added cloudmapper integration

matusso · Dec 19, 2024 · 645ab6a · 645ab6a
1 parent 55954c1
commit 645ab6a
Showing 1 changed file with 111 additions and 0 deletions.
diff --git a/.github/workflows/cloudmapper.yml b/.github/workflows/cloudmapper.yml
@@ -0,0 +1,111 @@
+name: duo-labs/cloudmapper
+
+on:
+  push:
+    branches:
+      - main  # Change to your default branch if not main
+      - cloudmapper-integration
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+  packages: write
+  security-events: write
+
+env:
+  PYTHON_VERSION: "3.13"
+  RELEASE_VERSION: "2.10.0"
+
+jobs:
+  build-and-push:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+
+    steps:
+      - name: Checkout cloudmapper Repository
+        uses: actions/checkout@v4
+        with:
+          repository: duo-labs/cloudmapper
+          path: cloudmapper  # Optional: Clone into a specific directory
+          ref: ${{ env.RELEASE_VERSION }}
+
+      - uses: snyk/actions/setup@master
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: ${{ github.workspace }}/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Install libpcap
+        run: sudo apt update && sudo apt install -y libpcap-dev
+
+            # Set up Python 3.13
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Build and push Docker image
+        run: |
+          docker buildx build --push \
+            --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} \
+            --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest \
+            --platform linux/amd64,linux/arm64 ./metasploit-framework
+
+      - name: Logout from Docker Hub
+        run: docker logout
+
+      - name: Check ghcr.io/${{ github.repository_owner }}/cloudmapper:${{ env.RELEASE_VERSION }} image
+        uses: snyk/actions/docker@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ghcr.io/${{ github.repository_owner }}/cloudmapper:${{ env.RELEASE_VERSION }}
+          args: --file=./cloudmapper/Dockerfile
+          json: true
+      - uses: garethr/snyk-to-sarif@master
+      - uses: actions/upload-artifact@v4
+        with:
+          name: SARIF
+          path: snyk.sarif
+
+      - name: Upload SARIF Report to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk.sarif
+
+      # SonarCloud Scan for Metasploit Framework
+      - name: SonarCloud Scan
+        uses: sonarsource/sonarqube-scan-action@v4
+        continue-on-error: true
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.organization=matusso
+            -Dsonar.projectKey=docker-builds:cloudmapper
+            -Dsonar.verbose=true
+            -Dsonar.projectName=cloudmapper 
+            -Dsonar.python.version=${{ env.PYTHON_VERSION }}
+            -Dsonar.sources=cloudmapper
+            -Dsonar.exclusions=**/*.java,**/*.c,**/*.cpp,**/*.h,**/*.mm,**/*.m
+            -Dsonar.c.file.suffixes=-
+            -Dsonar.cpp.file.suffixes=-
+            -Dsonar.objc.file.suffixes=-