feat: Initial release

cmu-sei · Nov 1, 2024 · 469a334 · 469a334
commit 469a334
Show file tree

Hide file tree

Showing 10 changed files with 429 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+---
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,117 @@
+---
+name: Release
+'on':
+  pull_request:
+  push:
+    branches:
+      - main
+  schedule:
+      - cron: "0 7 * * 0"
+
+env:
+  IMAGE_NAME: super_mediator
+
+jobs:
+
+  # Test the image builds and works correctly.
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install pytest-testinfra
+
+      - name: Build image.
+        run: docker build -t cmusei/${{ env.IMAGE_NAME }} .
+
+      - name: Run the built image.
+        run: docker run --name=${{ env.IMAGE_NAME }} --entrypoint=/bin/bash -td cmusei/${{ env.IMAGE_NAME }}
+
+      - name: Test the built image.
+        run: py.test --hosts='docker://${{ env.IMAGE_NAME }}'
+
+  # If on main branch, build and release image.
+  release1:
+    name: Release1
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push image.
+        uses: docker/build-push-action@v6
+        with:
+          context: ./
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            cmusei/${{ env.IMAGE_NAME }}:latest
+            cmusei/${{ env.IMAGE_NAME }}:1
+            cmusei/${{ env.IMAGE_NAME }}:1.11.0
+            ghcr.io/cmu-sei/${{ env.IMAGE_NAME }}:latest
+            ghcr.io/cmu-sei/${{ env.IMAGE_NAME }}:1
+            ghcr.io/cmu-sei/${{ env.IMAGE_NAME }}:1.11.0            
+  release2:
+    name: Release2
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}          
+
+      - name: Build and push image.
+        uses: docker/build-push-action@v6
+        with:
+          context: ./
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          build-args: |
+            FIXBUF_VERSION=3
+            SUPER_VERSION=2.0.0.alpha3
+          tags: |
+            cmusei/${{ env.IMAGE_NAME }}:2
+            ghcr.io/cmu-sei/${{ env.IMAGE_NAME }}:2
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+__pycache__/
+inventory
+pytest_junit.xml
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,52 @@
+ARG FIXBUF_VERSION=2
+FROM cmusei/fixbuf:${FIXBUF_VERSION} AS build
+LABEL maintainer="[email protected]"
+
+ARG SUPER_VERSION=1.11.0
+
+# Pre-reqs:
+# curl for downloading
+# build-essentials for build tools
+# ca-certs to download https
+# 
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        curl \
+        build-essential \
+        pkg-config \
+        ca-certificates \
+        libglib2.0-dev \
+        libssl-dev \
+        zlib1g-dev \
+        && apt-get clean && \
+        rm -rf /var/lib/apt/lists/*
+
+WORKDIR /netsa
+
+RUN curl https://tools.netsa.cert.org/releases/super_mediator-$SUPER_VERSION.tar.gz | \
+        tar -xz && cd super_mediator-* && \
+        ./configure --prefix=/netsa \
+        --with-libfixbuf=/netsa/lib/pkgconfig \
+        --with-openssl \
+        --with-mysql=no && \
+        make && \
+        make install && \
+        cd ../ && rm -rf super_mediator-$SUPER_VERSION
+
+FROM debian:11-slim
+LABEL maintainer="[email protected]"
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        libglib2.0-0 \
+        zlib1g \
+        libssl1.1 \
+        && apt-get clean && \
+        rm -rf /var/lib/apt/lists/*
+
+COPY --from=build /netsa/ /netsa/
+
+COPY super_mediator.conf /usr/local/etc/
+
+COPY docker-entrypoint.sh /usr/local/bin/
+RUN ln -s /usr/local/bin/docker-entrypoint.sh /
+
+ENTRYPOINT ["docker-entrypoint.sh"]