1+ name : Build PR Desktop Containers
2+
3+ on :
4+ pull_request :
5+ types : [opened, synchronize, reopened]
6+ paths :
7+ - ' Dockerfile_webdesktop'
8+ - ' Dockerfile_webdesktopk8s'
9+ - ' wrongsecret-desktop-resources/**'
10+ - ' src/main/resources/executables/**'
11+ - ' src/test/resources/alibabacreds.kdbx'
12+ - ' pom.xml'
13+ workflow_dispatch :
14+
15+ permissions :
16+ contents : read
17+ packages : write
18+ pull-requests : write
19+
20+ jobs :
21+ build-pr-desktop-containers :
22+ runs-on : ubuntu-latest
23+ strategy :
24+ matrix :
25+ container :
26+ - name : " webdesktop"
27+ dockerfile : " Dockerfile_webdesktop"
28+ image_name : " wrongsecrets-desktop-pr"
29+ - name : " webdesktop-k8s"
30+ dockerfile : " Dockerfile_webdesktopk8s"
31+ image_name : " wrongsecrets-desktop-k8s-pr"
32+ steps :
33+ - name : Checkout code
34+ uses : actions/checkout@v5
35+
36+ - name : Set up JDK 23
37+ uses : actions/setup-java@v5
38+ with :
39+ java-version : " 23"
40+ distribution : " temurin"
41+ cache : " maven"
42+
43+ - name : Extract version from pom.xml
44+ id : extract-version
45+ run : |
46+ echo "Extracting version from pom.xml..."
47+ chmod +x ./mvnw
48+ VERSION=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
49+ DOCKER_VERSION=${VERSION%-SNAPSHOT}
50+ echo "version=$VERSION" >> $GITHUB_OUTPUT
51+ echo "docker_version=$DOCKER_VERSION" >> $GITHUB_OUTPUT
52+ echo "Detected version: $VERSION"
53+ echo "Docker version: $DOCKER_VERSION"
54+
55+ name : Build application
56+ run : ./mvnw --no-transfer-progress clean package -DskipTests
57+
58+ - name : Verify JAR file was created
59+ run : |
60+ echo "Checking target directory..."
61+ ls -la target/
62+ echo "Looking for JAR files..."
63+ find target/ -name "*.jar" -type f
64+ echo "Verifying specific JAR exists..."
65+ JAR_FILE="target/wrongsecrets-${{ steps.extract-version.outputs.version }}.jar"
66+ if [ -f "$JAR_FILE" ]; then
67+ echo "✅ JAR file found: $JAR_FILE"
68+ ls -la "$JAR_FILE"
69+ else
70+ echo "❌ Expected JAR file not found: $JAR_FILE"
71+ echo "Available JAR files:"
72+ find target/ -name "*.jar" -type f || echo "No JAR files found"
73+ exit 1
74+ fi
75+
76+ name : Set up Docker Buildx
77+ uses : docker/setup-buildx-action@v3
78+
79+ - name : Log in to GitHub Container Registry
80+ uses : docker/login-action@v3
81+ with :
82+ registry : ghcr.io
83+ username : ${{ github.actor }}
84+ password : ${{ secrets.GITHUB_TOKEN }}
85+
86+ - name : Extract metadata
87+ id : meta
88+ uses : docker/metadata-action@v5
89+ with :
90+ images : ghcr.io/${{ github.repository }}/${{ matrix.container.image_name }}
91+ tags : |
92+ type=ref,event=pr,suffix=-{{sha}}
93+ type=ref,event=pr
94+
95+ name : Create secret file for build
96+ run : |
97+ echo "wrongsecret-3" > /tmp/mysecret.txt
98+
99+ name : Build and push Docker image
100+ id : build
101+ uses : docker/build-push-action@v6
102+ with :
103+ platforms : linux/amd64,linux/arm64
104+ context : .
105+ file : ${{ matrix.container.dockerfile }}
106+ push : true
107+ tags : ${{ steps.meta.outputs.tags }}
108+ labels : ${{ steps.meta.outputs.labels }}
109+ build-args : |
110+ argBasedVersion=${{ steps.extract-version.outputs.docker_version }}
111+ secrets : |
112+ mysecret=/tmp/mysecret.txt
113+ cache-from : type=gha,scope=${{ matrix.container.name }}-pr
114+ cache-to : type=gha,mode=max,scope=${{ matrix.container.name }}-pr
115+
116+ - name : Verify Docker image was built
117+ run : |
118+ echo "Verifying Docker image was built successfully..."
119+ echo "Container: ${{ matrix.container.name }}"
120+ echo "Dockerfile: ${{ matrix.container.dockerfile }}"
121+ echo "Image tags: ${{ steps.meta.outputs.tags }}"
122+ echo "Image digest: ${{ steps.build.outputs.digest }}"
123+
124+ comment-pr-with-desktop-images :
125+ runs-on : ubuntu-latest
126+ needs : build-pr-desktop-containers
127+ steps :
128+ - name : Comment PR with desktop container info
129+ uses : actions/github-script@v7
130+ with :
131+ script : |
132+ const prNumber = context.issue.number;
133+ const runId = context.runId;
134+
135+ const comment = `🖥️ **Desktop Containers Built!**
136+
137+ Your PR changes have been built into desktop containers and pushed to GitHub Container Registry.
138+
139+ **🐳 Desktop Container Images:**
140+ - \`ghcr.io/${{ github.repository }}/wrongsecrets-desktop-pr:${{ github.event.number }}\`
141+ - \`ghcr.io/${{ github.repository }}/wrongsecrets-desktop-k8s-pr:${{ github.event.number }}\`
142+
143+ **🚀 Test the Desktop Environment:**
144+
145+ **Standard Desktop:**
146+ \`\`\`bash
147+ docker pull ghcr.io/${{ github.repository }}/wrongsecrets-desktop-pr:${{ github.event.number }}
148+ docker run -d -p 3000:3000 ghcr.io/${{ github.repository }}/wrongsecrets-desktop-pr:${{ github.event.number }}
149+ \`\`\`
150+
151+ **Kubernetes Desktop:**
152+ \`\`\`bash
153+ docker pull ghcr.io/${{ github.repository }}/wrongsecrets-desktop-k8s-pr:${{ github.event.number }}
154+ docker run -d -p 3000:3000 ghcr.io/${{ github.repository }}/wrongsecrets-desktop-k8s-pr:${{ github.event.number }}
155+ \`\`\`
156+
157+ Then visit: **http://localhost:3000**
158+
159+ **🔧 What's included:**
160+ - Full desktop environment with browser access
161+ - Pre-installed tools: Radare2, KeepassXC, AWS CLI, GDB, etc.
162+ - .NET 6.0 LTS (fixed segmentation fault issue)
163+ - All WrongSecrets challenge files and executables
164+ - Jupyter notebooks and analysis tools
165+
166+ **📝 Desktop-related changes in this PR:**
167+ - Fixed .NET installation segmentation fault by using .NET 6.0 LTS
168+ - Improved installation robustness and error handling
169+ - Removed problematic secret mount commands
170+ - Applied fixes to both desktop variants consistently
171+
172+ These containers are perfect for testing the .NET installation fix and ensuring all desktop tools work correctly.
173+
174+ ---
175+ <sub>Desktop containers built by GitHub Actions • PR #${prNumber}</sub>`;
176+
177+ github.rest.issues.createComment({
178+ issue_number: prNumber,
179+ owner: context.repo.owner,
180+ repo: context.repo.repo,
181+ body: comment
182+ });
0 commit comments