diff --git a/.docker/prod.Dockerfile b/.docker/Dockerfile similarity index 100% rename from .docker/prod.Dockerfile rename to .docker/Dockerfile diff --git a/.docker/build.Dockerfile b/.docker/build.Dockerfile deleted file mode 100644 index 931a160..0000000 --- a/.docker/build.Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -ARG VERSION=unstable - -FROM registry.community.greenbone.net/community/gvm-libs:${VERSION} -LABEL deprecated="This image is deprecated and may be removed soon." - -RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \ - build-essential \ - curl \ - cmake \ - pkg-config \ - libglib2.0-dev \ - libgnutls28-dev \ - libpcap-dev \ - && rm -rf /var/lib/apt/lists/* diff --git a/.github/actions/install-dependencies-action/action.yml b/.github/actions/install-dependencies-action/action.yml new file mode 100644 index 0000000..de4ce76 --- /dev/null +++ b/.github/actions/install-dependencies-action/action.yml @@ -0,0 +1,20 @@ +name: 'Install dependencies' +description: 'Install dependencies for Boreas' +runs: + using: "composite" + steps: + - name: Build Boreas + shell: bash + run: | + apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \ + build-essential \ + curl \ + cmake \ + pkg-config \ + libglib2.0-dev \ + libgnutls28-dev \ + libpcap-dev \ + git \ + clang-format \ + libssh-dev \ + && rm -rf /var/lib/apt/lists/* diff --git a/.github/workflows/ci-c.yml b/.github/workflows/ci-c.yml index 114646b..f4820f2 100644 --- a/.github/workflows/ci-c.yml +++ b/.github/workflows/ci-c.yml @@ -12,7 +12,7 @@ jobs: name: Check C Source Code Formatting runs-on: 'ubuntu-latest' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Check Source Format run: | clang-format -i -style=file src/*.c @@ -21,9 +21,10 @@ jobs: tests: name: Unit Tests runs-on: 'ubuntu-latest' - container: greenbone/boreas-build:unstable + container: ${{ vars.SELF_HOSTED_REGISTRY }}/community/gvm-libs:edge steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: ./.github/actions/install-dependencies-action - name: Configure and Compile boreas run: | mkdir build @@ -31,16 +32,18 @@ jobs: cmake -DCMAKE_BUILD_TYPE=Debug .. make install + scan-build: name: Scan-build with clang runs-on: 'ubuntu-latest' - container: greenbone/boreas-build:unstable + container: ${{ vars.SELF_HOSTED_REGISTRY }}/community/gvm-libs:edge steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: ./.github/actions/install-dependencies-action - name: Install clang tools run: | apt update - apt install --no-install-recommends -y clang clang-format clang-tools + apt install --no-install-recommends -y clang clang-tools rm -rf /var/lib/apt/lists/* - name: Configure and Scan Build boreas run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bcddf14..69749c8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,20 +17,20 @@ jobs: actions: read contents: read security-events: write - container: ${{ github.repository }}-build:unstable + container: ${{ vars.SELF_HOSTED_REGISTRY }}/community/gvm-libs:edge strategy: fail-fast: false matrix: language: [ 'c' ] - + steps: - - name: Checkout repository - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: ./.github/actions/install-dependencies-action # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 with: languages: ${{ matrix.language }} queries: security-and-quality @@ -42,6 +42,6 @@ jobs: -DCMAKE_BUILD_TYPE=Release .. && make install working-directory: ${{ github.WORKSPACE }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml deleted file mode 100644 index d033d74..0000000 --- a/.github/workflows/container.yml +++ /dev/null @@ -1,84 +0,0 @@ -name: Container Image Builds - -on: - push: - branches: [main] - tags: ["v*"] - pull_request: - branches: [main] - workflow_dispatch: - -jobs: - production: - name: Production Images - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: 'set IS_VERSION_TAG' - run: | - echo "IS_VERSION_TAG=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}" >> $GITHUB_ENV - # set defaults - echo "IS_LATEST_TAG=false" >> $GITHUB_ENV - - name: 'set IS_LATEST_TAG' - if: ( env.IS_VERSION_TAG ) - run: | - # find the latest version that is not ourself - export LATEST_VERSION=$(git tag -l | grep -v '${{ github.ref_name }}' | sort -r --version-sort) - # get major minor patch versions - IFS='.' read -r latest_major latest_minor latest_patch << EOF - $LATEST_VERSION - EOF - IFS='.' read -r tag_major tag_minor tag_patch << EOF - ${{ github.ref_name }} - EOF - # remove leading v - latest_major=$(echo $latest_major | cut -c2-) - tag_major=$(echo $tag_major | cut -c2-) - echo "$tag_major >= $latest_major" - if [[ $tag_major -ge $latest_major && ($tag_minor -ne 0 || $tag_patch -ne 0) ]]; then - # set this tag to latest and stable - echo "IS_LATEST_TAG=true" >> $GITHUB_ENV - fi - - name: 'Setup meta information (IS_VERSION_TAG: ${{ env.IS_VERSION_TAG }}, IS_LATEST_TAG: ${{ env.IS_LATEST_TAG }} )' - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ github.repository }} - labels: | - org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=debian:stable-slim - flavor: latest=false # no auto latest container tag for git tags - tags: | - # when IS_LATEST_TAG is set create a stable and a latest tag - type=raw,value=latest,enable=${{ env.IS_LATEST_TAG }} - type=raw,value=stable,enable=${{ env.IS_LATEST_TAG }} - # if tag version is set than create a version tags - type=semver,pattern={{version}},enable=${{ env.IS_VERSION_TAG }} - type=semver,pattern={{major}}.{{minor}},enable=${{ env.IS_VERSION_TAG }} - type=semver,pattern={{major}},enable=${{ env.IS_VERSION_TAG }} - # if we are on the main branch set edge - type=edge,branch=main - # use branch-sha otherwise for pushes to branches other then main (will not be uploaded) - type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} - # use pr-$PR_ID for pull requests (will not be uploaded) - type=ref,event=pr - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to Docker Registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build and push Container image - uses: docker/build-push-action@v6 - with: - context: . - push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} - file: .docker/prod.Dockerfile - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..7f016aa --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,27 @@ +name: Build & Push to Greenbone Registry + +on: + push: + branches: [ main ] + tags: ["v*"] + pull_request: + branches: [ main ] + workflow_dispatch: + inputs: + ref-name: + type: string + description: "The ref to build a container image from. For example a tag v23.0.0." + required: true + +jobs: + build-push-debian-stable-container: + name: Build and Push debian:stable to Greenbone Registry + uses: greenbone/workflows/.github/workflows/container-build-push-2nd-gen.yml@main + with: + build-docker-file: .docker/Dockerfile + image-url: community/boreas + image-labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=debian:stable-slim + ref-name: ${{ inputs.ref-name }} + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b5d92ba..91f22db 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,14 +23,14 @@ on: # For a patch release, the latest tag is enhanced with 0.0.1, leaving the major and minor versions as # they are. # -# For a minor release, the latest tag is enhanced with 0.1.0, and the patch version is set to 0. +# For a minor release, the latest tag is enhanced with 0.1.0, and the patch version is set to 0. # # For a major release, a branch is created for the latest major release found by tag, and the version # is enhanced with $latest_tag + 1.0.0, increasing the major version by 1 and setting the minor and # patch versions to 0. # # Major version releases are only valid on the "main" branch. -# +# # Once the version is found and enhanced, each project file is updated to the new # version, and a commit is created in the found branch. jobs: @@ -40,7 +40,7 @@ jobs: (github.event_name == 'workflow_dispatch') || ( github.event.pull_request.merged == true && - ( + ( contains(github.event.pull_request.labels.*.name, 'major_release') || contains(github.event.pull_request.labels.*.name, 'minor_release') || contains(github.event.pull_request.labels.*.name, 'patch_release') @@ -112,7 +112,7 @@ jobs: export BRANCH_NAME=$(echo "${{ env.LATEST_VERSION }}" | sed 's/^\([0-9]*\).*/v\1/') git checkout -b "$BRANCH_NAME" git push origin "$BRANCH_NAME" - # create branch of version + # create branch of version - name: prepare project version ${{ env.RELEASE_REF }} ${{ env.LATEST_VERSION }} -> ${{ env.NEW_VERSION }} run: | # jump back for the case that we switched to a tag