diff --git a/.github/install-openvas-dependencies.sh b/.github/install-openvas-dependencies.sh index afbbbf223..d8ba36c9e 100755 --- a/.github/install-openvas-dependencies.sh +++ b/.github/install-openvas-dependencies.sh @@ -10,6 +10,7 @@ apt-get update && apt-get install --no-install-recommends --no-install-suggests clang-tools \ cmake \ curl \ + git \ lcov \ libgnutls28-dev \ libgpgme-dev \ @@ -28,6 +29,7 @@ apt-get update && apt-get install --no-install-recommends --no-install-suggests libpopt0 \ libcurl4 \ libcurl4-gnutls-dev \ + libhiredis0.14 \ && rm -rf /var/lib/apt/lists/* curl -L -o cgreen.tar.gz https://github.com/cgreen-devs/cgreen/archive/refs/tags/1.6.2.tar.gz -k diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 000000000..afd702428 --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,92 @@ +# Continuous Integration Workflow Documentation + +This document outlines the Continuous Integration (CI) pipeline, detailing how to trigger releases and the specific roles of various jobs within the workflow. + +## Release Trigger Process + +To initiate a release, navigate to `Actions -> CI` in the GitHub repository, and click on `Run workflow`. Choose from the following options: +- `major`: For a major release with incompatible changes. +- `minor`: For a minor release introducing new features. +- `patch`: For a patch release focusing on bug fixes and minor improvements. +- `no_release`: To run the pipeline without releasing, updating the edge image. + +## Jobs Overview + +The CI pipeline incorporates multiple jobs, each with a specific function in the development lifecycle. + +### 1. Initialization (`init`) + +If the initialization fails it will prevent further execution of `build`. + +- **Purpose**: Sets the release type based on the input or event that triggered the workflow. +- **Workflow File**: `init.yaml` + +### 2. Unit Tests (`unittests`) +- **Purpose**: Executes unit tests to validate code changes. +- **Workflow File**: `tests.yml` + +If the unit tests fails it will prevent further execution of `build`. + +### 3. Build (`build`) +- **Purpose**: Compiles and builds the project, preparing it for testing and deployment. +- **Dependencies**: Requires successful completion of `unittests`. +- **Workflow File**: `build.yml` + + +If the build fails it will prevent further execution of `functional`. + +### 4. Linting (`linting`) +- **Purpose**: Ensures code quality and consistency through linting. +- **Workflow File**: `linting.yml` + +If linting fails it will not prevent execution of the other steps, as it may be that newer versions of the used tooling finds new linting issues that are not affecting the binary as much. + + +### 5. Functional Testing (`functional`) +- **Purpose**: Conducts functional tests on the build. +- **Dependencies**: Needs a successful `build`. +- **Workflow File**: `functional.yaml` + +If the functional tests fail it will prevent further execution of `containerization`. + +### 6. Containerization +- **Purpose**: Packages the build into Docker containers. +- **Jobs**: + - **Container**: Uses `push-container.yml`. + - **Container Testing**: Uses `push-container-testing.yml`. + - **Container Oldstable**: Uses `push-container-oldstable.yml`. +- **Dependencies**: Depends on `build`, `init`, and `functional`. + +If the `containerization` fails the smoketests cannot be executed. + +### 7. Smoke Tests (`smoketests`) +- **Purpose**: Conducts tests on helm chart based on the previously pushed docker image. +- **Conditions**: Excluded during pull request events. +- **Dependencies**: Relies on `container`, `build`, and `init`. +- **Workflow File**: `smoketest.yaml` + +If the smoketests fail the helm chart will not be updated and releases be prevented. + + +### 8. Helm Chart Deployment (`helm`) +- **Purpose**: Deploys Helm chart, assuming `IMAGE_REGISTRY` is configured. +- **Conditions**: Triggered if `IMAGE_REGISTRY` is set. +- **Dependencies**: Depends on `smoketests`, `container`, `build`, and `init`. +- **Workflow File**: `push-helm-chart.yml` + +### 9. Release (`release`) +- **Purpose**: Handles the release process for different version types. +- **Conditions**: Activated based on the release type set in `init`. +- **Dependencies**: Requires `smoketests`, `container`, `build`, and `init`. +- **Workflow File**: `release.yml` + +## Secrets and Authentication + +The CI workflow employs GitHub secrets for secure authentication and interaction with external services such as DockerHub. + +### Utilized Secrets +- **DOCKERHUB_USERNAME**: DockerHub username. +- **DOCKERHUB_TOKEN**: Token for DockerHub with write access to the registry. +- **GREENBONE_BOT_TOKEN**: Token for Helm chart registry and GitHub repository operations. +- **GREENBONE_BOT**: Username for git commits. +- **GREENBONE_BOT_MAIL**: Email address for git commits. diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml deleted file mode 100644 index 5526873f9..000000000 --- a/.github/workflows/build-container.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Build Container - -on: - push: - branches: [ main, stable, oldstable, middleware ] - tags: ["v*"] - paths: - - .github/workflows/build-container.yml - - .docker/build.Dockerfile - pull_request: - branches: [ main, stable, oldstable, middleware ] - paths: - - .github/workflows/build-container.yml - - .docker/build.Dockerfile - workflow_dispatch: - repository_dispatch: - schedule: - # rebuild image every sunday - - cron: "0 0 * * 0" - -jobs: - build: - name: "Upload images for building openvas-scanner" - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup container meta information - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ github.repository }}-build - labels: | - org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=greenbone/gvm-libs - flavor: latest=false # no latest container tag for git tags - tags: | - # create container tag for git tags - type=ref,event=tag - type=ref,event=pr - # use latest for stable branch - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} - type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} - type=raw,value=oldstable,enable=${{ github.ref == format('refs/heads/{0}', 'oldstable') }} - # use unstable for main branch - type=raw,value=unstable,enable={{is_default_branch}} - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - run: echo "Build and push ${{ steps.meta.outputs.tags }}" - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Build and push - uses: docker/build-push-action@v5 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - file: .docker/build.Dockerfile - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/build-rust.yml b/.github/workflows/build.yml similarity index 73% rename from .github/workflows/build-rust.yml rename to .github/workflows/build.yml index e354d7175..e0a3fceaa 100644 --- a/.github/workflows/build-rust.yml +++ b/.github/workflows/build.yml @@ -1,27 +1,24 @@ -name: "rs-build" +name: "Build" on: [workflow_call] -# This job builds the targets for x86_64 as well as aarch64. It is intented to -# be included in the other jobs by calling: -# ``` -# jobs: -# name: -# uses: ./.github/workflows/build-rust.yml -# ``` -# -# It saves the binaris: -# - nasl-cli -# - feed-verofier -# -# as rs-binaries. -# jobs: - build: + C: + runs-on: ubuntu-latest + container: greenbone/gvm-libs:stable + steps: + - uses: actions/checkout@v4 + - name: install dependencies + run: | + sh .github/install-openvas-dependencies.sh + - name: build + run: | + cmake -Bbuild -DCMAKE_C_COMPILER=/usr/share/clang/scan-build-14/libexec/ccc-analyzer + cmake --build build + Rust: runs-on: "ubuntu-latest" steps: - uses: actions/checkout@v4 - # create branch of version - uses: actions/cache@v3 with: path: | @@ -47,12 +44,14 @@ jobs: patchelf --replace-needed libz.so libz.so.1 target/aarch64-unknown-linux-gnu/release/nasl-cli patchelf --replace-needed libz.so libz.so.1 target/x86_64-unknown-linux-gnu/release/nasl-cli - run: mkdir assets/ - - run: mv rust/target/aarch64-unknown-linux-gnu/release/openvasd assets/openvasd-aarch64-unknown-linux-gnu - - run: mv rust/target/x86_64-unknown-linux-gnu/release/openvasd assets/openvasd-x86_64-unknown-linux-gnu - - run: mv rust/target/aarch64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-aarch64-unknown-linux-gnu - - run: mv rust/target/x86_64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-x86_64-unknown-linux-gnu - - run: mv rust/target/aarch64-unknown-linux-gnu/release/feed-verifier assets/feed-verifier-aarch64-unknown-linux-gnu - - run: mv rust/target/x86_64-unknown-linux-gnu/release/feed-verifier assets/feed-verifier-x86_64-unknown-linux-gnu + - run: mkdir -p assets/linux/amd64 + - run: mkdir -p assets/linux/arm64 + - run: mv rust/target/aarch64-unknown-linux-gnu/release/openvasd assets/linux/arm64/openvasd + - run: mv rust/target/x86_64-unknown-linux-gnu/release/openvasd assets/linux/amd64/openvasd + - run: mv rust/target/aarch64-unknown-linux-gnu/release/nasl-cli assets/linux/arm64/nasl-cli + - run: mv rust/target/x86_64-unknown-linux-gnu/release/nasl-cli assets/linux/amd64/nasl-cli + - run: mv rust/target/aarch64-unknown-linux-gnu/release/feed-verifier assets/linux/arm64/feed-verifier + - run: mv rust/target/x86_64-unknown-linux-gnu/release/feed-verifier assets/linux/amd64/feed-verifier - name: archive uses: actions/upload-artifact@v3 with: diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml deleted file mode 100644 index d605f9edd..000000000 --- a/.github/workflows/build_and_test.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: "openvas-c" - -on: - push: - branches: [ main, stable ] - pull_request: - branches: [ main, stable ] - -jobs: - formatting: - runs-on: ubuntu-latest - steps: - - name: Check out openvas-scanner - uses: actions/checkout@v4 - - name: Check Source Format - run: | - clang-format -i -style=file {src,misc,nasl}/*.{c,h} - git diff --exit-code - compile: - runs-on: ubuntu-latest - strategy: - matrix: - # With the upcoming changes, we require both downwards and upwards compatibility between the OpenVAS C - # code and GVM-libs. This is because, even though we will be using semantic versioning, as long as - # OpenVAS and GVM-libs remain separate repositories, we want to be notified of every change. - gvm-libs-version: - - stable - - unstable - container: greenbone/gvm-libs:${{ matrix.gvm-libs-version }} - steps: - - uses: actions/checkout@v4 - - name: install dependencies - run: | - sh .github/install-openvas-dependencies.sh - - name: Configure and Scan Build - run: | - cmake -Bbuild -DCMAKE_C_COMPILER=/usr/share/clang/scan-build-14/libexec/ccc-analyzer - scan-build -o ~/scan-build-report cmake --build build - - name: Upload scan-build report - uses: actions/upload-artifact@v3 - with: - name: scan-build-report - path: ~/scan-build-report/ - retention-days: 7 - unit-tests: - runs-on: ubuntu-latest - strategy: - matrix: - gvm-libs-version: - - stable - - unstable - container: greenbone/gvm-libs:${{ matrix.gvm-libs-version }} - steps: - - uses: actions/checkout@v4 - - name: install dependencies - run: | - sh .github/install-openvas-dependencies.sh - - name: unit-tests - run: | - cmake -Bbuild -DCMAKE_BUILD_TYPE=Release - CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test diff --git a/.github/workflows/codeql-analysis-c.yml b/.github/workflows/codeql.yml similarity index 75% rename from .github/workflows/codeql-analysis-c.yml rename to .github/workflows/codeql.yml index 2d4a2524e..13f7a303e 100644 --- a/.github/workflows/codeql-analysis-c.yml +++ b/.github/workflows/codeql.yml @@ -2,9 +2,9 @@ name: "CodeQL" on: push: - branches: [ main, oldstable, stable, middleware ] + branches: [ main ] pull_request: - branches: [ main, oldstable, stable, middleware ] + branches: [ main ] schedule: - cron: '30 5 * * 0' # 5:30h on Sundays @@ -16,12 +16,7 @@ jobs: actions: read contents: read security-events: write - container: greenbone/gvm-libs:unstable - - strategy: - fail-fast: false - matrix: - language: [ 'c' ] + container: greenbone/gvm-libs:edge steps: - name: Checkout repository @@ -32,7 +27,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: ${{ matrix.language }} + languages: 'c' # build between init and analyze ... - name: Configure and Compile openvas-scanner run: | diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml deleted file mode 100644 index 055538acb..000000000 --- a/.github/workflows/container.yml +++ /dev/null @@ -1,155 +0,0 @@ -name: Container - -on: - push: - branches: [main, stable, oldstable, middleware] - tags: ["v*"] - pull_request: - branches: [main, stable, oldstable, middleware] - workflow_dispatch: - repository_dispatch: - -jobs: - rs-build-binaries: - uses: ./.github/workflows/build-rust.yml - - production-image: - runs-on: ubuntu-latest - needs: [rs-build-binaries] - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: "set IS_VERSION_TAG" - run: | - echo "IS_VERSION_TAG=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}" >> $GITHUB_ENV - # set defaults - echo "IS_LATEST_TAG=false" >> $GITHUB_ENV - - name: "set IS_LATEST_TAG" - if: ( env.IS_VERSION_TAG ) - run: | - # find the latest version that is not ourself - export LATEST_VERSION=$(git tag -l | grep -v '${{ github.ref_name }}' | sort -r --version-sort) - # get major minor patch versions - IFS='.' read -r latest_major latest_minor latest_patch << EOF - $LATEST_VERSION - EOF - IFS='.' read -r tag_major tag_minor tag_patch << EOF - ${{ github.ref_name }} - EOF - # remove leading v - latest_major=$(echo $latest_major | cut -c2-) - tag_major=$(echo $tag_major | cut -c2-) - echo "$tag_major >= $latest_major" - if [[ $tag_major -ge $latest_major && ($tag_minor -ne 0 || $tag_patch -ne 0) ]]; then - # set this tag to latest and stable - echo "IS_LATEST_TAG=true" >> $GITHUB_ENV - fi - - name: "Setup meta information (IS_VERSION_TAG: ${{ env.IS_VERSION_TAG }}, IS_LATEST_TAG: ${{ env.IS_LATEST_TAG }} )" - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ github.repository }} - labels: | - org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=greenbone/gvm-libs - flavor: latest=false # no auto latest container tag for git tags - tags: | - # when IS_LATEST_TAG is set create a stable and a latest tag - type=raw,value=latest,enable=${{ env.IS_LATEST_TAG }} - type=raw,value=stable,enable=${{ env.IS_LATEST_TAG }} - # if tag version is set than create a version tags - type=semver,pattern={{version}},enable=${{ env.IS_VERSION_TAG }} - type=semver,pattern={{major}}.{{minor}},enable=${{ env.IS_VERSION_TAG }} - type=semver,pattern={{major}},enable=${{ env.IS_VERSION_TAG }} - # if we are on the main branch set edge - type=edge,branch=main - # use branch-sha otherwise for pushes to branches other then main (will not be uploaded) - type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} - # use pr-$PR_ID for pull requests (will not be uploaded) - type=ref,event=pr - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - uses: actions/download-artifact@v3 - with: - name: rs-binaries - path: assets - - run: mkdir -p assets/linux/amd64 - - run: mkdir -p assets/linux/arm64 - - run: mv assets/openvasd-aarch64-unknown-linux-gnu assets/linux/arm64/openvasd - - run: mv assets/openvasd-x86_64-unknown-linux-gnu assets/linux/amd64/openvasd - - run: mv assets/nasl-cli-aarch64-unknown-linux-gnu assets/linux/arm64/nasl-cli - - run: mv assets/nasl-cli-x86_64-unknown-linux-gnu assets/linux/amd64/nasl-cli - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Build and push - uses: docker/build-push-action@v5 - with: - context: . - push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} - file: .docker/prod.Dockerfile - build-args: | - REPOSITORY=${{ github.repository }} - platforms: linux/amd64,linux/aarch64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: "Setup meta information debian:oldstable" - id: old_stable_meta - uses: docker/metadata-action@v5 - with: - images: ${{ github.repository }} - labels: | - org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=greenbone/gvm-libs - flavor: latest=false # no auto latest container tag for git tags - tags: | - # for the images provided for debian:oldstable we just provide - # oldstable on an new version or oldstable-edge when it is on main. - # oldstable-branch-sha on a branch - type=raw,value=oldstable,enable=${{ env.IS_LATEST_TAG }} - type=raw,value=oldstable-edge,enable=${{ github.ref_name == 'main' }} - type=raw,value=oldstable-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} - type=ref,event=pr - - name: Build and push Container image - uses: docker/build-push-action@v5 - with: - context: . - push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} - file: .docker/prod-oldstable.Dockerfile - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.old_stable_meta.outputs.tags }} - labels: ${{ steps.old_stable_meta.outputs.labels }} - - - name: "Setup meta information debian:testing" - id: test_meta - uses: docker/metadata-action@v5 - with: - images: ${{ github.repository }} - labels: | - org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=greenbone/gvm-libs - flavor: latest=false # no auto latest container tag for git tags - tags: | - # for the images provided for debian:testing we just provide - # testing on an new version or testing-edge when it is on main. - # testing-branch-sha on a branch - type=raw,value=testing,enable=${{ env.IS_LATEST_TAG }} - type=raw,value=testing-edge,enable=${{ github.ref_name == 'main' }} - type=raw,value=testing-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} - type=ref,event=pr - - name: Build and push Container image - uses: docker/build-push-action@v5 - with: - context: . - push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} - file: .docker/prod-testing.Dockerfile - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.test_meta.outputs.tags }} - labels: ${{ steps.test_meta.outputs.labels }} diff --git a/.github/workflows/control.yml b/.github/workflows/control.yml new file mode 100644 index 000000000..2cd452804 --- /dev/null +++ b/.github/workflows/control.yml @@ -0,0 +1,104 @@ +name: CI + +on: + workflow_dispatch: + inputs: + release: + description: "Use 'major' for incompatible changes, 'minor' for new features, and 'patch' for fixes or 'no_release' to trigger the pipeline without doing a release." + type: choice + options: + - "no_release" + - "major" + - "minor" + - "patch" + required: true + default: "no_release" + push: + branches: [ main] + tags: ["v*"] + pull_request: + repository_dispatch: + schedule: + # rebuild image every sunday + - cron: "0 0 * * 0" + +jobs: + # sets the release kind when it wasn't triggered by an workflow dispatch + # this prevents us from having to pass down all labels, event_name, etc + # to init.yml + init: + uses: ./.github/workflows/init.yaml + with: + release: ${{ inputs.release }} + unittests: + name: unit-tests + uses: ./.github/workflows/tests.yml + build: + needs: [unittests] + uses: ./.github/workflows/build.yml + linting: + uses: ./.github/workflows/linting.yml + functional: + needs: [build] + uses: ./.github/workflows/functional.yaml + container: + needs: [build, init, functional] + uses: ./.github/workflows/push-container.yml + secrets: + dockerhub_user: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN}} + with: + is_latest_tag: ${{needs.init.outputs.docker_build_is_latest}} + is_version_tag: ${{needs.init.outputs.docker_build_is_version }} + container-testing: + name: container + needs: [init, build ] + uses: ./.github/workflows/push-container-testing.yml + secrets: + dockerhub_user: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN}} + with: + is_latest_tag: ${{needs.init.outputs.docker_build_is_latest}} + is_version_tag: ${{needs.init.outputs.docker_build_is_version}} + container-oldstable: + name: container + needs: [init, build ] + uses: ./.github/workflows/push-container-oldstable.yml + secrets: + dockerhub_user: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN}} + with: + is_latest_tag: ${{needs.init.outputs.docker_build_is_latest}} + is_version_tag: ${{needs.init.outputs.docker_build_is_version}} + smoketests: + # on a PR we don't push container, therefore this can be skipped + if: github.event_name != 'pull_request' + needs: [container, init] + uses: ./.github/workflows/smoketest.yaml + with: + docker_repo: ${{ github.repository }} + docker_tag: ${{needs.init.outputs.docker_test_tag}} + helm: + needs: [smoketests] + if: vars.IMAGE_REGISTRY != '' + uses: ./.github/workflows/push-helm-chart.yml + secrets: + user: ${{ secrets.GREENBONE_BOT }} + token: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }} + with: + registry: ${{ vars.IMAGE_REGISTRY }} + release: + needs: [smoketests, init] + if: ( needs.init.outputs.release_kind == 'major' || needs.init.output.release_kind == 'minor' || needs.init.output.release_kind == 'patch' ) + + uses: ./.github/workflows/release.yml + with: + new_version: ${{ needs.init.outputs.release_new_version }} + latest_version: ${{ needs.init.outputs.release_latest_version }} + release_kind: ${{ needs.init.outputs.release_kind }} + release_ref: ${{ needs.init.outputs.release_ref }} + project: ${{ needs.init.outputs.release_project }} + secrets: + token: ${{ secrets.GREENBONE_BOT_TOKEN }} + name: ${{ secrets.GREENBONE_BOT }} + email: ${{ secrets.GREENBONE_BOT_MAIL }} diff --git a/.github/workflows/functional.yaml b/.github/workflows/functional.yaml new file mode 100644 index 000000000..17ae7d98f --- /dev/null +++ b/.github/workflows/functional.yaml @@ -0,0 +1,64 @@ +name: functional + +on: + workflow_call: + +# smoke test definition. +# It depends on build.yml that is controlled via control.yml +# +jobs: + # TESTS that are possible before pushing an image + tests: + runs-on: ubuntu-latest + services: + redis: + image: redis + options: >- + --health-cmd "redis-cli ping" + --health-interval 10s + --health-timeout 5s + --health-retries 5 + container: + image: greenbone/gvm-libs:stable + options: --privileged + steps: + - uses: actions/checkout@v4 + - name: install dependencies + run: | + sh .github/install-openvas-dependencies.sh + - name: install openvas + run: | + cmake -Bbuild -DCMAKE_BUILD_TYPE=Release + cmake --build build -- install + - uses: actions/download-artifact@v3 + with: + name: rs-binaries + path: assets + - name: prepare setup + run: | + apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \ + docker.io + FEED_DIR="feed/" sh .github/prepare-feed.sh + install -m 755 assets/linux/amd64/feed-verifier /usr/local/bin/ + install -m 755 assets/linux/amd64/nasl-cli /usr/local/bin/ + echo "db_address = tcp://redis:6379" >> /etc/openvas/openvas.conf + # TODO export as env variable + mv ./feed/* "$(openvas -s | grep plugins_folder | sed 's/plugins_folder = //')/" + - run: openvas -s + - name: verify feed syntax + run: nasl-cli syntax --quiet "$(openvas -s | grep plugins_folder | sed 's/plugins_folder = //')/" + - name: verify feed update + run: feed-verifier || (cat /var/log/gvm/openvas.log && false) + - name: verify nasl tests + run: | + mkdir -p /etc/openvas + cd nasl/tests + make check + - uses: actions/setup-go@v5 + with: + go-version: '>=1.16.0' + - name: verify lint + run: | + make build + ./run -e openvas-nasl-lint + working-directory: smoketest_lint diff --git a/.github/workflows/init.yaml b/.github/workflows/init.yaml new file mode 100644 index 000000000..7a2c49940 --- /dev/null +++ b/.github/workflows/init.yaml @@ -0,0 +1,149 @@ +name: Initialize + +on: + workflow_call: + inputs: + release: + type: string + outputs: + docker_build_is_latest: + description: "Is used to set the tags latest and stable" + value: ${{ jobs.init.outputs.is_latest_tag }} + docker_build_is_version: + description: "Is used to set the version tags: major, major-minor, major-minor-patch" + value: ${{ jobs.init.outputs.is_version_tag }} + docker_test_tag: + description: "Is used to smoke test the latest push image" + value: ${{ jobs.init.outputs.docker_tag }} + release_new_version: + description: "new_version, is a release information" + value: ${{ jobs.init.outputs.new_version }} + release_latest_version: + description: "latest_version, is a release information" + value: ${{ jobs.init.outputs.latest_version }} + release_kind: + description: "release_kind, is a release information" + value: ${{ jobs.init.outputs.release_kind }} + release_ref: + description: "release_ref, is a release information" + value: ${{ jobs.init.outputs.release_ref }} + release_project: + description: "The name of the project to be released" + value: ${{ jobs.init.outputs.project }} + +jobs: + init: + runs-on: ubuntu-latest + outputs: + is_latest_tag: ${{ steps.version.outputs.is_latest_tag }} + is_version_tag: ${{ steps.version.outputs.is_version_tag }} + docker_tag: ${{ steps.version.outputs.docker_tag }} + new_version: ${{ steps.version.outputs.new_version }} + latest_version: ${{ steps.version.outputs.latest_version }} + release_kind: ${{ steps.version.outputs.release_kind }} + release_ref: ${{ steps.version.outputs.release_ref }} + project: ${{ steps.version.outputs.project}} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "set IS_VERSION_TAG" + run: | + echo "IS_VERSION_TAG=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}" >> $GITHUB_ENV + # set defaults + echo "IS_LATEST_TAG=false" >> $GITHUB_ENV + - name: "set IS_LATEST_TAG" + if: ( env.IS_VERSION_TAG == 'true' ) + run: | + # find the latest version that is not ourself + export LATEST_VERSION=$(git tag -l | grep -v '${{ github.ref_name }}' | sort -r --version-sort | head -n 1) + # get major minor patch versions + IFS='.' read -r latest_major latest_minor latest_patch << EOF + $LATEST_VERSION + EOF + IFS='.' read -r tag_major tag_minor tag_patch << EOF + ${{ github.ref_name }} + EOF + # remove leading v + latest_major=$(echo $latest_major | cut -c2-) + tag_major=$(echo $tag_major | cut -c2-) + echo "$tag_major >= $latest_major" + if [[ $tag_major -ge $latest_major && ($tag_minor -ne 0 || $tag_patch -ne 0) ]]; then + # set this tag to latest and stable + echo "IS_LATEST_TAG=true" >> $GITHUB_ENV + fi + echo "VERSION=$tag_major.$tag_minor.$tag_patch" >> $GITHUB_ENV + - name: "set DOCKER_TAG = edge" + if: ( env.IS_VERSION_TAG != 'true' ) + run: | + echo "DOCKER_TAG=edge" >> $GITHUB_ENV + - name: "set DOCKER_TAG = ${{ env.VERSION }}" + if: ( env.IS_VERSION_TAG == 'true' ) + run: | + echo "DOCKER_TAG=$VERSION" >> $GITHUB_ENV + + - name: "set KIND = no_release" + run: echo "KIND=no_release" >> $GITHUB_ENV + - name: "override KIND = ${{ inputs.release }}" + if: github.event_name == 'workflow_dispatch' + run: echo "KIND=${{ inputs.release }}" >> $GITHUB_ENV + - name: "override KIND = major" + if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'major_release') + run: echo "KIND=major" >> $GITHUB_ENV + - name: "override KIND = minor" + if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'minor_release') + run: echo "KIND=minor" >> $GITHUB_ENV + - name: "override KIND = patch" + if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'patch_release') + run: echo "KIND=patch" >> $GITHUB_ENV + - name: "set RELEASE_REF = ${{ github.ref_name }}" + if: github.base_ref == '' + run: echo "RELEASE_REF=${{ github.ref_name }}" >> $GITHUB_ENV + - name: "set RELEASE_REF = ${{ github.base_ref }}" + if: github.base_ref != '' + run: echo "RELEASE_REF=${{ github.base_ref }}" >> $GITHUB_ENV + - name: RELEASE_REF != NULL + run: ([ -n "${{ env.RELEASE_REF }}" ]) + + - name: "LATEST_VERSION" + if: inputs.release != 'no_release' + run: | + git tag + if [[ "${{ env.RELEASE_REF }}" = "main" ]]; then + echo "LATEST_VERSION=$(git tag | grep "^v" | sed 's/^v//' | sort --version-sort | tail -n 1)" >> $GITHUB_ENV + else + echo "LATEST_VERSION=$(git tag | grep "^v${{ env.RELEASE_REF }}" | sed 's/^v//' | sort --version-sort | tail -n 1)" >> $GITHUB_ENV + fi + - name: "default LATEST_VERSION" + run: | + # default to 0.1.0 when there is no previous tag and on main branch + if ([[ -z "${{ env.LATEST_VERSION }}" ]] && [[ "${{ env.RELEASE_REF }}" = "main" ]]); then + echo "LATEST_VERSION=0.1.0" >> $GITHUB_ENV + fi + + - name: LATEST_VERSION != NULL + if: env.KIND != 'no_release' + run: ([ -n "${{ env.LATEST_VERSION }}" ]) + - name: RELEASE_KIND != NULL + run: ([ -n "${{ env.KIND }}" ]) + - name: "NEW_VERSION" + if: env.KIND != 'no_release' + run: | + echo "NEW_VERSION=$(sh .github/enhance_version.sh ${{ env.LATEST_VERSION }} ${{ env.KIND }})" >> $GITHUB_ENV + - name: NEW_VERSION != NULL + if: env.KIND != 'no_release' + run: ([ -n "${{ env.NEW_VERSION }}" ]) + - name: set output + id: version + run: | + # release + echo "latest_version=${{ env.LATEST_VERSION }}">> "$GITHUB_OUTPUT" + echo "new_version=${{ env.NEW_VERSION }}">> "$GITHUB_OUTPUT" + echo "release_kind=${{ env.KIND }}">> "$GITHUB_OUTPUT" + echo "release_ref=${{ env.RELEASE_REF }}">> "$GITHUB_OUTPUT" + echo "project=$(echo "${{ github.repository }}" | sed 's/.*\///' )" >> "$GITHUB_OUTPUT" + # docker + echo "is_latest_tag=${{ env.IS_LATEST_TAG }}">> "$GITHUB_OUTPUT" + echo "is_version_tag=${{ env.IS_VERSION_TAG }}">> "$GITHUB_OUTPUT" + echo "docker_tag=${{ env.DOCKER_TAG }}">> "$GITHUB_OUTPUT" diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml new file mode 100644 index 000000000..1cdf56996 --- /dev/null +++ b/.github/workflows/linting.yml @@ -0,0 +1,32 @@ +name: "Linting" + +on: [workflow_call] + +jobs: + C: + runs-on: ubuntu-latest + steps: + - name: Check out openvas-scanner + uses: actions/checkout@v4 + - name: Formatting + run: | + clang-format -i -style=file {src,misc,nasl}/*.{c,h} + git diff --exit-code + Rust: + runs-on: ubuntu-latest + defaults: + run: + working-directory: rust + steps: + - uses: actions/checkout@v4 + - run: sudo apt update && sudo apt-get install -y libpcap-dev + - run: rustup update stable && rustup default stable || rustup default stable + - run: cargo install cargo-audit + - run: cargo install typos-cli + - name: Clippy + run: cargo clippy -- -D warnings + - name: Audit + run: cargo audit + - run: typos + - name: Formatting + run: cargo fmt --check diff --git a/.github/workflows/nasl.yml b/.github/workflows/nasl.yml deleted file mode 100644 index c1599250f..000000000 --- a/.github/workflows/nasl.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "NASL" - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -jobs: - nasl-test: - name: test - runs-on: ubuntu-latest - container: greenbone/gvm-libs:unstable - steps: - - uses: actions/checkout@v4 - - name: install dependencies - run: | - sh .github/install-openvas-dependencies.sh - - name: build openvas - run: | - cmake -Bbuild -DCMAKE_BUILD_TYPE=Release - cmake --build build - - name: redis - run: | - apt-get update && apt-get install --no-install-recommends --no-install-suggests -y redis - mkdir /run/redis-openvas - redis-server config/redis-openvas.conf || exit 1 - - name: scripttests - run: | - mkdir -p /etc/openvas - echo "db_address = /run/redis-openvas/redis.sock" >> /etc/openvas/openvas.conf - cd nasl/tests - OPENVAS_NASL=../../build/nasl/openvas-nasl make check - - uses: actions/setup-go@v5 - with: - go-version: '>=1.16.0' - - name: smoketest/lint - run: | - make build - ./run -e ../../build/nasl/openvas-nasl-lint - working-directory: smoketest_lint diff --git a/.github/workflows/push-container-oldstable.yml b/.github/workflows/push-container-oldstable.yml new file mode 100644 index 000000000..ba4fc0e70 --- /dev/null +++ b/.github/workflows/push-container-oldstable.yml @@ -0,0 +1,61 @@ +name: Container + +on: + workflow_call: + inputs: + is_latest_tag: + required: true + type: string + is_version_tag: + required: true + type: string + secrets: + dockerhub_user: + required: true + dockerhub_token: + required: true + +jobs: + debian_oldstable: + name: debian:oldstable + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/download-artifact@v3 + with: + name: rs-binaries + path: assets + - name: "Set labels and tags" + id: old_stable_meta + uses: docker/metadata-action@v5 + with: + images: ${{ github.repository }} + labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=greenbone/gvm-libs + flavor: latest=false # no auto latest container tag for git tags + tags: | + # for the images provided for debian:oldstable we just provide + # oldstable on an new version or oldstable-edge when it is on main. + # oldstable-branch-sha on a branch + type=raw,value=oldstable,enable=${{ inputs.is_latest_tag }} + type=raw,value=oldstable-edge,enable=${{ github.ref_name == 'main' }} + type=raw,value=oldstable-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} + type=ref,event=pr + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.dockerhub_user }} + password: ${{ secrets.dockerhub_token }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} + file: .docker/prod-oldstable.Dockerfile + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.old_stable_meta.outputs.tags }} + labels: ${{ steps.old_stable_meta.outputs.labels }} diff --git a/.github/workflows/push-container-testing.yml b/.github/workflows/push-container-testing.yml new file mode 100644 index 000000000..b913b6e3f --- /dev/null +++ b/.github/workflows/push-container-testing.yml @@ -0,0 +1,61 @@ +name: Container + +on: + workflow_call: + inputs: + is_latest_tag: + required: true + type: string + is_version_tag: + required: true + type: string + secrets: + dockerhub_user: + required: true + dockerhub_token: + required: true + +jobs: + debian_testing: + name: debian:testing + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/download-artifact@v3 + with: + name: rs-binaries + path: assets + - name: "Set labels and tags" + id: test_meta + uses: docker/metadata-action@v5 + with: + images: ${{ github.repository }} + labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=greenbone/gvm-libs + flavor: latest=false # no auto latest container tag for git tags + tags: | + # for the images provided for debian:testing we just provide + # testing on an new version or testing-edge when it is on main. + # testing-branch-sha on a branch + type=raw,value=testing,enable=${{ inputs.is_latest_tag }} + type=raw,value=testing-edge,enable=${{ github.ref_name == 'main' }} + type=raw,value=testing-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} + type=ref,event=pr + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.dockerhub_user }} + password: ${{ secrets.dockerhub_token }} + - name: Build and push Container image + uses: docker/build-push-action@v5 + with: + context: . + push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} + file: .docker/prod-testing.Dockerfile + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.test_meta.outputs.tags }} + labels: ${{ steps.test_meta.outputs.labels }} diff --git a/.github/workflows/push-container.yml b/.github/workflows/push-container.yml new file mode 100644 index 000000000..e86a8e8d3 --- /dev/null +++ b/.github/workflows/push-container.yml @@ -0,0 +1,70 @@ +name: Container + +on: + workflow_call: + inputs: + is_latest_tag: + required: true + type: string + is_version_tag: + required: true + type: string + secrets: + dockerhub_user: + required: true + dockerhub_token: + required: true + +jobs: + debian_stable: + name: debian:stable + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: actions/download-artifact@v3 + with: + name: rs-binaries + path: assets + - name: "Set labels and tags" + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ github.repository }} + labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=greenbone/gvm-libs + flavor: latest=false # no auto latest container tag for git tags + tags: | + # when IS_LATEST_TAG is set create a stable and a latest tag + type=raw,value=latest,enable=${{ inputs.is_latest_tag }} + type=raw,value=stable,enable=${{ inputs.is_latest_tag }} + # if tag version is set than create a version tags + type=semver,pattern={{version}},enable=${{ inputs.is_version_tag }} + type=semver,pattern={{major}}.{{minor}},enable=${{ inputs.is_version_tag }} + type=semver,pattern={{major}},enable=${{ inputs.is_version_tag }} + # if on main or a branch TODO calculate upfront + type=raw,value=edge,enable=${{ github.ref_name == 'main' }} + type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} + # use pr-$PR_ID for pull requests (will not be uploaded) + type=ref,event=pr + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.dockerhub_user }} + password: ${{ secrets.dockerhub_token }} + + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} + file: .docker/prod.Dockerfile + build-args: | + REPOSITORY=${{ github.repository }} + platforms: linux/amd64,linux/aarch64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/push-helm-chart.yml b/.github/workflows/push-helm-chart.yml new file mode 100644 index 000000000..5d638e56b --- /dev/null +++ b/.github/workflows/push-helm-chart.yml @@ -0,0 +1,27 @@ +name: "Helm Push" + +on: + workflow_call: + inputs: + registry: + required: true + type: string + secrets: + user: + required: true + token: + required: true + + +jobs: + helm: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: greenbone/actions/helm-build-push@v3 + with: + chart-name: openvasd + registry: ${{ inputs.registry }} + registry-subpath: helm-charts/ + registry-user: ${{ secrets.user }} + registry-token: ${{ secrets.token }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f79365480..61750a486 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,19 +1,29 @@ name: "release" - -on: - pull_request: - types: [closed] - workflow_dispatch: +on: + workflow_call: inputs: - release: - description: "Use 'major' for incompatible changes, 'minor' for new features, and 'patch' for fixes." - type: choice - options: - - "major" - - "minor" - - "patch" + new_version: + required: true + type: string + latest_version: + required: true + type: string + release_kind: + required: true + type: string + release_ref: + required: true + type: string + project: + required: true + type: string + secrets: + token: + required: true + name: + required: true + email: required: true - default: "patch" # This job first determines the target branch of the closed pull request. If the target branch is "main", @@ -34,115 +44,30 @@ on: # Once the version is found and enhanced, each CMakeLists file is updated to the new # version, and a commit is created in the found branch. jobs: - calculate_version: - runs-on: "ubuntu-latest" - if: | - github.event_name == 'workflow_dispatch' || - ( - github.event.pull_request.merged == true && - contains(github.event.pull_request.labels.*.name, 'major_release') || - contains(github.event.pull_request.labels.*.name, 'minor_release') || - contains(github.event.pull_request.labels.*.name, 'patch_release') - ) - outputs: - new_version: ${{ steps.version.outputs.new_version }} - latest_version: ${{ steps.version.outputs.latest_version }} - release_kind: ${{ steps.version.outputs.release_kind }} - release_ref: ${{ steps.version.outputs.release_ref }} - project: ${{ steps.version.outputs.project}} - steps: - - uses: actions/checkout@v4 - with: - token: ${{ secrets.GREENBONE_BOT_TOKEN }} - fetch-depth: '0' - - name: set RELEASE_KIND = ${{ github.event.inputs.release }} - if: ${{ github.event_name == 'workflow_dispatch' }} - run: | - echo "RELEASE_KIND=${{ github.event.inputs.release }}" >> $GITHUB_ENV - - name: set RELEASE_KIND = major - if: ${{ (contains(github.event.pull_request.labels.*.name, 'major_release')) }} - run: | - echo "RELEASE_KIND=major" >> $GITHUB_ENV - - name: set RELEASE_KIND = minor - if: ${{ (contains(github.event.pull_request.labels.*.name, 'minor_release')) }} - run: | - echo "RELEASE_KIND=minor" >> $GITHUB_ENV - - name: set RELEASE_KIND = patch - if: ${{ (contains(github.event.pull_request.labels.*.name, 'patch_release')) }} - run: | - echo "RELEASE_KIND=patch" >> $GITHUB_ENV - - name: set RELEASE_REF - run: | - if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then - echo "RELEASE_REF=${{ github.ref_name }}" >> $GITHUB_ENV - else - echo "RELEASE_REF=${{ github.base_ref }}" >> $GITHUB_ENV - fi - - name: "LATEST_VERSION" - run: | - if [[ "${{ env.RELEASE_REF }}" = "main" ]]; then - echo "LATEST_VERSION=$(git tag | grep "^v" | sed 's/^v//' | sort --version-sort | tail -n 1)" >> $GITHUB_ENV - else - echo "LATEST_VERSION=$(git tag | grep "^v${{ env.RELEASE_REF }}" | sed 's/^v//' | sort --version-sort | tail -n 1)" >> $GITHUB_ENV - fi - - name: "default LATEST_VERSION" - run: | - # default to 0.1.0 when there is no previous tag and on main branch - if ([[ -z "${{ env.LATEST_VERSION }}" ]] && [[ "${{ env.RELEASE_REF }}" = "main" ]]); then - echo "LATEST_VERSION=0.1.0" >> $GITHUB_ENV - fi - # safeguard - - name: RELEASE_REF != NULL - run: ([ -n "${{ env.RELEASE_REF }}" ]) - - name: LATEST_VERSION != NULL - run: ([ -n "${{ env.LATEST_VERSION }}" ]) - - name: RELEASE_KIND != NULL - run: ([ -n "${{ env.RELEASE_KIND }}" ]) - - name: "NEW_VERSION" - run: | - echo "NEW_VERSION=$(sh .github/enhance_version.sh ${{ env.LATEST_VERSION }} ${{ env.RELEASE_KIND }})" >> $GITHUB_ENV - - name: NEW_VERSION != NULL - run: ([ -n "${{ env.NEW_VERSION }}" ]) - - name: set output - id: version - run: | - echo "latest_version=$LATEST_VERSION" >> "$GITHUB_OUTPUT" - echo "new_version=$NEW_VERSION" >> "$GITHUB_OUTPUT" - echo "release_kind=$RELEASE_KIND" >> "$GITHUB_OUTPUT" - echo "release_ref=$RELEASE_REF" >> "$GITHUB_OUTPUT" - echo "project=$(echo "${{ github.repository }}" | sed 's/.*\///' )" >> "$GITHUB_OUTPUT" - - build-binaries: - needs: calculate_version - uses: ./.github/workflows/build-rust.yml - - release: name: release - needs: - - build-binaries - - calculate_version runs-on: "ubuntu-latest" env: - RELEASE_KIND: ${{needs.calculate_version.outputs.release_kind}} - RELEASE_REF: ${{needs.calculate_version.outputs.release_ref}} - LATEST_VERSION: ${{needs.calculate_version.outputs.latest_version}} - NEW_VERSION: ${{needs.calculate_version.outputs.new_version}} - PROJECT: ${{needs.calculate_version.outputs.project}} + RELEASE_KIND: ${{inputs.release_kind}} + RELEASE_REF: ${{inputs.release_ref}} + LATEST_VERSION: ${{inputs.latest_version}} + NEW_VERSION: ${{inputs.new_version}} + PROJECT: ${{inputs.project}} steps: - uses: actions/checkout@v4 with: - token: ${{ secrets.GREENBONE_BOT_TOKEN }} + token: ${{ secrets.token }} fetch-depth: '0' - name: set git credentials run: | - git config --global user.email "${{ secrets.GREENBONE_BOT_MAIL }}" - git config --global user.name "${{ secrets.GREENBONE_BOT }}" + git config --global user.email "${{ secrets.email }}" + git config --global user.name "${{ secrets.name }}" - name: "create working branch for previous major release (${{ env.LATEST_VERSION }})" if: ( env.RELEASE_KIND == 'major' ) run: | - # save a branch so that we can easily create PR for that version when we want to fix something + # checkout latest version git checkout "v${{ env.LATEST_VERSION }}" + # get just the major version of latest version export BRANCH_NAME=$(echo "${{ env.LATEST_VERSION }}" | sed 's/^\([0-9]*\).*/v\1/') git checkout -b "$BRANCH_NAME" git push origin "$BRANCH_NAME" @@ -189,7 +114,6 @@ jobs: touch /tmp/changelog.md fi echo "${{ secrets.GREENBONE_BOT_TOKEN }}" | gh auth login --with-token - # lets see how smart it is export nrn="v${{ env.NEW_VERSION }}" gh release create "$nrn" -F /tmp/changelog.md - name: "sign ${{ env.PROJECT }}" diff --git a/.github/workflows/rustification.yaml b/.github/workflows/rustification.yaml deleted file mode 100644 index a41b10238..000000000 --- a/.github/workflows/rustification.yaml +++ /dev/null @@ -1,124 +0,0 @@ -name: rs - -on: - push: - branches: [main, stable, oldstable] - pull_request: - -env: - CARGO_TERM_COLOR: always - -jobs: - unittests: - runs-on: ubuntu-latest - defaults: - run: - working-directory: rust - strategy: - matrix: - toolchain: - - stable - - beta - - nightly - steps: - - uses: actions/checkout@v4 - - run: sudo apt update && sudo apt-get install -y libpcap-dev - - run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} || rustup default ${{ matrix.toolchain }} - - run: cargo test --lib --tests --workspace - clippy: - runs-on: ubuntu-latest - defaults: - run: - working-directory: rust - steps: - - uses: actions/checkout@v4 - - run: rustup update stable && rustup default stable && rustup component add clippy - - run: cargo clippy -- -D warnings - audit: - runs-on: ubuntu-latest - defaults: - run: - working-directory: rust - steps: - - uses: actions/checkout@v4 - - run: rustup update stable && rustup default stable - - run: cargo install cargo-audit - - run: cargo audit - typos: - runs-on: ubuntu-latest - defaults: - run: - working-directory: rust - steps: - - uses: actions/checkout@v4 - - run: rustup update stable && rustup default stable - - run: cargo install typos-cli - - run: typos - formatting: - runs-on: ubuntu-latest - defaults: - run: - working-directory: rust - strategy: - matrix: - crates: - # we verify each dir separately to make it easier to verify formatting issues or even ignore - # crates we deem not important for checking (e.g. feed-verifier) - - nasl-syntax - - storage - - nasl-interpreter - - redis-storage - - json-storage - - nasl-cli - steps: - - uses: actions/checkout@v4 - rs-build-binaries: - uses: ./.github/workflows/build-rust.yml - verify-syntax: - runs-on: ubuntu-latest - needs: [rs-build-binaries] - steps: - - uses: actions/checkout@v4 - - run: FEED_DIR="feed/" sh .github/prepare-feed.sh - - uses: actions/download-artifact@v3 - with: - name: rs-binaries - path: assets - - run: mv assets/nasl-cli-x86_64-unknown-linux-gnu ./nasl-cli - - run: chmod +x ./nasl-cli - - name: verify syntax parsing - run: ./nasl-cli syntax --quiet feed/ - verify-feed-update: - runs-on: ubuntu-latest - needs: [rs-build-binaries] - container: - # maybe better to use builder, build openvas to have - # the version of this checkout rather than a dated official one? - image: greenbone/openvas-scanner:unstable - options: --privileged - services: - redis: - image: redis - options: >- - --health-cmd "redis-cli ping" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - steps: - - uses: actions/checkout@v4 - - run: apt-get update && apt-get install -y docker.io - - run: FEED_DIR="feed/" sh .github/prepare-feed.sh - - uses: actions/download-artifact@v3 - with: - name: rs-binaries - path: assets - - run: mv assets/nasl-cli-x86_64-unknown-linux-gnu ./nasl-cli - - run: mv assets/feed-verifier-x86_64-unknown-linux-gnu ./feed-verifier - - name: prepare setup - run: | - install -m 755 feed-verifier /usr/local/bin/ - install -m 755 nasl-cli /usr/local/bin/ - echo "db_address = tcp://redis:6379" >> /etc/openvas/openvas.conf - mv ./feed/* "$(openvas -s | grep plugins_folder | sed 's/plugins_folder = //')/" - - run: openvas -s - - run: feed-verifier || (cat /var/log/gvm/openvas.log && false) diff --git a/.github/workflows/smoketest.yaml b/.github/workflows/smoketest.yaml new file mode 100644 index 000000000..24c9292f0 --- /dev/null +++ b/.github/workflows/smoketest.yaml @@ -0,0 +1,51 @@ +name: Smoketests + +on: + workflow_call: + inputs: + docker_repo: + type: string + default: "greenbone/openvas-scanner" + docker_tag: + required: true + type: string + +# smoke test definition. +# It depends on build.yml that is controlled via control.yml +# +jobs: + openvasd: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: 'Set openvas-scanner-image' + run: | + echo "openvas:" >> st.yaml + echo " repository: ${{ inputs.docker_repo }}" >> st.yaml + echo " pullPolicy: Always" >> st.yaml + echo " tag: \"${{ inputs.docker_tag }}\"" >> st.yaml + cat st.yaml + - name: Start a local k8s cluster + uses: jupyterhub/action-k3s-helm@v3 + with: + k3s-channel: latest + metrics-enabled: false + - name: deploy openvasd + run: | + cd rust/examples/tls/Self-Signed\ mTLS\ Method + make delete deploy + cd - + + helm uninstall openvasd --namespace openvasd|| true + helm install --namespace openvasd --create-namespace openvasd charts/openvasd/ --values charts/openvasd/values.yaml --values charts/openvasd/mtls-wo-ingress.yaml --values st.yaml + + kubectl rollout status --watch --timeout 600s deployment/openvasd --namespace openvasd + echo "OPENVASD_SERVER=https://$(kubectl get svc -n openvasd | awk 'FNR == 2 {print $(3)}')" >> $GITHUB_ENV + - name: smoketest + working-directory: rust/smoketest + env: + SCAN_CONFIG: configs/simple_scan_ssh_only.json + CLIENT_KEY: ../examples/tls/Self-Signed mTLS Method/client.rsa + CLIENT_CERT: ../examples/tls/Self-Signed mTLS Method/client.pem + run: | + make build run diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 000000000..ec5a7d809 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,28 @@ +name: "Unit-Tests" + +on: [workflow_call] + +jobs: + C: + runs-on: ubuntu-latest + container: greenbone/gvm-libs:stable + steps: + - uses: actions/checkout@v4 + - name: install dependencies + run: | + sh .github/install-openvas-dependencies.sh + - name: unit-tests + run: | + cmake -Bbuild -DCMAKE_BUILD_TYPE=Release + CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test + Rust: + runs-on: ubuntu-latest + defaults: + run: + working-directory: rust + steps: + - uses: actions/checkout@v4 + - run: sudo apt update && sudo apt-get install -y libpcap-dev + - run: rustup update stable && rustup default stable || rustup default stable + - name: unit-tests + run: cargo test --lib --tests --workspace diff --git a/.github/workflows/update-header.yml b/.github/workflows/update-header.yml deleted file mode 100644 index f016a4e56..000000000 --- a/.github/workflows/update-header.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: File Header Copyright Year Updater - -on: - workflow_dispatch: - schedule: - - cron: '0 0 1 1 *' # At 00:00 on day-of-month 1 in January. - -permissions: - contents: write - pull-requests: write - -jobs: - update-header: - name: Update file header year - runs-on: 'ubuntu-latest' - steps: - - name: Run update header - uses: greenbone/actions/update-header@v3 - with: - directories: nasl misc src tools - target: main diff --git a/rust/cross.Dockerfile b/rust/cross.Dockerfile index 4ec764b70..a8e66bb99 100644 --- a/rust/cross.Dockerfile +++ b/rust/cross.Dockerfile @@ -17,10 +17,9 @@ RUN ./configure --host=x86_64-unknown-linux-gnu --with-pcap=linux RUN cat config.log RUN make install -RUN curl --output /tmp/zlib.tar.gz https://www.zlib.net/zlib-1.3.1.tar.gz -WORKDIR /tmp -RUN tar xvf zlib.tar.gz -WORKDIR /tmp/zlib-1.3.1 +RUN mkdir /tmp/zlib +RUN curl -sf -L https://www.zlib.net/current/zlib.tar.gz | tar zxvf - --strip-components=1 -C /tmp/zlib +WORKDIR /tmp/zlib RUN ./configure RUN make install RUN ldconfig diff --git a/rust/cross_aarch64.Dockerfile b/rust/cross_aarch64.Dockerfile index 60daa6fee..26dafa4db 100644 --- a/rust/cross_aarch64.Dockerfile +++ b/rust/cross_aarch64.Dockerfile @@ -22,10 +22,9 @@ RUN ./configure --host=aarch64-unknown-linux-gnu --with-pcap=linux RUN cat config.log RUN make install -RUN curl --output /tmp/zlib.tar.gz https://www.zlib.net/zlib-1.3.1.tar.gz -WORKDIR /tmp -RUN tar xvzf zlib.tar.gz -WORKDIR /tmp/zlib-1.3.1 +RUN mkdir /tmp/zlib +RUN curl -sf -L https://www.zlib.net/current/zlib.tar.gz | tar zxvf - --strip-components=1 -C /tmp/zlib +WORKDIR /tmp/zlib RUN ./configure RUN make install RUN ldconfig diff --git a/rust/feed/src/update/error.rs b/rust/feed/src/update/error.rs index 9ed780799..59eaf25d3 100644 --- a/rust/feed/src/update/error.rs +++ b/rust/feed/src/update/error.rs @@ -34,7 +34,6 @@ pub struct Error { pub kind: ErrorKind, } - impl std::fmt::Display for ErrorKind { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { match self { @@ -56,8 +55,6 @@ impl std::fmt::Display for Error { impl std::error::Error for Error {} - - impl From for Error { fn from(value: verify::Error) -> Self { let fin = match &value { diff --git a/rust/feed/src/update/mod.rs b/rust/feed/src/update/mod.rs index 55a6bb575..3fbe2caba 100644 --- a/rust/feed/src/update/mod.rs +++ b/rust/feed/src/update/mod.rs @@ -82,7 +82,7 @@ where impl<'a, S, L, V, K, R> Update where S: Sync + Send + Dispatcher, - K: AsRef + Display + Default + From + 'static, + K: AsRef + Display + Default + From + 'static, L: Sync + Send + Loader + AsBufReader, V: Iterator, verify::Error>>, R: Read + 'a, diff --git a/rust/infisto/src/base.rs b/rust/infisto/src/base.rs index c34beb8f6..3fc349a57 100644 --- a/rust/infisto/src/base.rs +++ b/rust/infisto/src/base.rs @@ -489,12 +489,8 @@ impl IndexedByteStorage for CachedIndexFileStorer { .append_all_index(key, &initial_index, &data[1..])?; (self.cache.len() - 1, end_index) } - std::io::ErrorKind::NotFound if data.is_empty() => { - (0, vec![]) - } - _ => { - return Err(Error::FileOpen(ioe)) - }, + std::io::ErrorKind::NotFound if data.is_empty() => (0, vec![]), + _ => return Err(Error::FileOpen(ioe)), }, Err(e) => return Err(e), } diff --git a/rust/infisto/src/serde.rs b/rust/infisto/src/serde.rs index 29bbb97c2..2f08fa7ef 100644 --- a/rust/infisto/src/serde.rs +++ b/rust/infisto/src/serde.rs @@ -18,7 +18,6 @@ where { /// Serializes given data to Vec pub fn serialize(t: T) -> Result { - match rmp_serde::to_vec(&t) { Ok(v) => Ok(Serialization::Serialized(v)), Err(_) => Err(base::Error::Serialize), diff --git a/rust/json-storage/src/lib.rs b/rust/json-storage/src/lib.rs index 1c584a682..cbf6b7076 100644 --- a/rust/json-storage/src/lib.rs +++ b/rust/json-storage/src/lib.rs @@ -10,7 +10,7 @@ use std::{ sync::{Arc, Mutex}, }; -use storage::{self, item::PerItemDispatcher, Kb, StorageError, NotusAdvisory}; +use storage::{self, item::PerItemDispatcher, Kb, NotusAdvisory, StorageError}; /// Wraps write calls of json elements to be as list. /// @@ -131,14 +131,14 @@ where _: Box>, ) -> Result<(), StorageError> { - Ok(()) + Ok(()) } } impl storage::Retriever for ItemDispatcher where S: Write, - K: 'static + K: 'static, { fn retrieve( &self, @@ -147,7 +147,9 @@ where ) -> Result>, StorageError> { Ok(match scope { // currently not supported - storage::Retrieve::NVT(_) | storage::Retrieve::NotusAdvisory(_) => Box::new([].into_iter()), + storage::Retrieve::NVT(_) | storage::Retrieve::NotusAdvisory(_) => { + Box::new([].into_iter()) + } storage::Retrieve::KB(s) => Box::new({ let kbs = self.kbs.lock().map_err(StorageError::from)?; let kbs = kbs.clone(); diff --git a/rust/models/src/advisories.rs b/rust/models/src/advisories.rs index 6c2c2f845..e4ad380be 100644 --- a/rust/models/src/advisories.rs +++ b/rust/models/src/advisories.rs @@ -6,7 +6,7 @@ use std::collections::HashMap; /// Represents an advisory json file for notus product. #[cfg_attr(feature = "serde_support", derive(serde::Deserialize))] -#[derive(Debug, Clone,PartialEq, Eq)] +#[derive(Debug, Clone, PartialEq, Eq)] pub struct ProductsAdivisories { /// Version of the advisory file pub version: String, @@ -173,7 +173,6 @@ impl From for Vulnerability { None => "".to_string(), }, }; - let refs = HashMap::new(); Self { diff --git a/rust/models/src/lib.rs b/rust/models/src/lib.rs index ac9c8e6ae..0bb3a6444 100644 --- a/rust/models/src/lib.rs +++ b/rust/models/src/lib.rs @@ -30,7 +30,6 @@ pub use status::*; pub use target::*; pub use vt::*; - #[cfg(test)] mod tests { diff --git a/rust/models/src/vt.rs b/rust/models/src/vt.rs index 93a9617d6..7000d9f19 100644 --- a/rust/models/src/vt.rs +++ b/rust/models/src/vt.rs @@ -18,4 +18,3 @@ pub struct VT { /// The list of parameters for the VT pub parameters: Vec, } - diff --git a/rust/nasl-interpreter/src/include.rs b/rust/nasl-interpreter/src/include.rs index efd20180c..ff97087f1 100644 --- a/rust/nasl-interpreter/src/include.rs +++ b/rust/nasl-interpreter/src/include.rs @@ -2,12 +2,6 @@ // // SPDX-License-Identifier: GPL-2.0-or-later - - - - - - #[cfg(test)] mod tests { use std::collections::HashMap; diff --git a/rust/nasl-interpreter/src/interpreter.rs b/rust/nasl-interpreter/src/interpreter.rs index 44a51865e..79f4b0688 100644 --- a/rust/nasl-interpreter/src/interpreter.rs +++ b/rust/nasl-interpreter/src/interpreter.rs @@ -5,7 +5,7 @@ use std::{collections::HashMap, io}; use nasl_syntax::{ - IdentifierType, LoadError, NaslValue, StatementKind::*, Token, TokenCategory, Statement, + IdentifierType, LoadError, NaslValue, Statement, StatementKind::*, Token, TokenCategory, }; use storage::StorageError; @@ -50,7 +50,6 @@ where } } - fn include(&mut self, name: &Statement) -> InterpretResult { match self.resolve(name)? { NaslValue::String(key) => { @@ -70,7 +69,7 @@ where _ => Err(InterpretError::unsupported(name, "string")), } } - + /// Tries to interpret a statement and retries n times on a retry error /// /// When encountering a retrievable error: @@ -215,14 +214,12 @@ where } NoOp => Ok(NaslValue::Null), EoF => Ok(NaslValue::Null), - AttackCategory => { + AttackCategory => { match statement.as_token().category() { TokenCategory::Identifier(IdentifierType::ACT(cat)) => Ok(NaslValue::AttackCategory(*cat)), _ => unreachable!("AttackCategory must have ACT token but got {:?}, this is an bug within the lexer.", statement.as_token()) } - - }, Continue => Ok(NaslValue::Continue), Break => Ok(NaslValue::Break), diff --git a/rust/nasl-interpreter/tests/description.rs b/rust/nasl-interpreter/tests/description.rs index 941dc0271..3da7764a8 100644 --- a/rust/nasl-interpreter/tests/description.rs +++ b/rust/nasl-interpreter/tests/description.rs @@ -93,7 +93,8 @@ if(description) assert_eq!( storage .retrieve(&key, storage::Retrieve::NVT(None)) - .unwrap().collect::>(), + .unwrap() + .collect::>(), vec![ NVT(Oid("0.0.0.0.0.0.0.0.0.1".to_owned())), NVT(FileName(key)), diff --git a/rust/nasl-syntax/src/lexer.rs b/rust/nasl-syntax/src/lexer.rs index d6178ec52..17fb19f9d 100644 --- a/rust/nasl-syntax/src/lexer.rs +++ b/rust/nasl-syntax/src/lexer.rs @@ -89,7 +89,6 @@ fn infix_binding_power(op: &Operation) -> Option<(u8, u8)> { Some(res) } - enum InFixState { NoInfix, ReturnContinue(Statement), diff --git a/rust/nasl-syntax/src/variable_extension.rs b/rust/nasl-syntax/src/variable_extension.rs index 4cb2fd908..685b49650 100644 --- a/rust/nasl-syntax/src/variable_extension.rs +++ b/rust/nasl-syntax/src/variable_extension.rs @@ -5,7 +5,8 @@ use crate::{ error::SyntaxError, lexer::{End, Lexer}, - token::{Category}, Statement, StatementKind, + token::Category, + Statement, StatementKind, }; pub(crate) trait CommaGroup { diff --git a/rust/openvasd/src/controller/feed.rs b/rust/openvasd/src/controller/feed.rs index 870620d40..216f092c3 100644 --- a/rust/openvasd/src/controller/feed.rs +++ b/rust/openvasd/src/controller/feed.rs @@ -26,28 +26,29 @@ where let last_hash = ctx.db.feed_hash().await; if signature_check { if let Err(err) = feed::verify::check_signature(&path) { - tracing::warn!("Signature of {} is not corredct, skipping: {}", path.display(), err); - + tracing::warn!( + "Signature of {} is not corredct, skipping: {}", + path.display(), + err + ); } } - let hash = tokio::task::spawn_blocking(move || { - match FeedIdentifier::sumfile_hash(path) { + let hash = + tokio::task::spawn_blocking(move || match FeedIdentifier::sumfile_hash(path) { Ok(h) => h, Err(e) => { tracing::warn!("Failed to compute sumfile hash: {e:?}"); "".to_string() } - } - }) - .await - .unwrap(); + }) + .await + .unwrap(); if last_hash.is_empty() || last_hash != hash { - match ctx.db.synchronize_feeds(hash).await{ - Ok(_) => {}, + match ctx.db.synchronize_feeds(hash).await { + Ok(_) => {} Err(e) => tracing::warn!("Unable to sync feed: {e}"), } - } tokio::time::sleep(interval).await; } diff --git a/rust/openvasd/src/request.rs b/rust/openvasd/src/request.rs index 21219c486..43385cdf4 100644 --- a/rust/openvasd/src/request.rs +++ b/rust/openvasd/src/request.rs @@ -19,13 +19,13 @@ where T: serde::de::DeserializeOwned, H: hyper::body::Body, ::Error: std::error::Error, - { let body = req.into_body(); let bytes = match body.collect().await { Ok(x) => x.to_bytes(), Err(e) => { - return Err(response.internal_server_error(&e));}, + return Err(response.internal_server_error(&e)); + } }; match serde_json::from_slice(&bytes) { Ok(json) => Ok(json), diff --git a/rust/openvasd/src/response.rs b/rust/openvasd/src/response.rs index b3bdc534f..efc55a340 100644 --- a/rust/openvasd/src/response.rs +++ b/rust/openvasd/src/response.rs @@ -198,7 +198,7 @@ impl Response { #[inline] pub async fn ok_json_stream(&self, value: T) -> Result where - T: Iterator + Send + 'static, + T: Iterator + Send + 'static, S: Serialize + Clone + Send + std::fmt::Debug + 'static, { let value = value.map(|x| serde_json::to_vec(&x).unwrap()); diff --git a/rust/openvasd/src/storage/mod.rs b/rust/openvasd/src/storage/mod.rs index bd6978cec..6bd36121e 100644 --- a/rust/openvasd/src/storage/mod.rs +++ b/rust/openvasd/src/storage/mod.rs @@ -109,11 +109,10 @@ pub trait NVTStorer { /// directories and update the meta information. async fn synchronize_feeds(&self, hash: String) -> Result<(), Error>; - /// Retrieves just all oids. async fn oids(&self) -> Result + Send>, Error> { let vts = self.vts().await?; - Ok(Box::new(vts.map(|x|x.oid))) + Ok(Box::new(vts.map(|x| x.oid))) } /// Retrieves NVTs. @@ -123,11 +122,8 @@ pub trait NVTStorer { /// Retrieves a NVT. /// - async fn vt_by_oid( - &self, - oid: &str, - ) -> Result, Error> { - Ok(self.vts().await?.find(|x|x.oid == oid)) + async fn vt_by_oid(&self, oid: &str) -> Result, Error> { + Ok(self.vts().await?.find(|x| x.oid == oid)) } /// Returns the currently stored feed hash. diff --git a/rust/openvasd/src/tls.rs b/rust/openvasd/src/tls.rs index d275fdcbc..a31011d9b 100644 --- a/rust/openvasd/src/tls.rs +++ b/rust/openvasd/src/tls.rs @@ -198,8 +198,7 @@ where let certfile = fs::File::open(filename) .map_err(|e| error(format!("failed to open {:?}: {}", filename, e)))?; let mut reader = io::BufReader::new(certfile); - rustls_pemfile::certs(&mut reader) - .map(|x| x.into_iter().map(CertificateDer::from).collect()) + rustls_pemfile::certs(&mut reader).map(|x| x.into_iter().map(CertificateDer::from).collect()) } // Load private key from file. diff --git a/rust/redis-storage/src/connector.rs b/rust/redis-storage/src/connector.rs index bd8adf5a7..0709a24f3 100644 --- a/rust/redis-storage/src/connector.rs +++ b/rust/redis-storage/src/connector.rs @@ -662,8 +662,6 @@ where .map_err(|e| DbError::SystemError(format!("{e:?}")))?; cache.delete_namespace() } - - } impl storage::item::ItemDispatcher for CacheDispatcher @@ -686,7 +684,11 @@ where kbs.push(kb); Ok(()) } - fn dispatch_advisory(&self, key: &str, adv: Box>) -> Result<(), StorageError> { + fn dispatch_advisory( + &self, + key: &str, + adv: Box>, + ) -> Result<(), StorageError> { let mut cache = Arc::as_ref(&self.cache).lock()?; cache.redis_add_advisory(key, *adv).map_err(|e| e.into()) } @@ -763,11 +765,7 @@ mod tests { .unwrap(); Ok(()) } - fn lindex( - &mut self, - _: &str, - _: isize, - ) -> crate::dberror::RedisStorageResult { + fn lindex(&mut self, _: &str, _: isize) -> crate::dberror::RedisStorageResult { Ok(String::new()) } diff --git a/rust/storage/src/item.rs b/rust/storage/src/item.rs index baee48ed0..2f0bf07fa 100644 --- a/rust/storage/src/item.rs +++ b/rust/storage/src/item.rs @@ -572,7 +572,8 @@ pub trait ItemDispatcher { Ok(()) } /// Stores an advisory - fn dispatch_advisory(&self, _: &str, _: Box>) -> Result<(), StorageError>; + fn dispatch_advisory(&self, _: &str, _: Box>) + -> Result<(), StorageError>; } /// Collects the information while being in a description run and calls the dispatch method diff --git a/rust/storage/src/lib.rs b/rust/storage/src/lib.rs index 9fde8a5ef..1c1a1579d 100644 --- a/rust/storage/src/lib.rs +++ b/rust/storage/src/lib.rs @@ -52,11 +52,8 @@ pub enum Field { KB(Kb), /// Notus advisories, when None then the impl can assume finish NotusAdvisory(Box>), - } - - impl From for Field { fn from(value: NVTField) -> Self { Self::NVT(value)