-
Notifications
You must be signed in to change notification settings - Fork 630
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
WIP: Change: Ci: following guidelines
- Loading branch information
1 parent
e2a5c9d
commit 8a83e84
Showing
13 changed files
with
362 additions
and
182 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
name: "Build" | ||
|
||
on: [workflow_call] | ||
|
||
jobs: | ||
OpenVAS: | ||
runs-on: ubuntu-latest | ||
container: greenbone/gvm-libs:stable | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: install dependencies | ||
run: | | ||
sh .github/install-openvas-dependencies.sh | ||
- name: build | ||
run: | | ||
cmake -Bbuild -DCMAKE_C_COMPILER=/usr/share/clang/scan-build-14/libexec/ccc-analyzer | ||
scan-build -o ~/scan-build-report cmake --build build | ||
- name: Upload scan-build report | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: scan-build-report | ||
path: ~/scan-build-report/ | ||
retention-days: 7 | ||
OpenVAS_Daemon: | ||
uses: ./.github/workflows/build-rust.yml |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
name: "Linting" | ||
|
||
on: [workflow_call] | ||
|
||
jobs: | ||
OpenVAS: | ||
runs-on: ubuntu-latest | ||
container: greenbone/gvm-libs:stable | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: install dependencies | ||
run: | | ||
sh .github/install-openvas-dependencies.sh | ||
- name: Formatting | ||
run: | | ||
clang-format --dry-run --Werror -i -style=file {src,misc,nasl}/*.{c,h} | ||
- name: unit-tests | ||
run: | | ||
cmake -Bbuild -DCMAKE_BUILD_TYPE=Release | ||
CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test | ||
OpenVAS_Daemon: | ||
runs-on: ubuntu-latest | ||
defaults: | ||
run: | ||
working-directory: rust | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- run: sudo apt update && sudo apt-get install -y libpcap-dev | ||
- run: rustup update stable && rustup default stable || rustup default stable | ||
- run: cargo install cargo-audit | ||
- run: cargo install typos-cli | ||
- name: unit-tests | ||
run: cargo test --lib --tests --workspace | ||
- name: Clippy | ||
run: cargo clippy -- -D warnings | ||
- name: Audit | ||
run: cargo audit | ||
- run: typos | ||
- name: Formatting | ||
run: cargo fmt --check |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
name: CI | ||
|
||
on: | ||
push: | ||
branches: [ main] | ||
tags: ["v*"] | ||
pull_request: | ||
workflow_dispatch: | ||
repository_dispatch: | ||
schedule: | ||
# rebuild image every sunday | ||
- cron: "0 0 * * 0" | ||
|
||
jobs: | ||
build: | ||
uses: ./.github/workflows/build.yml | ||
linting: | ||
uses: ./.github/workflows/ci.yml | ||
smoketests: | ||
needs: [build] | ||
uses: ./.github/workflows/smoketest.yml | ||
container: | ||
needs: [smoketests] | ||
uses: ./.github/workflows/push-container.yml |
Empty file.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,144 @@ | ||
name: Container | ||
|
||
on: [workflow_call] | ||
|
||
jobs: | ||
production-image: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: "set IS_VERSION_TAG" | ||
run: | | ||
echo "IS_VERSION_TAG=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}" >> $GITHUB_ENV | ||
# set defaults | ||
echo "IS_LATEST_TAG=false" >> $GITHUB_ENV | ||
- name: "set IS_LATEST_TAG" | ||
if: ( env.IS_VERSION_TAG ) | ||
run: | | ||
# find the latest version that is not ourself | ||
export LATEST_VERSION=$(git tag -l | grep -v '${{ github.ref_name }}' | sort -r --version-sort) | ||
# get major minor patch versions | ||
IFS='.' read -r latest_major latest_minor latest_patch << EOF | ||
$LATEST_VERSION | ||
EOF | ||
IFS='.' read -r tag_major tag_minor tag_patch << EOF | ||
${{ github.ref_name }} | ||
EOF | ||
# remove leading v | ||
latest_major=$(echo $latest_major | cut -c2-) | ||
tag_major=$(echo $tag_major | cut -c2-) | ||
echo "$tag_major >= $latest_major" | ||
if [[ $tag_major -ge $latest_major && ($tag_minor -ne 0 || $tag_patch -ne 0) ]]; then | ||
# set this tag to latest and stable | ||
echo "IS_LATEST_TAG=true" >> $GITHUB_ENV | ||
fi | ||
- name: "Setup meta information (IS_VERSION_TAG: ${{ env.IS_VERSION_TAG }}, IS_LATEST_TAG: ${{ env.IS_LATEST_TAG }} )" | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ github.repository }} | ||
labels: | | ||
org.opencontainers.image.vendor=Greenbone | ||
org.opencontainers.image.base.name=greenbone/gvm-libs | ||
flavor: latest=false # no auto latest container tag for git tags | ||
tags: | | ||
# when IS_LATEST_TAG is set create a stable and a latest tag | ||
type=raw,value=latest,enable=${{ env.IS_LATEST_TAG }} | ||
type=raw,value=stable,enable=${{ env.IS_LATEST_TAG }} | ||
# if tag version is set than create a version tags | ||
type=semver,pattern={{version}},enable=${{ env.IS_VERSION_TAG }} | ||
type=semver,pattern={{major}}.{{minor}},enable=${{ env.IS_VERSION_TAG }} | ||
type=semver,pattern={{major}},enable=${{ env.IS_VERSION_TAG }} | ||
# if we are on the main branch set edge | ||
type=edge,branch=main | ||
# use branch-sha otherwise for pushes to branches other then main (will not be uploaded) | ||
type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} | ||
# use pr-$PR_ID for pull requests (will not be uploaded) | ||
type=ref,event=pr | ||
- name: Login to DockerHub | ||
if: github.event_name != 'pull_request' | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
||
- uses: actions/download-artifact@v3 | ||
with: | ||
name: rs-binaries | ||
path: assets | ||
- run: mkdir -p assets/linux/amd64 | ||
- run: mkdir -p assets/linux/arm64 | ||
- run: mv assets/openvasd-aarch64-unknown-linux-gnu assets/linux/arm64/openvasd | ||
- run: mv assets/openvasd-x86_64-unknown-linux-gnu assets/linux/amd64/openvasd | ||
- run: mv assets/nasl-cli-aarch64-unknown-linux-gnu assets/linux/arm64/nasl-cli | ||
- run: mv assets/nasl-cli-x86_64-unknown-linux-gnu assets/linux/amd64/nasl-cli | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Build and push | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} | ||
file: .docker/prod.Dockerfile | ||
build-args: | | ||
REPOSITORY=${{ github.repository }} | ||
platforms: linux/amd64,linux/aarch64 | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
|
||
- name: "Setup meta information debian:oldstable" | ||
id: old_stable_meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ github.repository }} | ||
labels: | | ||
org.opencontainers.image.vendor=Greenbone | ||
org.opencontainers.image.base.name=greenbone/gvm-libs | ||
flavor: latest=false # no auto latest container tag for git tags | ||
tags: | | ||
# for the images provided for debian:oldstable we just provide | ||
# oldstable on an new version or oldstable-edge when it is on main. | ||
# oldstable-branch-sha on a branch | ||
type=raw,value=oldstable,enable=${{ env.IS_LATEST_TAG }} | ||
type=raw,value=oldstable-edge,enable=${{ github.ref_name == 'main' }} | ||
type=raw,value=oldstable-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} | ||
type=ref,event=pr | ||
- name: Build and push Container image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} | ||
file: .docker/prod-oldstable.Dockerfile | ||
platforms: linux/amd64,linux/arm64 | ||
tags: ${{ steps.old_stable_meta.outputs.tags }} | ||
labels: ${{ steps.old_stable_meta.outputs.labels }} | ||
|
||
- name: "Setup meta information debian:testing" | ||
id: test_meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ github.repository }} | ||
labels: | | ||
org.opencontainers.image.vendor=Greenbone | ||
org.opencontainers.image.base.name=greenbone/gvm-libs | ||
flavor: latest=false # no auto latest container tag for git tags | ||
tags: | | ||
# for the images provided for debian:testing we just provide | ||
# testing on an new version or testing-edge when it is on main. | ||
# testing-branch-sha on a branch | ||
type=raw,value=testing,enable=${{ env.IS_LATEST_TAG }} | ||
type=raw,value=testing-edge,enable=${{ github.ref_name == 'main' }} | ||
type=raw,value=testing-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} | ||
type=ref,event=pr | ||
- name: Build and push Container image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} | ||
file: .docker/prod-testing.Dockerfile | ||
platforms: linux/amd64,linux/arm64 | ||
tags: ${{ steps.test_meta.outputs.tags }} | ||
labels: ${{ steps.test_meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
name: "Helm Push" | ||
|
||
on: [workflow_call] | ||
|
||
jobs: | ||
helm: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: greenbone/actions/helm-build-push@v3 | ||
if: github.event_name == 'workflow_dispatch' | ||
with: | ||
chart-name: openvasd | ||
registry: ${{ vars.IMAGE_REGISTRY }} | ||
registry-subpath: helm-charts/ | ||
registry-user: ${{ secrets.GREENBONE_BOT }} | ||
registry-token: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }} |
Oops, something went wrong.