Merge pull request #230 from Secure-Compliance-Solutions-LLC/dev

Release v21.4.2/v21.4.1 packages and release
Secure-Compliance-Solutions-LLC · Jul 21, 2021 · 5564a21 · 5564a21
2 parents f0128ed + 8118062
commit 5564a21
Show file tree

Hide file tree

Showing 8 changed files with 235 additions and 7 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -0,0 +1,204 @@
+name: Docker Image Build and Release
+
+on:
+  push:
+    branches: [master]
+    # Publish semver tags as releases.
+    tags: ["v*.*.*"]
+  pull_request:
+    branches: [master, dev]
+
+concurrency: ci-${{ github.ref }}
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+  IMAGE_NAME_GHCR: ghcr.io/${{ github.repository }}
+  IMAGE_NAME_DOCKER: securecompliance/gvm
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build_apks:
+    name: Build APKs
+    runs-on: ubuntu-latest
+
+    outputs:
+      labels: ${{ steps.meta.outputs.labels }}
+      tags: ${{ steps.meta.outputs.tags }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+
+      - uses: docker/setup-buildx-action@v1
+        id: buildx
+        with:
+          install: true
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Login to GitHub Container Registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Relase Prepare
+        id: releasePreare
+        run: |
+          echo -n "::set-output name=images::"
+          if [ "${GITHUB_EVENT_NAME}" != "pull_request" ]; then
+            echo -n "${IMAGE_NAME_DOCKER}"
+            echo -n ","
+          fi
+          echo -n "${IMAGE_NAME_GHCR}"
+
+      - name: Download artifact
+        uses: dawidd6/action-download-artifact@v2
+        with:
+          # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed
+          # Required, if artifact is from a different repo
+          github_token: ${{secrets.GITHUB_TOKEN}}
+          # Required, workflow file name or ID
+          workflow: build-apk.yml
+          # Optional, will use the branch
+          branch: master
+          # Optional, uploaded artifact name,
+          # will download all artifacts if not specified
+          # and extract them in respective subdirectories
+          # https://github.com/actions/download-artifact#download-all-artifacts
+          name: apk-builds
+          # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input)
+          path: ${{ github.workspace }}/apk-build/
+          # Optional, defaults to current repo
+          repo: Secure-Compliance-Solutions-LLC/GVM-APK-build
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta2
+        uses: docker/metadata-action@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: ${{ steps.releasePreare.outputs.images }}
+          tags: |
+            type=ref,event=branch,prefix=,suffix=
+            type=ref,event=pr,prefix=,suffix=
+            type=semver,pattern={{version}},prefix=,suffix=
+            type=semver,pattern={{raw}},prefix=,suffix=
+            type=semver,pattern={{major}}.{{minor}},prefix=,suffix=
+            type=sha,prefix=,suffix=
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta2.outputs.tags }}
+          labels: ${{ steps.meta2.outputs.labels }}
+          build-args: |
+            SETUP=0
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta3
+        uses: docker/metadata-action@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: ${{ steps.releasePreare.outputs.images }}
+          tags: |
+            type=ref,event=branch,prefix=,suffix=-full
+            type=ref,event=tag,prefix=,suffix=-full
+            type=ref,event=pr,prefix=,suffix=-full
+            type=semver,pattern={{version}},prefix=,suffix=-full
+            type=semver,pattern={{raw}},prefix=,suffix=-full
+            type=semver,pattern={{major}}.{{minor}},prefix=,suffix=-full
+            type=sha,prefix=,suffix=-full
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image -full tag
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta3.outputs.tags }}
+          labels: ${{ steps.meta3.outputs.labels }}
+          build-args: |
+            SETUP=0
+            OPT_PDF=1
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta4
+        uses: docker/metadata-action@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: ${{ steps.releasePreare.outputs.images }}
+          tags: |
+            type=ref,event=branch,prefix=,suffix=-data
+            type=ref,event=pr,prefix=,suffix=-data
+            type=semver,pattern={{version}},prefix=,suffix=-data
+            type=semver,pattern={{raw}},prefix=,suffix=-data
+            type=semver,pattern={{major}}.{{minor}},prefix=,suffix=-data
+            type=sha,prefix=,suffix=-data
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image with -data tag
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta4.outputs.tags }}
+          labels: ${{ steps.meta4.outputs.labels }}
+          build-args: |
+            SETUP=1
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta5
+        uses: docker/metadata-action@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: ${{ steps.releasePreare.outputs.images }}
+          tags: |
+            type=ref,event=branch,prefix=,suffix=-data-full
+            type=ref,event=pr,prefix=,suffix=-data-full
+            type=semver,pattern={{version}},prefix=,suffix=-data-full
+            type=semver,pattern={{raw}},prefix=,suffix=-data-full
+            type=semver,pattern={{major}}.{{minor}},prefix=,suffix=-data-full
+            type=sha,prefix=,suffix=-data-full
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image with -data-full tag
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta5.outputs.tags }}
+          labels: ${{ steps.meta5.outputs.labels }}
+          build-args: |
+            SETUP=1
+            OPT_PDF=1
diff --git a/.gitignore b/.gitignore
@@ -68,3 +68,4 @@ $RECYCLE.BIN/
 # Windows shortcuts
 *.lnk
 
+apk-build/
diff --git a/.gitmodules b/.gitmodules
diff --git a/Dockerfile b/Dockerfile
@@ -16,6 +16,8 @@ ARG DEBUG=N
 ARG RELAYHOST=smtp
 ARG SMTPPORT=25
 ARG AUTO_SYNC=true
+ARG CERTIFICATE=none
+ARG CERTIFICATE_KEY=none
 ARG HTTPS=true
 ARG TZ=Etc/UTC
 ARG SSHD=false
@@ -37,6 +39,8 @@ ENV SUPVISD=${SUPVISD:-supervisorctl} \
     SMTPPORT=${SMTPPORT:-25} \
     AUTO_SYNC=${AUTO_SYNC:-true} \
     HTTPS=${HTTPS:-true} \
+    CERTIFICATE=${CERTIFICATE:-none} \
+    CERTIFICATE_KEY=${CERTIFICATE_KEY:-none} \
     TZ=${TZ:-Etc/UTC} \
     SSHD=${SSHD:-false} \
     DB_PASSWORD=${DB_PASSWORD:-none} \

diff --git a/apk-build b/apk-build
diff --git a/config/supervisord.conf b/config/supervisord.conf
@@ -115,6 +115,21 @@ stopsignal=TERM
 stopasgroup=true
 killasgroup=true
 
+[program:gsad-https-owncert]
+command=/usr/bin/gsad -f --verbose --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 --ssl-certificate=%(ENV_CERTIFICATE)s --ssl-private-key=%(ENV_CERTIFICATE_KEY)s --timeout=%(ENV_TIMEOUT)s --no-redirect --mlisten=127.0.0.1 --mport=9390 --port=9392
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s_err.log
+priority=30
+user=gvm
+startretries=5
+startsecs=10
+autorestart=true
+autostart=false
+depends_on=redis,postgresql,ospd-openvas,gvmd
+stopsignal=KILL
+stopasgroup=true
+killasgroup=true
+
 [program:gsad-https]
 command=/usr/bin/gsad -f --verbose --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 --timeout=%(ENV_TIMEOUT)s --no-redirect --mlisten=127.0.0.1 --mport=9390 --port=9392
 stdout_logfile=/var/log/supervisor/%(program_name)s.log

diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
@@ -12,6 +12,8 @@ export RELAYHOST=${RELAYHOST:-smtp}
 export SMTPPORT=${SMTPPORT:-25}
 export AUTO_SYNC=${AUTO_SYNC:-true}
 export HTTPS=${HTTPS:-true}
+export CERTIFICATE=${CERTIFICATE:-none}
+export CERTIFICATE_KEY=${CERTIFICATE_KEY:-none}
 export TZ=${TZ:-Etc/UTC}
 export DEBUG=${DEBUG:-N}
 export SSHD=${SSHD:-false}

diff --git a/scripts/start.sh b/scripts/start.sh
@@ -11,6 +11,8 @@ export RELAYHOST=${RELAYHOST:-smtp}
 export SMTPPORT=${SMTPPORT:-25}
 export AUTO_SYNC=${AUTO_SYNC:-true}
 export HTTPS=${HTTPS:-true}
+export CERTIFICATE=${CERTIFICATE:-none}
+export CERTIFICATE_KEY=${CERTIFICATE_KEY:-none}
 export TZ=${TZ:-Etc/UTC}
 export SSHD=${SSHD:-false}
 export DB_PASSWORD=${DB_PASSWORD:-none}
@@ -104,7 +106,7 @@ until (pg_isready --username=postgres >/dev/null 2>&1 && psql --username=postgre
 	sleep 1
 done
 
-if [[ ! -d "/etc/ssh" ]] || [[ -d "/etc/ssh/" && $(find /etc/ssh/ -type d -empty) ]]; then
+if [[ ! -d "/etc/ssh" ]] || [[ -d "/etc/ssh/" && $(find /etc/ssh/ -maxdepth 0 -empty) ]]; then
 	mkdir /etc/ssh
 	ssh-keygen -A
 fi
@@ -251,7 +253,12 @@ if [ ! -f "/var/lib/gvm/.created_gvm_user" ]; then
 fi
 
 echo "Starting Greenbone Security Assistant..."
-if [ "${HTTPS}" == "true" ]; then
+if [ "${HTTPS}" == "true" ] && [ -e "${CERTIFICATE}" ] && [ -e "${CERTIFICATE_KEY}" ]; then
+	${SUPVISD} start gsad-https-owncert
+	if [ "${DEBUG}" == "Y" ]; then
+		${SUPVISD} status gsad-https-owncert
+	fi
+elif [ "${HTTPS}" == "true" ]; then
 	${SUPVISD} start gsad-https
 	if [ "${DEBUG}" == "Y" ]; then
 		${SUPVISD} status gsad-https
Original file line number	Diff line number	Diff line change
Expand Up		@@ -68,3 +68,4 @@ $RECYCLE.BIN/
		# Windows shortcuts
		*.lnk

		apk-build/