.github/workflows/metasploit-framework.yml

name: rapid7/metasploit-framework

on:
  push:
    branches:
      - main  # Change to your default branch if not main
      - msf-6.4.39
  pull_request:
    types: [opened, synchronize, reopened]

permissions:
  contents: read
  packages: write
  security-events: write

env:
  RELEASE_VERSION: "6.4.39"
  RUBY_VERSION: "3.2.5"
  
jobs:
  build-and-push:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest]

    steps:
      - name: Checkout Metasploit Framework Repository
        uses: actions/checkout@v4
        with:
          repository: rapid7/metasploit-framework
          path: metasploit-framework  # Optional: Clone into a specific directory
          ref: ${{ env.RELEASE_VERSION }}

      - uses: snyk/actions/setup@master

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
  
      - name: Cache Docker layers
        uses: actions/cache@v3
        with:
          path: ${{ github.workspace }}/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-

      - name: Install libpcap
        run: sudo apt update && sudo apt install -y libpcap-dev
            
            # Set up Ruby environment
      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ${{ env.RUBY_VERSION }}
          bundler-cache: true
      
            # Install Ruby dependencies
      - name: Install Ruby dependencies
        run: |
          cd metasploit-framework
          bundle install --path vendor/bundle

      - name: Build and push Docker image
        run: |
          docker buildx build --push \
            --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} \
            --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest \
            --platform linux/amd64,linux/arm64 ./metasploit-framework

      - name: Logout from Docker Hub
        run: docker logout
      
      - name: Check ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} image
        uses: snyk/actions/docker@master
        continue-on-error: true
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          image: ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }}
          args: --file=./metasploit-framework/Dockerfile
          json: true
      - uses: garethr/snyk-to-sarif@master
      - uses: actions/upload-artifact@v4
        with:
          name: SARIF
          path: snyk.sarif
      
      - name: Upload SARIF Report to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk.sarif

      # SonarCloud Scan for Metasploit Framework
      - name: SonarCloud Scan
        uses: sonarsource/sonarqube-scan-action@v4
        continue-on-error: true
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          args: >
            -Dsonar.organization=matusso
            -Dsonar.projectKey=docker-builds:metasploit-framework
            -Dsonar.verbose=true
            -Dsonar.projectName=metasploit-framework
            -Dsonar.languages=ruby
            -Dsonar.sources=metasploit-framework
            -Dsonar.exclusions=**/*.java,**/*.c,**/*.cpp,**/*.h,**/*.mm,**/*.m
            -Dsonar.c.file.suffixes=-
            -Dsonar.cpp.file.suffixes=-
            -Dsonar.objc.file.suffixes=-