Production Images #3883
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited | |
| # SPDX-FileContributor: Joe Pitt | |
| # | |
| # SPDX-License-Identifier: GPL-3.0-only | |
| --- | |
| name: Production Images | |
| on: | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: 15 */6 * * * | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| env: | |
| COMPOSE_PROJECT_NAME: misp_test | |
| jobs: | |
| run: | |
| name: Build, Test, and Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: checkout | |
| name: Checkout Project | |
| uses: actions/checkout@v6 | |
| - id: docker-login | |
| name: Login to Docker Hub | |
| uses: docker/login-action@v4 | |
| with: | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| username: ${{ vars.DOCKERHUB_USERNAME }} | |
| - id: setup-buildx | |
| name: Setup Docker buildx Environment | |
| uses: docker/setup-buildx-action@v4 | |
| - id: test-env-setup | |
| name: Configure Environment | |
| run: | | |
| sed -i 's/jisccti/${{ vars.DOCKERHUB_ORGANISATION }}/g' docker-compose.yml | |
| sed -i 's/jisccti/${{ vars.DOCKERHUB_ORGANISATION }}/g' misp-workers/Dockerfile | |
| cp .github/workflows/actions.env .env | |
| mkdir -p persistent/$COMPOSE_PROJECT_NAME/gpg persistent/$COMPOSE_PROJECT_NAME/tls | |
| cat <<EOF > persistent/$COMPOSE_PROJECT_NAME/gpg/import.asc | |
| ${{ secrets.TEST_PGP_KEY }} | |
| EOF | |
| cat <<EOF > persistent/$COMPOSE_PROJECT_NAME/tls/misp.crt | |
| ${{ secrets.TEST_TLS_CERT }} | |
| EOF | |
| cat <<EOF > persistent/$COMPOSE_PROJECT_NAME/tls/misp.key | |
| ${{ secrets.TEST_TLS_KEY }} | |
| EOF | |
| python3 -m venv venv | |
| ./venv/bin/pip install --upgrade defusedxml requests | |
| - id: misp_version | |
| name: Get current MISP version number | |
| uses: joepitt91/action-version-from-github-release@v2 | |
| with: | |
| token: ${{ secrets.VERSION_CHECK_PAT }} | |
| owner: MISP | |
| repository: MISP | |
| greater_equal_version: 2.5.0 | |
| less_than_version: 2.6.0 | |
| - id: modules_version | |
| name: Get current MISP modules version number | |
| uses: joepitt91/action-version-from-github-tag@v2 | |
| with: | |
| token: ${{ secrets.VERSION_CHECK_PAT }} | |
| owner: MISP | |
| repository: misp-modules | |
| greater_equal_version: 3.0.0 | |
| less_than_version: 4.0.0 | |
| - id: shibb_version | |
| name: Get current Shibboleth SP version number | |
| uses: JoePJisc/action-version-from-rpm@v1 | |
| with: | |
| mirror_list_url: https://shibboleth.net/cgi-bin/mirrorlist.cgi/rockylinux9 | |
| package_name: shibboleth | |
| - continue-on-error: true | |
| id: modules_image_exists | |
| name: Check If misp-modules Image Exists | |
| uses: cloudposse/github-action-docker-image-exists@main | |
| with: | |
| organization: ${{ vars.DOCKERHUB_ORGANISATION }} | |
| registry: registry.hub.docker.com | |
| repository: misp-modules | |
| tag: ${{ steps.modules_version.outputs.tag }} | |
| - continue-on-error: true | |
| id: web_image_exists | |
| name: Check If misp-web Image Exists | |
| uses: cloudposse/github-action-docker-image-exists@main | |
| with: | |
| organization: ${{ vars.DOCKERHUB_ORGANISATION }} | |
| registry: registry.hub.docker.com | |
| repository: misp-web | |
| tag: ${{ steps.misp_version.outputs.release_tag }} | |
| - continue-on-error: true | |
| id: workers_image_exists | |
| name: Check If misp-workers Image Exists | |
| uses: cloudposse/github-action-docker-image-exists@main | |
| with: | |
| organization: ${{ vars.DOCKERHUB_ORGANISATION }} | |
| registry: registry.hub.docker.com | |
| repository: misp-workers | |
| tag: ${{ steps.misp_version.outputs.release_tag }} | |
| - continue-on-error: true | |
| id: shibb_image_exists | |
| name: Check If misp-shibb-sp Image Exists | |
| uses: cloudposse/github-action-docker-image-exists@main | |
| with: | |
| organization: ${{ vars.DOCKERHUB_ORGANISATION }} | |
| registry: registry.hub.docker.com | |
| repository: misp-shibb-sp | |
| tag: ${{ steps.shibb_version.outputs.version }} | |
| - id: build_modules | |
| if: ${{ steps.modules_image_exists.outcome == 'failure' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} | |
| name: Build misp-modules | |
| run: | | |
| cd misp-modules | |
| docker build -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:latest -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:${{ steps.modules_version.outputs.tag }} --build-arg MISP_VERSION="${{ steps.modules_version.outputs.tag }}" . | |
| cd .. | |
| - id: pull_modules | |
| if: ${{ steps.modules_image_exists.outcome != 'failure' && github.event_name != 'push' && github.event_name != 'workflow_dispatch' }} | |
| name: Pull misp-modules | |
| run: docker pull ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:latest | |
| - id: build_web | |
| if: ${{ steps.web_image_exists.outcome == 'failure' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} | |
| name: Build misp-web | |
| run: | | |
| cd misp-web | |
| docker build -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:latest -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:${{ steps.misp_version.outputs.release_tag }} --build-arg MISP_VERSION="${{ steps.misp_version.outputs.release_tag }}" . | |
| cd .. | |
| - id: pull_web | |
| if: ${{ steps.web_image_exists.outcome != 'failure' && github.event_name != 'push' && github.event_name != 'workflow_dispatch' }} | |
| name: Pull misp-web | |
| run: docker pull ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:latest | |
| - id: build_workers | |
| if: ${{ steps.workers_image_exists.outcome == 'failure' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} | |
| name: Build misp-workers | |
| run: | | |
| cd misp-workers | |
| docker build -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:latest -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:${{ steps.misp_version.outputs.release_tag }} --build-arg MISP_VERSION="${{ steps.misp_version.outputs.release_tag }}" . | |
| cd .. | |
| - id: pull_workers | |
| if: ${{ steps.workers_image_exists.outcome != 'failure' && github.event_name != 'push' && github.event_name != 'workflow_dispatch' }} | |
| name: Pull misp-workers | |
| run: docker pull ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:latest | |
| - id: build_shibb | |
| if: ${{ steps.shibb_image_exists.outcome == 'failure' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} | |
| name: Build misp-shibb-sp | |
| run: | | |
| cd misp-shibb-sp | |
| docker build -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-shibb-sp:latest -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-shibb-sp:${{ steps.shibb_version.outputs.version }} --build-arg SHIBB_VERSION="${{ steps.shibb_version.outputs.version }}" . | |
| cd .. | |
| - id: start_test_env | |
| name: Deploy Test Instance | |
| run: docker compose up -d | |
| - continue-on-error: true | |
| id: initial_setup | |
| name: Wait for Initial Setup | |
| run: timeout 30m /bin/bash -c 'while [[ $(docker container ls --format {{.Status}} | grep -P "(unhealthy)|(starting)" | wc -l) -gt 0 ]] ; do sleep 30; done' | |
| - id: dump_logs | |
| if: steps.initial_setup.outcome == 'failure' | |
| name: Dump Container Log | |
| run: | | |
| docker compose logs | |
| docker compose down | |
| exit 1 | |
| - id: stop_test_env | |
| name: Stop MISP | |
| run: docker compose down | |
| - id: push-modules | |
| if: steps.build_modules.outcome == 'success' | |
| name: Push misp-modules | |
| run: | | |
| docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:${{ steps.modules_version.outputs.tag }} | |
| docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:latest | |
| - id: push-web | |
| if: steps.build_web.outcome == 'success' | |
| name: Push misp-web | |
| run: | | |
| docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:${{ steps.misp_version.outputs.release_tag }} | |
| docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:latest | |
| - id: push-workers | |
| if: steps.build_workers.outcome == 'success' | |
| name: Push misp-workers | |
| run: | | |
| docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:${{ steps.misp_version.outputs.release_tag }} | |
| docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:latest | |
| - id: push-shibb | |
| if: steps.build_shibb.outcome == 'success' | |
| name: Push misp-shibb-sp | |
| run: | | |
| docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-shibb-sp:${{ steps.shibb_version.outputs.version }} | |
| docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-shibb-sp:latest |