From 208df662166a98d38f17fb9103e4792a0af2d05e Mon Sep 17 00:00:00 2001 From: sukhmancode Date: Mon, 27 Oct 2025 04:38:45 +0530 Subject: [PATCH 1/2] Replace GitHub Actions version tags with SHA for deterministic builds (Issue #1158) --- .github/workflows/ci_cd.yml | 708 ++++++++++++++++++------------------ 1 file changed, 354 insertions(+), 354 deletions(-) diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml index 84c9859ff..68a41876b 100644 --- a/.github/workflows/ci_cd.yml +++ b/.github/workflows/ci_cd.yml @@ -1,354 +1,354 @@ -name: CI/CD - -on: - merge_group: - pull_request: - branches: - - master - push: - branches: - - master - tags: - - '*' - workflow_dispatch: - -concurrency: - cancel-in-progress: true - group: ${{ github.repository }}-${{ github.workflow }}-${{ github.head_ref || github.ref_name }} - -jobs: - # Code quality checks. - pre-commit: - name: Run pre-commit - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@v5 - - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.11' - - name: Run pre-commit - uses: pre-commit/action@v3.0.1 - - code-ql: - name: CodeQL - needs: - - pre-commit - permissions: - security-events: write - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - language: - - javascript - - python - steps: - - name: Check out repository - uses: actions/checkout@v5 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: ${{ matrix.language }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 - with: - category: /language:${{ matrix.language }} - - # Code tests. - run-tests: - name: Run tests - needs: - - pre-commit - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@v5 - - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.11' - - - name: Install dependencies - run: | - python -m pip install --upgrade poetry - poetry install --with test - - - name: Run tests - run: | - poetry run pytest - - build-package: - name: Build package - needs: - - run-tests - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@v5 - - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.11' - - - name: Install dependencies - run: | - python -m pip install --upgrade pip poetry - poetry install - - - name: Build package - run: | - poetry build --no-interaction - - - name: Upload package artifacts - uses: actions/upload-artifact@v5 - with: - name: dist - path: dist - - test-build-package: - name: Test build on ${{ matrix.os }} - runs-on: ${{ matrix.os }} - needs: build-package - strategy: - matrix: - os: - - macos-latest - - ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@v5 - - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.11' - - - name: Get package artifacts - uses: actions/download-artifact@v6 - with: - name: dist - path: dist - - - name: Run tests - shell: bash - run: | - rm -rf nettacker - python -m pip install dist/*.whl - nettacker --version - python -m pip uninstall -y nettacker - python -m pip install dist/*.tar.gz - nettacker --version - - # Docker related jobs. - test-docker-image: - name: Test Docker image - needs: - - run-tests - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@v5 - - - name: Build Docker image - run: docker build . -t nettacker - - - name: Test help menu - run: | - docker run -e github_ci=true --rm nettacker --help - - - name: Test help menu in Persian - run: | - docker run -e github_ci=true --rm nettacker --help -L fa - - - name: Show all modules - run: | - docker run -e github_ci=true --rm nettacker --show-all-modules - - - name: Show all profiles - run: | - docker run -e github_ci=true --rm nettacker --show-all-profiles - - - name: Test all modules command + check if it's finish successfully + csv - run: | - docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ - -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ - -t 1000 -T 3 -o out.csv - - - name: Test all modules command + check if it's finish successfully + csv - run: | - docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ - -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ - -t 1000 -T 3 -o out.csv --skip-service-discovery - - - name: Test all modules command + check if it's finish successfully + with graph + Persian - run: | - docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ - -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \ - -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v - - - name: Test all modules command + check if it's finish successfully + with graph + Persian - run: | - docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ - -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \ - -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v --skip-service-discovery - - test-docker-image-build: - name: Test Docker ${{ matrix.docker-version }} image build - needs: - - run-tests - runs-on: ubuntu-24.04 - strategy: - matrix: - docker-version: - - '27.5.0-1~ubuntu.24.04~noble' - - '26.1.4-1~ubuntu.24.04~noble' - - '26.0.0-1~ubuntu.24.04~noble' - steps: - - name: Uninstall pre-installed Docker - run: | - sudo apt-get remove docker-ce docker-ce-cli - - # https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository - - name: Install Docker ${{ matrix.docker-version }} - run: | - sudo apt-get update - sudo apt-get install ca-certificates curl gnupg - sudo install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg - sudo chmod a+r /etc/apt/keyrings/docker.gpg - echo \ - "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ - "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - sudo apt-get update - sudo apt-get install docker-ce=5:${{ matrix.docker-version }} docker-ce-cli=5:${{ matrix.docker-version }} - - - name: Check out repository - uses: actions/checkout@v5 - - - name: Print Docker version - run: docker -v - - - name: Build Nettacker image - run: docker build . -t nettacker - - publish-nettacker-dev-to-docker-registry: - name: Publish nettacker:dev Docker image - if: | - github.repository == 'owasp/nettacker' && - github.event_name == 'push' && - github.ref_name == 'master' - needs: - - test-docker-image - - test-docker-image-build - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@v5 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push - uses: docker/build-push-action@v6 - with: - context: . - file: Dockerfile - push: true - tags: owasp/nettacker:dev - - publish-nettacker-latest-to-docker-registry: - name: Publish nettacker:latest Docker image - if: | - github.repository == 'owasp/nettacker' && - github.event_name == 'push' && - startsWith(github.event.ref, 'refs/tags/v') - needs: - - test-docker-image - - test-docker-image-build - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@v5 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push - uses: docker/build-push-action@v6 - with: - context: . - file: Dockerfile - push: true - tags: owasp/nettacker:latest - - publish-to-test-pypi: - name: Publish Test PyPI package - if: | - github.repository == 'OWASP/Nettacker' && - github.event_name == 'push' && - github.ref_name == 'master' - environment: dev - needs: - - test-build-package - permissions: - contents: read - id-token: write - runs-on: ubuntu-24.04 - steps: - - name: Get package artifacts - uses: actions/download-artifact@v6 - with: - name: dist - path: dist - - - name: Publish package distributions to Test PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - repository-url: https://test.pypi.org/legacy/ - skip-existing: true - - publish-to-pypi: - name: Publish PyPI package - if: | - github.repository == 'OWASP/Nettacker' && - github.event_name == 'push' && - startsWith(github.event.ref, 'refs/tags/') - environment: release - needs: - - test-build-package - permissions: - contents: read - id-token: write - runs-on: ubuntu-24.04 - steps: - - name: Get package artifacts - uses: actions/download-artifact@v6 - with: - name: dist - path: dist - - - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 +name: CI/CD + +on: + merge_group: + pull_request: + branches: + - master + push: + branches: + - master + tags: + - '*' + workflow_dispatch: + +concurrency: + cancel-in-progress: true + group: ${{ github.repository }}-${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + +jobs: + # Code quality checks. + pre-commit: + name: Run pre-commit + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: '3.11' + - name: Run pre-commit + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd + + code-ql: + name: CodeQL + needs: + - pre-commit + permissions: + security-events: write + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + language: + - javascript + - python + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Initialize CodeQL + uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb + with: + languages: ${{ matrix.language }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb + with: + category: /language:${{ matrix.language }} + + # Code tests. + run-tests: + name: Run tests + needs: + - pre-commit + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: '3.11' + + - name: Install dependencies + run: | + python -m pip install --upgrade poetry + poetry install --with test + + - name: Run tests + run: | + poetry run pytest + + build-package: + name: Build package + needs: + - run-tests + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: '3.11' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip poetry + poetry install + + - name: Build package + run: | + poetry build --no-interaction + + - name: Upload package artifacts + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + name: dist + path: dist + + test-build-package: + name: Test build on ${{ matrix.os }} + runs-on: ${{ matrix.os }} + needs: build-package + strategy: + matrix: + os: + - macos-latest + - ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: '3.11' + + - name: Get package artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: dist + path: dist + + - name: Run tests + shell: bash + run: | + rm -rf nettacker + python -m pip install dist/*.whl + nettacker --version + python -m pip uninstall -y nettacker + python -m pip install dist/*.tar.gz + nettacker --version + + # Docker related jobs. + test-docker-image: + name: Test Docker image + needs: + - run-tests + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Build Docker image + run: docker build . -t nettacker + + - name: Test help menu + run: | + docker run -e github_ci=true --rm nettacker --help + + - name: Test help menu in Persian + run: | + docker run -e github_ci=true --rm nettacker --help -L fa + + - name: Show all modules + run: | + docker run -e github_ci=true --rm nettacker --show-all-modules + + - name: Show all profiles + run: | + docker run -e github_ci=true --rm nettacker --show-all-profiles + + - name: Test all modules command + check if it's finish successfully + csv + run: | + docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ + -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ + -t 1000 -T 3 -o out.csv + + - name: Test all modules command + check if it's finish successfully + csv + run: | + docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ + -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ + -t 1000 -T 3 -o out.csv --skip-service-discovery + + - name: Test all modules command + check if it's finish successfully + with graph + Persian + run: | + docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ + -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \ + -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v + + - name: Test all modules command + check if it's finish successfully + with graph + Persian + run: | + docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ + -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \ + -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v --skip-service-discovery + + test-docker-image-build: + name: Test Docker ${{ matrix.docker-version }} image build + needs: + - run-tests + runs-on: ubuntu-24.04 + strategy: + matrix: + docker-version: + - '27.5.0-1~ubuntu.24.04~noble' + - '26.1.4-1~ubuntu.24.04~noble' + - '26.0.0-1~ubuntu.24.04~noble' + steps: + - name: Uninstall pre-installed Docker + run: | + sudo apt-get remove docker-ce docker-ce-cli + + # https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository + - name: Install Docker ${{ matrix.docker-version }} + run: | + sudo apt-get update + sudo apt-get install ca-certificates curl gnupg + sudo install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + sudo chmod a+r /etc/apt/keyrings/docker.gpg + echo \ + "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ + "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + sudo apt-get update + sudo apt-get install docker-ce=5:${{ matrix.docker-version }} docker-ce-cli=5:${{ matrix.docker-version }} + + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Print Docker version + run: docker -v + + - name: Build Nettacker image + run: docker build . -t nettacker + + publish-nettacker-dev-to-docker-registry: + name: Publish nettacker:dev Docker image + if: | + github.repository == 'owasp/nettacker' && + github.event_name == 'push' && + github.ref_name == 'master' + needs: + - test-docker-image + - test-docker-image-build + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Login to Docker Hub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 + + - name: Build and push + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + with: + context: . + file: Dockerfile + push: true + tags: owasp/nettacker:dev + + publish-nettacker-latest-to-docker-registry: + name: Publish nettacker:latest Docker image + if: | + github.repository == 'owasp/nettacker' && + github.event_name == 'push' && + startsWith(github.event.ref, 'refs/tags/v') + needs: + - test-docker-image + - test-docker-image-build + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 + + - name: Login to Docker Hub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 + + - name: Build and push + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + with: + context: . + file: Dockerfile + push: true + tags: owasp/nettacker:latest + + publish-to-test-pypi: + name: Publish Test PyPI package + if: | + github.repository == 'OWASP/Nettacker' && + github.event_name == 'push' && + github.ref_name == 'master' + environment: dev + needs: + - test-build-package + permissions: + contents: read + id-token: write + runs-on: ubuntu-24.04 + steps: + - name: Get package artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: dist + path: dist + + - name: Publish package distributions to Test PyPI + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e + with: + repository-url: https://test.pypi.org/legacy/ + skip-existing: true + + publish-to-pypi: + name: Publish PyPI package + if: | + github.repository == 'OWASP/Nettacker' && + github.event_name == 'push' && + startsWith(github.event.ref, 'refs/tags/') + environment: release + needs: + - test-build-package + permissions: + contents: read + id-token: write + runs-on: ubuntu-24.04 + steps: + - name: Get package artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: dist + path: dist + + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e From 1777ab531f62041dcdf4865954ad5c1eb8e5857b Mon Sep 17 00:00:00 2001 From: Arkadii Yakovets Date: Sun, 26 Oct 2025 18:19:10 -0700 Subject: [PATCH 2/2] Run pre-commit --- .github/workflows/ci_cd.yml | 708 ++++++++++++++++++------------------ 1 file changed, 354 insertions(+), 354 deletions(-) diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml index 68a41876b..99c7c0769 100644 --- a/.github/workflows/ci_cd.yml +++ b/.github/workflows/ci_cd.yml @@ -1,354 +1,354 @@ -name: CI/CD - -on: - merge_group: - pull_request: - branches: - - master - push: - branches: - - master - tags: - - '*' - workflow_dispatch: - -concurrency: - cancel-in-progress: true - group: ${{ github.repository }}-${{ github.workflow }}-${{ github.head_ref || github.ref_name }} - -jobs: - # Code quality checks. - pre-commit: - name: Run pre-commit - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c - with: - python-version: '3.11' - - name: Run pre-commit - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd - - code-ql: - name: CodeQL - needs: - - pre-commit - permissions: - security-events: write - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - language: - - javascript - - python - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - - name: Initialize CodeQL - uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb - with: - languages: ${{ matrix.language }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb - with: - category: /language:${{ matrix.language }} - - # Code tests. - run-tests: - name: Run tests - needs: - - pre-commit - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c - with: - python-version: '3.11' - - - name: Install dependencies - run: | - python -m pip install --upgrade poetry - poetry install --with test - - - name: Run tests - run: | - poetry run pytest - - build-package: - name: Build package - needs: - - run-tests - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c - with: - python-version: '3.11' - - - name: Install dependencies - run: | - python -m pip install --upgrade pip poetry - poetry install - - - name: Build package - run: | - poetry build --no-interaction - - - name: Upload package artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 - with: - name: dist - path: dist - - test-build-package: - name: Test build on ${{ matrix.os }} - runs-on: ${{ matrix.os }} - needs: build-package - strategy: - matrix: - os: - - macos-latest - - ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c - with: - python-version: '3.11' - - - name: Get package artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 - with: - name: dist - path: dist - - - name: Run tests - shell: bash - run: | - rm -rf nettacker - python -m pip install dist/*.whl - nettacker --version - python -m pip uninstall -y nettacker - python -m pip install dist/*.tar.gz - nettacker --version - - # Docker related jobs. - test-docker-image: - name: Test Docker image - needs: - - run-tests - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - - name: Build Docker image - run: docker build . -t nettacker - - - name: Test help menu - run: | - docker run -e github_ci=true --rm nettacker --help - - - name: Test help menu in Persian - run: | - docker run -e github_ci=true --rm nettacker --help -L fa - - - name: Show all modules - run: | - docker run -e github_ci=true --rm nettacker --show-all-modules - - - name: Show all profiles - run: | - docker run -e github_ci=true --rm nettacker --show-all-profiles - - - name: Test all modules command + check if it's finish successfully + csv - run: | - docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ - -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ - -t 1000 -T 3 -o out.csv - - - name: Test all modules command + check if it's finish successfully + csv - run: | - docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ - -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ - -t 1000 -T 3 -o out.csv --skip-service-discovery - - - name: Test all modules command + check if it's finish successfully + with graph + Persian - run: | - docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ - -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \ - -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v - - - name: Test all modules command + check if it's finish successfully + with graph + Persian - run: | - docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ - -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \ - -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v --skip-service-discovery - - test-docker-image-build: - name: Test Docker ${{ matrix.docker-version }} image build - needs: - - run-tests - runs-on: ubuntu-24.04 - strategy: - matrix: - docker-version: - - '27.5.0-1~ubuntu.24.04~noble' - - '26.1.4-1~ubuntu.24.04~noble' - - '26.0.0-1~ubuntu.24.04~noble' - steps: - - name: Uninstall pre-installed Docker - run: | - sudo apt-get remove docker-ce docker-ce-cli - - # https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository - - name: Install Docker ${{ matrix.docker-version }} - run: | - sudo apt-get update - sudo apt-get install ca-certificates curl gnupg - sudo install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg - sudo chmod a+r /etc/apt/keyrings/docker.gpg - echo \ - "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ - "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - sudo apt-get update - sudo apt-get install docker-ce=5:${{ matrix.docker-version }} docker-ce-cli=5:${{ matrix.docker-version }} - - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - - name: Print Docker version - run: docker -v - - - name: Build Nettacker image - run: docker build . -t nettacker - - publish-nettacker-dev-to-docker-registry: - name: Publish nettacker:dev Docker image - if: | - github.repository == 'owasp/nettacker' && - github.event_name == 'push' && - github.ref_name == 'master' - needs: - - test-docker-image - - test-docker-image-build - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - - name: Login to Docker Hub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - - - name: Build and push - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 - with: - context: . - file: Dockerfile - push: true - tags: owasp/nettacker:dev - - publish-nettacker-latest-to-docker-registry: - name: Publish nettacker:latest Docker image - if: | - github.repository == 'owasp/nettacker' && - github.event_name == 'push' && - startsWith(github.event.ref, 'refs/tags/v') - needs: - - test-docker-image - - test-docker-image-build - runs-on: ubuntu-24.04 - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 - - - name: Login to Docker Hub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - - - name: Build and push - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 - with: - context: . - file: Dockerfile - push: true - tags: owasp/nettacker:latest - - publish-to-test-pypi: - name: Publish Test PyPI package - if: | - github.repository == 'OWASP/Nettacker' && - github.event_name == 'push' && - github.ref_name == 'master' - environment: dev - needs: - - test-build-package - permissions: - contents: read - id-token: write - runs-on: ubuntu-24.04 - steps: - - name: Get package artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 - with: - name: dist - path: dist - - - name: Publish package distributions to Test PyPI - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e - with: - repository-url: https://test.pypi.org/legacy/ - skip-existing: true - - publish-to-pypi: - name: Publish PyPI package - if: | - github.repository == 'OWASP/Nettacker' && - github.event_name == 'push' && - startsWith(github.event.ref, 'refs/tags/') - environment: release - needs: - - test-build-package - permissions: - contents: read - id-token: write - runs-on: ubuntu-24.04 - steps: - - name: Get package artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 - with: - name: dist - path: dist - - - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e +name: CI/CD + +on: + merge_group: + pull_request: + branches: + - master + push: + branches: + - master + tags: + - '*' + workflow_dispatch: + +concurrency: + cancel-in-progress: true + group: ${{ github.repository }}-${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + +jobs: + # Code quality checks. + pre-commit: + name: Run pre-commit + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: '3.11' + - name: Run pre-commit + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd + + code-ql: + name: CodeQL + needs: + - pre-commit + permissions: + security-events: write + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + language: + - javascript + - python + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Initialize CodeQL + uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb + with: + languages: ${{ matrix.language }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb + with: + category: /language:${{ matrix.language }} + + # Code tests. + run-tests: + name: Run tests + needs: + - pre-commit + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: '3.11' + + - name: Install dependencies + run: | + python -m pip install --upgrade poetry + poetry install --with test + + - name: Run tests + run: | + poetry run pytest + + build-package: + name: Build package + needs: + - run-tests + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: '3.11' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip poetry + poetry install + + - name: Build package + run: | + poetry build --no-interaction + + - name: Upload package artifacts + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + name: dist + path: dist + + test-build-package: + name: Test build on ${{ matrix.os }} + runs-on: ${{ matrix.os }} + needs: build-package + strategy: + matrix: + os: + - macos-latest + - ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: '3.11' + + - name: Get package artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: dist + path: dist + + - name: Run tests + shell: bash + run: | + rm -rf nettacker + python -m pip install dist/*.whl + nettacker --version + python -m pip uninstall -y nettacker + python -m pip install dist/*.tar.gz + nettacker --version + + # Docker related jobs. + test-docker-image: + name: Test Docker image + needs: + - run-tests + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Build Docker image + run: docker build . -t nettacker + + - name: Test help menu + run: | + docker run -e github_ci=true --rm nettacker --help + + - name: Test help menu in Persian + run: | + docker run -e github_ci=true --rm nettacker --help -L fa + + - name: Show all modules + run: | + docker run -e github_ci=true --rm nettacker --show-all-modules + + - name: Show all profiles + run: | + docker run -e github_ci=true --rm nettacker --show-all-profiles + + - name: Test all modules command + check if it's finish successfully + csv + run: | + docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ + -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ + -t 1000 -T 3 -o out.csv + + - name: Test all modules command + check if it's finish successfully + csv + run: | + docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ + -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ + -t 1000 -T 3 -o out.csv --skip-service-discovery + + - name: Test all modules command + check if it's finish successfully + with graph + Persian + run: | + docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ + -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \ + -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v + + - name: Test all modules command + check if it's finish successfully + with graph + Persian + run: | + docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \ + -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \ + -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v --skip-service-discovery + + test-docker-image-build: + name: Test Docker ${{ matrix.docker-version }} image build + needs: + - run-tests + runs-on: ubuntu-24.04 + strategy: + matrix: + docker-version: + - '27.5.0-1~ubuntu.24.04~noble' + - '26.1.4-1~ubuntu.24.04~noble' + - '26.0.0-1~ubuntu.24.04~noble' + steps: + - name: Uninstall pre-installed Docker + run: | + sudo apt-get remove docker-ce docker-ce-cli + + # https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository + - name: Install Docker ${{ matrix.docker-version }} + run: | + sudo apt-get update + sudo apt-get install ca-certificates curl gnupg + sudo install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + sudo chmod a+r /etc/apt/keyrings/docker.gpg + echo \ + "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ + "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + sudo apt-get update + sudo apt-get install docker-ce=5:${{ matrix.docker-version }} docker-ce-cli=5:${{ matrix.docker-version }} + + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Print Docker version + run: docker -v + + - name: Build Nettacker image + run: docker build . -t nettacker + + publish-nettacker-dev-to-docker-registry: + name: Publish nettacker:dev Docker image + if: | + github.repository == 'owasp/nettacker' && + github.event_name == 'push' && + github.ref_name == 'master' + needs: + - test-docker-image + - test-docker-image-build + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Login to Docker Hub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 + + - name: Build and push + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + with: + context: . + file: Dockerfile + push: true + tags: owasp/nettacker:dev + + publish-nettacker-latest-to-docker-registry: + name: Publish nettacker:latest Docker image + if: | + github.repository == 'owasp/nettacker' && + github.event_name == 'push' && + startsWith(github.event.ref, 'refs/tags/v') + needs: + - test-docker-image + - test-docker-image-build + runs-on: ubuntu-24.04 + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 + + - name: Login to Docker Hub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 + + - name: Build and push + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + with: + context: . + file: Dockerfile + push: true + tags: owasp/nettacker:latest + + publish-to-test-pypi: + name: Publish Test PyPI package + if: | + github.repository == 'OWASP/Nettacker' && + github.event_name == 'push' && + github.ref_name == 'master' + environment: dev + needs: + - test-build-package + permissions: + contents: read + id-token: write + runs-on: ubuntu-24.04 + steps: + - name: Get package artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: dist + path: dist + + - name: Publish package distributions to Test PyPI + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e + with: + repository-url: https://test.pypi.org/legacy/ + skip-existing: true + + publish-to-pypi: + name: Publish PyPI package + if: | + github.repository == 'OWASP/Nettacker' && + github.event_name == 'push' && + startsWith(github.event.ref, 'refs/tags/') + environment: release + needs: + - test-build-package + permissions: + contents: read + id-token: write + runs-on: ubuntu-24.04 + steps: + - name: Get package artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: dist + path: dist + + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e