TheHive-Project
diff --git a/‎.github/actions/get_code_version/action.yml‎
Lines changed: 21 additions & 0 deletions b/‎.github/actions/get_code_version/action.yml‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎.github/workflows/build.docker.yml‎
Lines changed: 120 additions & 0 deletions b/‎.github/workflows/build.docker.yml‎
Lines changed: 120 additions & 0 deletions
diff --git a/‎.github/workflows/build.packages.yml‎
Lines changed: 77 additions & 0 deletions b/‎.github/workflows/build.packages.yml‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 0 additions & 133 deletions b/‎.github/workflows/build.yml‎
Lines changed: 0 additions & 133 deletions
diff --git a/‎.github/workflows/check_code.yml‎
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/check_code.yml‎
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,21 @@
+---
+name: 'Get latest version of code'
+description: 'Simply run sbt command to get the latest app_version of code currently built'
+outputs:
+  app_version:
+    description: "App version number, like '5.2.1' for example"
+    value: ${{ steps.get_version.outputs.app_version }}
+runs:
+  using: "composite"
+  steps:
+    - uses: coursier/setup-action@v1
+      with:
+        jvm: corretto:11
+        apps: sbt
+    - name: Get app_version
+      id: get_version
+      shell: bash
+      run: |
+        V=$(sbt -no-colors --error "print version" | awk 'END{print $1}')
+        echo "app_version=$V"
+        echo "app_version=$V" >> $GITHUB_OUTPUT
@@ -0,0 +1,120 @@
+name: build.docker.image.dev
+on:
+  pull_request:
+    types:
+      - labeled
+  workflow_dispatch:
+  workflow_call:
+    outputs:
+      image_id:
+        description: "ImageId of the docker image"
+        value: ${{ jobs.build.outputs.image_id }}
+      image_digest:
+        description: "Digest of the image (sha256:xxx)"
+        value: ${{ jobs.build.outputs.image_digest }}
+      image_metadata:
+        description: "Metadata as json"
+        value: ${{ jobs.build.outputs.image_metadata }}
+      image_version:
+        description: "Version number of the Docker image"
+        value: ${{ jobs.build.outputs.image_version }}
+
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  prepare:
+    permissions:
+      actions: read
+      contents: write
+    runs-on: [ self-hosted, linux, domain=sb ]
+    outputs:
+      image_version: ${{ steps.get_version.outputs.version }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - uses: ./.github/actions/get_code_version
+        id: get_version
+
+  build:
+    if: ${{ github.event.label.name == 'docker:build' || github.event_name == 'workflow_dispatch' }}
+    needs:
+      - prepare
+    permissions:
+      actions: read
+      contents: read
+      packages: write
+    runs-on: [ self-hosted, linux, domain=sb ]
+    outputs:
+      image_id: ${{ steps.push.outputs.imageid }}
+      image_digest: ${{ steps.push.outputs.digest }}
+      image_metadata: ${{ steps.push.outputs.metadata }}
+      image_version: ${{ needs.prepare.outputs.image_version }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - uses: coursier/setup-action@v1
+        with:
+          jvm: corretto:11
+          apps: sbt
+
+      - run: keytool -import -noprompt -trustcacerts -alias StrangeBeeCA -file /etc/ssl/certs/strangebee-sb-caroot.pem -keystore $JAVA_HOME/lib/security/cacerts  -storepass changeit || true
+
+      - uses: actions/setup-node@v3
+        timeout-minutes: 15
+        continue-on-error: true
+        with:
+          node-version: 18.16
+
+      - name: Install bower
+        run: npm install -g bower
+
+      - name: Build packages
+        run: sbt Docker/stage
+
+      # I'm not really at ease with these tags
+      # to me "latest" should be set manually, through a tag, for now
+      # but further, it should "calculate" it, regarding the latest Docker image version available
+      # for exemple if latest available is 3.2.0-1 and the sbt command returns 3.2.1-1,
+      # then latest should apply
+      # Moreover, the -1 is VERY important, because it increases with the number of builds:
+      # - if a Docker image exists with tag 3.2.0-1, it should NOT be overidden but a new
+      # 3.2.0-2 should be created, and the -1 cleaned up later 
+      #####
+      # TODO: work on tagging
+      #
+      #
+      - name: Generate full docker tags
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            name=${{ vars.SB_GHCR }}/cortex
+          tags: |
+            type=raw,value=devel
+            type=raw,value=${{ needs.prepare.outputs.image_version }}
+          labels: |
+            org.opencontainers.image.title=cortex
+            org.opencontainers.image.description=a Powerful Observable Analysis and Active Response Engine
+            org.opencontainers.image.vendor=StrangeBee
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push docker image
+        uses: docker/build-push-action@v3
+        id: push
+        with:
+          context: target/docker/stage
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
@@ -0,0 +1,77 @@
+name: Build packages
+on:
+  push:
+    tags: ["*"]
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup node
+        uses: actions/setup-node@v3
+        timeout-minutes: 15
+        continue-on-error: true
+        with:
+          node-version: 18.16
+      - name: Install bower
+        run: npm install -g bower
+      - name: Import PGP Key
+        run: |
+          export GPG_TTY=$(tty)
+          gpg --batch --import - <<< $PGP_KEY
+        env:
+          PGP_KEY: ${{ secrets.PGP_KEY }}
+      - name: Write version
+        id: version
+        run: |
+          V=$(sbt -no-colors --error "print version" | awk 'END{print $1}')
+          echo "version=$V"
+          echo "version=$V" >> $GITHUB_OUTPUT
+      - name: Build packages
+        run: ./sbt Debian/packageBin Rpm/packageBin Universal/packageBin makeBom
+      - name: Move packages
+        run: |
+          mv target/rpm/RPMS/noarch/cortex*.rpm target/
+          mv target/universal/cortex*.zip target/
+
+      - name: Make github release
+        if: github.ref_type == 'tag'
+        uses: "softprops/action-gh-release@v1"
+        id: make-release
+        with:
+          generate_release_notes: true
+          files: |
+            target/cortex*.deb
+            target/cortex*.rpm
+            target/cortex*.zip
+            target/cortex*.bom.xml
+
+      - name: Store artifacts
+        if: github.ref_type != 'tag'
+        uses: actions/upload-artifact@v4
+        with:
+          name: packages
+          path: |
+            target/cortex*.deb
+            target/cortex*.rpm
+            target/cortex*.zip
+            target/cortex*.bom.xml
+          retention-days: 5
+
+  notify:
+    needs: [ build ]
+    runs-on: [ ubuntu-latest ]
+    if: always()
+    steps:
+      - name: Slack notification
+        uses: Gamesight/slack-workflow-status@master
+        with:
+          repo_token: ${{secrets.GITHUB_TOKEN}}
+          slack_webhook_url: ${{secrets.SLACK_WEBHOOK_URL}}
+          channel: "#ci-cortex"
+          name: Cortex build
+          include_commit_message: true
+          include_jobs: true
@@ -10,6 +10,10 @@ jobs:
     runs-on: [ ubuntu-latest  ]
     steps:
       - uses: actions/checkout@v3
+      - uses: coursier/setup-action@v1
+        with:
+          jvm: corretto:11
+          apps: sbt
       - name: Setup node
         uses: actions/setup-node@v3
         timeout-minutes: 15