Skip to content

Production Images #3883

Production Images

Production Images #3883

# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
# SPDX-FileContributor: Joe Pitt
#
# SPDX-License-Identifier: GPL-3.0-only
---
name: Production Images
on:
push:
branches:
- main
schedule:
- cron: 15 */6 * * *
workflow_dispatch:
permissions:
contents: read
env:
COMPOSE_PROJECT_NAME: misp_test
jobs:
run:
name: Build, Test, and Release
runs-on: ubuntu-latest
steps:
- id: checkout
name: Checkout Project
uses: actions/checkout@v6
- id: docker-login
name: Login to Docker Hub
uses: docker/login-action@v4
with:
password: ${{ secrets.DOCKERHUB_TOKEN }}
username: ${{ vars.DOCKERHUB_USERNAME }}
- id: setup-buildx
name: Setup Docker buildx Environment
uses: docker/setup-buildx-action@v4
- id: test-env-setup
name: Configure Environment
run: |
sed -i 's/jisccti/${{ vars.DOCKERHUB_ORGANISATION }}/g' docker-compose.yml
sed -i 's/jisccti/${{ vars.DOCKERHUB_ORGANISATION }}/g' misp-workers/Dockerfile
cp .github/workflows/actions.env .env
mkdir -p persistent/$COMPOSE_PROJECT_NAME/gpg persistent/$COMPOSE_PROJECT_NAME/tls
cat <<EOF > persistent/$COMPOSE_PROJECT_NAME/gpg/import.asc
${{ secrets.TEST_PGP_KEY }}
EOF
cat <<EOF > persistent/$COMPOSE_PROJECT_NAME/tls/misp.crt
${{ secrets.TEST_TLS_CERT }}
EOF
cat <<EOF > persistent/$COMPOSE_PROJECT_NAME/tls/misp.key
${{ secrets.TEST_TLS_KEY }}
EOF
python3 -m venv venv
./venv/bin/pip install --upgrade defusedxml requests
- id: misp_version
name: Get current MISP version number
uses: joepitt91/action-version-from-github-release@v2
with:
token: ${{ secrets.VERSION_CHECK_PAT }}
owner: MISP
repository: MISP
greater_equal_version: 2.5.0
less_than_version: 2.6.0
- id: modules_version
name: Get current MISP modules version number
uses: joepitt91/action-version-from-github-tag@v2
with:
token: ${{ secrets.VERSION_CHECK_PAT }}
owner: MISP
repository: misp-modules
greater_equal_version: 3.0.0
less_than_version: 4.0.0
- id: shibb_version
name: Get current Shibboleth SP version number
uses: JoePJisc/action-version-from-rpm@v1
with:
mirror_list_url: https://shibboleth.net/cgi-bin/mirrorlist.cgi/rockylinux9
package_name: shibboleth
- continue-on-error: true
id: modules_image_exists
name: Check If misp-modules Image Exists
uses: cloudposse/github-action-docker-image-exists@main
with:
organization: ${{ vars.DOCKERHUB_ORGANISATION }}
registry: registry.hub.docker.com
repository: misp-modules
tag: ${{ steps.modules_version.outputs.tag }}
- continue-on-error: true
id: web_image_exists
name: Check If misp-web Image Exists
uses: cloudposse/github-action-docker-image-exists@main
with:
organization: ${{ vars.DOCKERHUB_ORGANISATION }}
registry: registry.hub.docker.com
repository: misp-web
tag: ${{ steps.misp_version.outputs.release_tag }}
- continue-on-error: true
id: workers_image_exists
name: Check If misp-workers Image Exists
uses: cloudposse/github-action-docker-image-exists@main
with:
organization: ${{ vars.DOCKERHUB_ORGANISATION }}
registry: registry.hub.docker.com
repository: misp-workers
tag: ${{ steps.misp_version.outputs.release_tag }}
- continue-on-error: true
id: shibb_image_exists
name: Check If misp-shibb-sp Image Exists
uses: cloudposse/github-action-docker-image-exists@main
with:
organization: ${{ vars.DOCKERHUB_ORGANISATION }}
registry: registry.hub.docker.com
repository: misp-shibb-sp
tag: ${{ steps.shibb_version.outputs.version }}
- id: build_modules
if: ${{ steps.modules_image_exists.outcome == 'failure' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
name: Build misp-modules
run: |
cd misp-modules
docker build -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:latest -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:${{ steps.modules_version.outputs.tag }} --build-arg MISP_VERSION="${{ steps.modules_version.outputs.tag }}" .
cd ..
- id: pull_modules
if: ${{ steps.modules_image_exists.outcome != 'failure' && github.event_name != 'push' && github.event_name != 'workflow_dispatch' }}
name: Pull misp-modules
run: docker pull ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:latest
- id: build_web
if: ${{ steps.web_image_exists.outcome == 'failure' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
name: Build misp-web
run: |
cd misp-web
docker build -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:latest -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:${{ steps.misp_version.outputs.release_tag }} --build-arg MISP_VERSION="${{ steps.misp_version.outputs.release_tag }}" .
cd ..
- id: pull_web
if: ${{ steps.web_image_exists.outcome != 'failure' && github.event_name != 'push' && github.event_name != 'workflow_dispatch' }}
name: Pull misp-web
run: docker pull ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:latest
- id: build_workers
if: ${{ steps.workers_image_exists.outcome == 'failure' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
name: Build misp-workers
run: |
cd misp-workers
docker build -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:latest -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:${{ steps.misp_version.outputs.release_tag }} --build-arg MISP_VERSION="${{ steps.misp_version.outputs.release_tag }}" .
cd ..
- id: pull_workers
if: ${{ steps.workers_image_exists.outcome != 'failure' && github.event_name != 'push' && github.event_name != 'workflow_dispatch' }}
name: Pull misp-workers
run: docker pull ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:latest
- id: build_shibb
if: ${{ steps.shibb_image_exists.outcome == 'failure' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
name: Build misp-shibb-sp
run: |
cd misp-shibb-sp
docker build -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-shibb-sp:latest -t ${{ vars.DOCKERHUB_ORGANISATION }}/misp-shibb-sp:${{ steps.shibb_version.outputs.version }} --build-arg SHIBB_VERSION="${{ steps.shibb_version.outputs.version }}" .
cd ..
- id: start_test_env
name: Deploy Test Instance
run: docker compose up -d
- continue-on-error: true
id: initial_setup
name: Wait for Initial Setup
run: timeout 30m /bin/bash -c 'while [[ $(docker container ls --format {{.Status}} | grep -P "(unhealthy)|(starting)" | wc -l) -gt 0 ]] ; do sleep 30; done'
- id: dump_logs
if: steps.initial_setup.outcome == 'failure'
name: Dump Container Log
run: |
docker compose logs
docker compose down
exit 1
- id: stop_test_env
name: Stop MISP
run: docker compose down
- id: push-modules
if: steps.build_modules.outcome == 'success'
name: Push misp-modules
run: |
docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:${{ steps.modules_version.outputs.tag }}
docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-modules:latest
- id: push-web
if: steps.build_web.outcome == 'success'
name: Push misp-web
run: |
docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:${{ steps.misp_version.outputs.release_tag }}
docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-web:latest
- id: push-workers
if: steps.build_workers.outcome == 'success'
name: Push misp-workers
run: |
docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:${{ steps.misp_version.outputs.release_tag }}
docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-workers:latest
- id: push-shibb
if: steps.build_shibb.outcome == 'success'
name: Push misp-shibb-sp
run: |
docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-shibb-sp:${{ steps.shibb_version.outputs.version }}
docker image push ${{ vars.DOCKERHUB_ORGANISATION }}/misp-shibb-sp:latest