-
Notifications
You must be signed in to change notification settings - Fork 634
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
WIP: Change: Ci: following guidelines
- Loading branch information
1 parent
e2a5c9d
commit 69dcbe5
Showing
12 changed files
with
212 additions
and
125 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
name: "Build" | ||
|
||
on: [workflow_call] | ||
|
||
jobs: | ||
OpenVAS: | ||
runs-on: ubuntu-latest | ||
container: greenbone/gvm-libs:stable | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: install dependencies | ||
run: | | ||
sh .github/install-openvas-dependencies.sh | ||
- name: build | ||
run: | | ||
cmake -Bbuild -DCMAKE_C_COMPILER=/usr/share/clang/scan-build-14/libexec/ccc-analyzer | ||
scan-build -o ~/scan-build-report cmake --build build | ||
- name: Upload scan-build report | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: scan-build-report | ||
path: ~/scan-build-report/ | ||
retention-days: 7 | ||
OpenVAS_Daemon: | ||
uses: ./.github/workflows/build-rust.yml |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
name: "Linting" | ||
|
||
on: [workflow_call] | ||
|
||
jobs: | ||
OpenVAS: | ||
runs-on: ubuntu-latest | ||
container: greenbone/gvm-libs:stable | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: install dependencies | ||
run: | | ||
sh .github/install-openvas-dependencies.sh | ||
- name: Formatting | ||
run: | | ||
clang-format --dry-run --Werror -i -style=file {src,misc,nasl}/*.{c,h} | ||
- name: unit-tests | ||
run: | | ||
cmake -Bbuild -DCMAKE_BUILD_TYPE=Release | ||
CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test | ||
OpenVAS_Daemon: | ||
runs-on: ubuntu-latest | ||
defaults: | ||
run: | ||
working-directory: rust | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- run: sudo apt update && sudo apt-get install -y libpcap-dev | ||
- run: rustup update stable && rustup default stable || rustup default stable | ||
- run: cargo install cargo-audit | ||
- run: cargo install typos-cli | ||
- name: unit-tests | ||
run: cargo test --lib --tests --workspace | ||
- name: Clippy | ||
run: cargo clippy -- -D warnings | ||
- name: Audit | ||
run: cargo audit | ||
- run: typos | ||
- name: Formatting | ||
run: cargo fmt --check |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
name: "Scanner CI" | ||
|
||
on: | ||
push: | ||
branches: [ main] | ||
tags: ["v*"] | ||
pull_request: | ||
workflow_dispatch: | ||
repository_dispatch: | ||
|
||
jobs: | ||
build: | ||
uses: ./.github/workflows/build.yml | ||
linting: | ||
uses: ./.github/workflows/ci.yml | ||
smoketests: | ||
needs: [build] | ||
uses: ./.github/workflows/ci.yml |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
name: "Helm Push" | ||
|
||
on: [workflow_call] | ||
|
||
jobs: | ||
helm: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: greenbone/actions/helm-build-push@v3 | ||
if: github.event_name == 'workflow_dispatch' | ||
with: | ||
chart-name: openvasd | ||
registry: ${{ vars.IMAGE_REGISTRY }} | ||
registry-subpath: helm-charts/ | ||
registry-user: ${{ secrets.GREENBONE_BOT }} | ||
registry-token: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
name: Smoketests | ||
|
||
on: [workflow_call] | ||
# smoke test definition. | ||
# It depends on build.yml that is controlled via control.yml | ||
# | ||
jobs: | ||
OpenVAS_Daemon: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Start a local k8s cluster | ||
uses: jupyterhub/action-k3s-helm@v3 | ||
with: | ||
k3s-channel: latest | ||
metrics-enabled: false | ||
- name: deploy openvasd | ||
run: | | ||
cd rust/examples/tls/Self-Signed\ mTLS\ Method | ||
make delete deploy | ||
cd - | ||
helm uninstall openvasd --namespace openvasd|| true | ||
helm install --namespace openvasd --create-namespace openvasd charts/openvasd/ --values charts/openvasd/values.yaml --values charts/openvasd/mtls-wo-ingress.yaml | ||
kubectl rollout status --watch --timeout 600s deployment/openvasd --namespace openvasd | ||
echo "OPENVASD_SERVER=https://$(kubectl get svc -n openvasd | awk 'FNR == 2 {print $(3)}')" >> $GITHUB_ENV | ||
- name: smoketest | ||
working-directory: rust/smoketest | ||
env: | ||
SCAN_CONFIG: configs/simple_scan_ssh_only.json | ||
CLIENT_KEY: ../examples/tls/Self-Signed mTLS Method/client.rsa | ||
CLIENT_CERT: ../examples/tls/Self-Signed mTLS Method/client.pem | ||
run: | | ||
make build run | ||
- run: FEED_DIR="feed/" sh .github/prepare-feed.sh | ||
- uses: actions/download-artifact@v3 | ||
with: | ||
name: rs-binaries | ||
path: assets | ||
- run: mv assets/nasl-cli-x86_64-unknown-linux-gnu ./nasl-cli | ||
- run: chmod +x ./nasl-cli | ||
- name: verify syntax parsing | ||
run: ./nasl-cli syntax --quiet feed/ | ||
# find a way to include it... | ||
verify-feed-update: | ||
runs-on: ubuntu-latest | ||
needs: [build] | ||
container: | ||
# maybe better to use builder, build openvas to have | ||
# the version of this checkout rather than a dated official one? | ||
image: greenbone/openvas-scanner:unstable | ||
options: --privileged | ||
services: | ||
redis: | ||
image: redis | ||
options: >- | ||
--health-cmd "redis-cli ping" | ||
--health-interval 10s | ||
--health-timeout 5s | ||
--health-retries 5 | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- run: apt-get update && apt-get install -y docker.io | ||
- run: FEED_DIR="feed/" sh .github/prepare-feed.sh | ||
- uses: actions/download-artifact@v3 | ||
with: | ||
name: rs-binaries | ||
path: assets | ||
- run: mv assets/nasl-cli-x86_64-unknown-linux-gnu ./nasl-cli | ||
- run: mv assets/feed-verifier-x86_64-unknown-linux-gnu ./feed-verifier | ||
- name: prepare setup | ||
run: | | ||
install -m 755 feed-verifier /usr/local/bin/ | ||
install -m 755 nasl-cli /usr/local/bin/ | ||
echo "db_address = tcp://redis:6379" >> /etc/openvas/openvas.conf | ||
mv ./feed/* "$(openvas -s | grep plugins_folder | sed 's/plugins_folder = //')/" | ||
- run: openvas -s | ||
- run: feed-verifier || (cat /var/log/gvm/openvas.log && false) | ||
nasl-test: | ||
name: test | ||
runs-on: ubuntu-latest | ||
container: greenbone/gvm-libs:stable | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: install dependencies | ||
run: | | ||
sh .github/install-openvas-dependencies.sh | ||
- name: build openvas | ||
run: | | ||
cmake -Bbuild -DCMAKE_BUILD_TYPE=Release | ||
cmake --build build | ||
- name: redis | ||
run: | | ||
apt-get update && apt-get install --no-install-recommends --no-install-suggests -y redis | ||
mkdir /run/redis-openvas | ||
redis-server config/redis-openvas.conf || exit 1 | ||
- name: scripttests | ||
run: | | ||
mkdir -p /etc/openvas | ||
echo "db_address = /run/redis-openvas/redis.sock" >> /etc/openvas/openvas.conf | ||
cd nasl/tests | ||
OPENVAS_NASL=../../build/nasl/openvas-nasl make check | ||
- uses: actions/setup-go@v5 | ||
with: | ||
go-version: '>=1.16.0' | ||
- name: smoketest/lint | ||
run: | | ||
make build | ||
./run -e ../../build/nasl/openvas-nasl-lint | ||
working-directory: smoketest_lint |