
RUN ["cross-build-start"] | |
COPY metasploit-omnibus /metasploit-omnibus | |
COPY metasploit-framework /metasploit-framework | |
RUN bash -l -c "cd /metasploit-omnibus && make" | |
RUN ["cross-build-end"] | |
EOF | |
cat > Dockerfile_temp.dockerignore <<EOF | |
* | |
!metasploit-omnibus | |
!metasploit-framework | |
EOF | |
export TEMP_DOCKER_IMAGE=${DOCKER_IMAGE}-build-artifacts | |
docker build --no-cache --rm --tag ${TEMP_DOCKER_IMAGE} --file Dockerfile_temp . | |
# Create the temp image and copy out the build assets | |
id=$(docker create ${TEMP_DOCKER_IMAGE}) | |
docker cp $id:/metasploit-omnibus/pkg metasploit-omnibus | |
docker rm -v $id | |
docker rmi ${TEMP_DOCKER_IMAGE} | |
docker_intel: | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 180 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
# From: 'ls ./docker/' | |
docker: | |
- name: 'centos6-x64' | |
previousDockerhubImage: 'rapid7/msf-centos6-x64-omnibus:2020_03' | |
# Currently fails as it uses an older Ruby version: | |
- name: 'fedora30-x64' | |
# XXX: Previous dockerhub image fails as using Ruby 2.5.3 still | |
previousDockerhubImage: 'rapid7/msf-fedora30-x64-omnibus:2019_09' | |
# Currently fails on rate limiting on Kali's side: | |
# - name: 'kali109-x64' | |
# previousDockerhubImage: 'rapid7/msf-kali109-x64-omnibus:2020_03' | |
- name: 'ubuntu1204-x64' | |
previousDockerhubImage: 'rapid7/msf-ubuntu1204-x86-omnibus:2021_11' | |
- name: 'ubuntu1204-x86' | |
previousDockerhubImage: 'rapid7/msf-ubuntu1204-x64-omnibus:2019_01' | |
linux32: true | |
- name: 'ubuntu1804-x64' | |
previousDockerhubImage: 'rapid7/msf-ubuntu1804-x64-omnibus:2019_09' | |
name: ${{ matrix.os }} - ${{ matrix.docker.name }} | |
steps: | |
- name: Checkout omnibus | |
uses: actions/checkout@v4 | |
with: | |
path: metasploit-omnibus | |
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 | |
id: changes | |
with: | |
filters: | | |
docker: | |
- 'docker/**' | |
working-directory: metasploit-omnibus | |
# Set the env vars for either a new build, or a previously successful build | |
- name: Set docker build metadata | |
run: | | |
export BUILD_DATE=$(date "+%Y_%m") | |
echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV" | |
if test "${HAS_MODIFIED_DOCKERFILES}" = 'true'; then | |
echo 'New build required' | |
echo "DOCKER_IMAGE=rapid7/${DOCKER_NAME}-omnibus:${BUILD_DATE}" >> "$GITHUB_ENV" | |
else | |
echo 'Reusing old image' | |
echo "DOCKER_IMAGE=${PREVIOUS_DOCKERHUB_IMAGE}" >> "$GITHUB_ENV" | |
fi | |
env: | |
HAS_MODIFIED_DOCKERFILES: ${{ steps.changes.outputs.docker }} | |
DOCKER_NAME: ${{ matrix.docker.name }} | |
PREVIOUS_DOCKERHUB_IMAGE: ${{ matrix.docker.previousDockerhubImage }} | |
- name: Build Docker image | |
if: steps.changes.outputs.docker == 'true' | |
run: | | |
/bin/bash -x -c "cd metasploit-omnibus && docker build --tag ${DOCKER_IMAGE} -f ./docker/${IMAGE_NAME}/Dockerfile ./docker/${IMAGE_NAME}" | |
env: | |
IMAGE_NAME: ${{ matrix.docker.name }} | |
# Checkout again - but with the submodules enabled to start a real build | |
- name: Checkout omnibus and submodules | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
path: metasploit-omnibus | |
- name: Run omnibus | |
run: | | |
mkdir -p metasploit-omnibus/certs | |
curl -L -o metasploit-omnibus/certs/ca-certificates.crt https://curl.haxx.se/ca/cacert.pem | |
# If required, change reported architecture in new program environment and set personality flags | |
if [ ! -z "${LINUX32}" ] ; then | |
echo 'setting linux32' | |
/bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${DOCKER_IMAGE} linux32 /bin/bash -l -c 'cd metasploit-omnibus && ARCH=x86_64 make'" | |
else | |
/bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${DOCKER_IMAGE} /bin/bash -l -c 'cd metasploit-omnibus && make'" | |
fi | |
env: | |
LINUX32: ${{ matrix.docker.linux32 }} | |
osx: | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 180 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- macos-11 | |
ruby: | |
- 3.0.6 | |
name: ${{ matrix.os }} | |
steps: | |
- name: Checkout omnibus | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
path: metasploit-omnibus | |
- name: Setup Ruby | |
env: | |
BUNDLE_FORCE_RUBY_PLATFORM: true | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: ${{ matrix.ruby }} | |
bundler-cache: true | |
cache-version: 4 | |
working-directory: metasploit-omnibus | |
- name: Run omnibus | |
run: | | |
sudo mkdir -p /var/cache/omnibus | |
sudo mkdir -p /opt/metasploit-framework | |
sudo chown `whoami` /var/cache/omnibus | |
sudo chown `whoami` /opt/metasploit-framework | |
cd metasploit-omnibus | |
make | |
windows: | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 180 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- windows-2022 | |
ruby: | |
- 3.0.6 | |
name: ${{ matrix.os }} | |
steps: | |
# https://github.com/actions/runner-images/issues/5143 | |
# https://github.com/actions/runner-images/issues/9701 | |
- name: Install visual studio components | |
run: | | |
Set-Location "C:\Program Files (x86)\Microsoft Visual Studio\Installer\" | |
$InstallPath = "C:\Program Files\Microsoft Visual Studio\2022\Enterprise" | |
$componentsToRemove= @( | |
"Microsoft.VisualStudio.Component.VC.Redist.MSM" | |
) | |
[string]$workloadArgs = $componentsToRemove | ForEach-Object {" --add " + $_} | |
$Arguments = ('/c', "vs_installer.exe", 'modify', '--installPath', "`"$InstallPath`"",$workloadArgs, '--quiet', '--norestart', '--nocache') | |
# should be run twice | |
$process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden | |
$process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden | |
- name: Checkout omnibus | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
path: metasploit-omnibus | |
- name: Setup Ruby | |
env: | |
BUNDLE_FORCE_RUBY_PLATFORM: true | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: ${{ matrix.ruby }} | |
bundler-cache: false | |
cache-version: 4 | |
working-directory: metasploit-omnibus | |
# Github actions with Ruby requires Bundler 2.2.18+ | |
# https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows | |
bundler: 2.2.33 | |
# If you need to build a custom version of pcaprub: | |
# - name: Checkout pcaprub | |
# uses: actions/checkout@v4 | |
# with: | |
# repository: pcaprub/pcaprub | |
# path: pcaprub | |
# ref: '5440ca93dafd15e7d3bb009fc1bb9a15e80d03f9' | |
# - name: Create pcaprub gem | |
# run: | | |
# cd pcaprub | |
# bundle | |
# rake gem | |
# Checkout framework | |
- name: Checkout metasploit-framework code | |
uses: actions/checkout@v4 | |
with: | |
repository: rapid7/metasploit-framework | |
path: metasploit-framework | |
- name: Extract xz files | |
run: | | |
cd metasploit-omnibus | |
xz -d local/cache/*.xz | |
ls local/cache | |
- name: Run omnibus | |
shell: cmd | |
env: | |
MSYSTEM: MINGW64 | |
run: | | |
cd metasploit-omnibus | |
make dependencies | |
rem Don't run the main build itslef under `make`, as the process will be spawned under msys2 | |
rem and the ridk.cmd Ruby installer will forcibly kill the msys2 process before attempting to install ruby | |
ruby bin/omnibus build metasploit-framework |