Merge pull request #7 from cisagov/improvement/docker_updates

Docker and README updates
cisagov · Jun 19, 2020 · 37b9f22 · 37b9f22
2 parents 9afe1c5 + ce5f17c
commit 37b9f22
Show file tree

Hide file tree

Showing 9 changed files with 209 additions and 73 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,8 +1 @@
-*.csv
-*.json
-*.txt
 .*
-.git*
-.idea
-__pycache__
-pca_assessment/tests/data
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -8,6 +8,7 @@ on:
     types: [apb]
 
 env:
+  IMAGE_NAME: cisagov/gophish-tools
   PIP_CACHE_DIR: ~/.cache/pip
   PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
 
@@ -107,8 +108,25 @@ jobs:
         run: |
           python -m pip install --upgrade pip wheel
           pip install --upgrade --requirement requirements.txt
-      - name: Build artifacts
+      - name: Build python artifacts
         run: python3 setup.py sdist bdist_wheel
+      - name: Determine project version
+        id: get_ver
+        run: |
+          echo "##[set-output name=version;]$(./bump_version.sh project show)"
+      - name: Build docker image
+        run: |
+          version=$(./bump_version.sh project show)
+          docker build \
+            --tag "$IMAGE_NAME" \
+            --build-arg GIT_COMMIT=$(git log -1 --format=%H) \
+            --build-arg GIT_REMOTE=$(git remote get-url origin) \
+            --build-arg VERSION=${{ steps.get_ver.outputs.version }} \
+            .
+      - name: Save docker image artifact
+        run: |
+          version=$(./bump_version.sh project show)
+          docker save $IMAGE_NAME:latest | gzip > dist/image.tar.gz
       - name: Upload artifacts
         uses: actions/upload-artifact@v1
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,57 @@
+---
+name: release
+
+on:
+  release:
+    types: [prereleased, released]
+
+env:
+  IMAGE_NAME: cisagov/gophish-tools
+  DOCKER_PW: ${{ secrets.DOCKER_PW }}
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v1
+        with:
+          python-version: 3.8
+      - name: Determine image version
+        id: get_ver
+        run: |
+          echo "##[set-output name=version;]$(./bump_version.sh project show)"
+      - name: Build Docker image
+        run: |
+          docker build \
+            --tag "$IMAGE_NAME" \
+            --build-arg GIT_COMMIT=$(git log -1 --format=%H) \
+            --build-arg GIT_REMOTE=$(git remote get-url origin) \
+            --build-arg VERSION=${{ steps.get_ver.outputs.version }} \
+            .
+      - name: Tag Docker image
+        run: |
+          IFS='.' read -r -a version_array \
+            <<< "${{ steps.get_ver.outputs.version }}"
+          docker login --username "$DOCKER_USER" --password "$DOCKER_PW"
+          docker tag "$IMAGE_NAME" "${IMAGE_NAME}:latest"
+          docker tag "$IMAGE_NAME" \
+            "${IMAGE_NAME}:${{ steps.get_ver.outputs.version }}"
+          docker tag "$IMAGE_NAME" \
+            "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}"
+          docker tag "$IMAGE_NAME" "${IMAGE_NAME}:${version_array[0]}"
+      - name: Publish image to Docker Hub
+        run: |
+          IFS='.' read -r -a version_array \
+            <<< "${{ steps.get_ver.outputs.version }}"
+          docker push "${IMAGE_NAME}:latest"
+          docker push "${IMAGE_NAME}:${{ steps.get_ver.outputs.version }}"
+          docker push "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}"
+          docker push "${IMAGE_NAME}:${version_array[0]}"
+      - name: Publish README.md to Docker Hub
+        uses: peter-evans/dockerhub-description@v2
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }}
+          DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PW }}
+          DOCKERHUB_REPOSITORY: ${{ env.IMAGE_NAME }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,25 +1,39 @@
-FROM python:3
-MAINTAINER Bryce Beuerlein <[email protected]>
-ENV PCA_HOME="/home/pca" \
-    PCA_CON_SRC="/usr/src/pca-assessment"
+ARG GIT_COMMIT=unspecified
+ARG GIT_REMOTE=unspecified
+ARG VERSION=unspecified
 
-RUN groupadd --system pca && useradd --system --gid pca pca
+FROM python:3.7-alpine
 
-RUN apt-get update && \
-apt-get install --no-install-recommends -y \
-at &&\
-apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+ARG GIT_COMMIT
+ARG GIT_REMOTE
+ARG VERSION
 
-RUN mkdir ${PCA_HOME} && chown pca:pca ${PCA_HOME}
-VOLUME ${PCA_HOME}
+LABEL git_commit=$GIT_COMMIT
+LABEL git_remote=$GIT_REMOTE
+LABEL maintainer="[email protected]"
+LABEL vendor="Cyber and Infrastructure Security Agency"
+LABEL version=$VERSION
 
-WORKDIR ${PCA_CON_SRC}
+ARG CISA_UID=421
+ENV CISA_HOME="/home/cisa"
+ENV GOPHISH_TOOLS_SRC="/usr/src/gophish-tools"
+
+RUN addgroup --system --gid $CISA_UID cisa \
+  && adduser --system --uid $CISA_UID --ingroup cisa cisa
+
+RUN apk --update --no-cache add \
+  bash \
+  py-pip
+
+VOLUME $CISA_HOME
+
+WORKDIR $GOPHISH_TOOLS_SRC
+COPY . $GOPHISH_TOOLS_SRC
 
-COPY . ${PCA_CON_SRC}
 RUN pip install --no-cache-dir .
-RUN chmod +x ${PCA_CON_SRC}/var/getenv
-RUN ln -snf ${PCA_CON_SRC}/var/getenv /usr/local/bin
+RUN chmod +x ${GOPHISH_TOOLS_SRC}/var/getenv
+RUN ln -snf ${GOPHISH_TOOLS_SRC}/var/getenv /usr/local/bin
 
-USER pca
-WORKDIR ${PCA_HOME}
+USER cisa
+WORKDIR $CISA_HOME
 CMD ["getenv"]
diff --git a/README.md b/README.md
@@ -6,47 +6,89 @@
 [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/cisagov/gophish-tools.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/cisagov/gophish-tools/context:python)
 [![Known Vulnerabilities](https://snyk.io/test/github/cisagov/gophish-tools/develop/badge.svg)](https://snyk.io/test/github/cisagov/gophish-tools)
 
-This repository contains a set of tools that can be used by phishing
+## Docker Image ##
+
+![MicroBadger Layers](https://img.shields.io/microbadger/layers/cisagov/gophish-tools)
+![Docker Image Size](https://img.shields.io/docker/image-size/cisagov/gophish-tools)
+
+This repository contains a set of scripts that can be used by phishing
 campaign assessors to simplify the process of managing GoPhish campaigns.
 
+## Scripts ##
+
+* `gophish-cleaner` - Removes an assessment or elements of an assessment
+  in GoPhish.
+* `gophish-complete` - Completes a campaign in GoPhish and/or outputs a
+  GoPhish campaign summary.
+* `gophish-export` - Exports all the data from an assessment within GoPhish
+  into a single JSON file.
+* `gophish-import` - Imports an assessment JSON file into GoPhish.
+* `gophish-test` - Sends a duplicate assessment from GoPhish to custom
+  targets as a test.
+* `pca-wizard` - Creates an assessment JSON file via an interactive "wizard".
+* `pca-wizard-templates` - Generates templates for files needed when creating
+  an assessment JSON with `pca-wizard`.
+
 ## Usage ##
 
-### PCA Assessment Docker ###
+The scripts in this project can be executed either in a local Python
+environment or in a Docker container.
 
-A python Docker utility for team leads to produce a JSON file containing all
-configurations to run a CISA Phishing Campaign Assessment (PCA).
+### Install and run via local Python ###
 
-The PCA Assessment commands implemented in the docker container can be
-aliased into the host environment by using the procedure below.
+We strongly encourage the use of virtual Python environments.  Please see
+[this section](CONTRIBUTING.md#installing-and-using-pyenv-and-pyenv-virtualenv)
+in our ["Contributing" document](CONTRIBUTING.md) for information on how
+to set up and use a virtual Python environment.
 
-Alias the container commands to the local environment:
+To install the scripts in your local Python environment:
 
 ```console
-eval "$(docker run pca-assessment)"
+git clone https://github.com/cisagov/gophish-tools.git
+cd gophish-tools
+pip install --requirement requirements.txt
 ```
 
-To run a GoPhish Control command:
+After the scripts have been installed, they can be run like any other script:
 
 ```console
-pca-assessment-builder -h
+gophish-import
 ```
 
-### Building the pca-assessment container ###
+### Pull or build Docker image ###
 
-To build the Docker container for pca-assessment:
+Pull `cisagov/gophish-tools` from the Docker repository:
 
 ```console
-docker build -t pca-assessment .
+docker pull cisagov/gophish-tools
 ```
 
-## Contributing ##
+Or build `cisagov/gophish-tools` from source:
 
-We welcome contributions!  Please see [here](CONTRIBUTING.md) for
-details.
+```console
+git clone https://github.com/cisagov/gophish-tools.git
+cd gophish-tools
+docker build --tag cisagov/gophish-tools .
+```
+
+### Run scripts via Docker ###
+
+The easiest way to use the containerized scripts is to alias them in your
+local shell:
+
+```console
+eval "$(docker run cisagov/gophish-tools)"
+```
+
+That will add aliases to your **current shell** for all of the
+[scripts](#scripts) mentioned above, plus an additional one for
+`gophish-tools-bash`, which can be used to start up a `bash` shell inside
+a `gophish-tools` container.
 
 ## Assessment JSON Field Dictionary ##
 
-The following items are included in the assessment JSON as produced by the `pca-wizard`.
+The following items are included in the assessment JSON as produced by
+`pca-wizard`.
 An example assessment JSON can be found [here](src/assessment/sample_assessment.json).
 
 | Name | Description | Type | Default | Required |
@@ -126,6 +168,11 @@ with the command `pca-wizard-templates  --emails`.
 | interface_type | Type of interface GoPhish will use with mail server. | string | "SMTP" | no |
 | ignore_cert | Indicate if GoPhish should ignore certs with mail server. | boolean | `True` | no |
 
+## Contributing ##
+
+We welcome contributions!  Please see [here](CONTRIBUTING.md) for
+details.
+
 ## License ##
 
 This project is in the worldwide [public domain](LICENSE).

diff --git a/bump_version.sh b/bump_version.sh
@@ -29,26 +29,26 @@ else
     case $2 in
         major|minor|patch|prerelease|build)
             new_version=$(python -c "import semver; print(semver.bump_$2('$old_version'))")
-            echo Changing version from "$old_version" to "$new_version"
+            echo Changing "$1" version from "$old_version" to "$new_version"
             # A temp file is used to provide compatability with macOS development
             # as a result of macOS using the BSD version of sed
             tmp_file=/tmp/version.$$
             sed "s/$old_version/$new_version/" "$VERSION_FILE" > $tmp_file
             mv "$tmp_file" "$VERSION_FILE"
             git add "$VERSION_FILE"
-            git commit -m"Bump version from $old_version to $new_version"
+            git commit -m"Bump $1 version from $old_version to $new_version"
             git push
             ;;
         finalize)
             new_version=$(python -c "import semver; print(semver.finalize_version('$old_version'))")
-            echo Changing version from "$old_version" to "$new_version"
+            echo Changing "$1" version from "$old_version" to "$new_version"
             # A temp file is used to provide compatability with macOS development
             # as a result of macOS using the BSD version of sed
             tmp_file=/tmp/version.$$
             sed "s/$old_version/$new_version/" "$VERSION_FILE" > $tmp_file
             mv "$tmp_file" "$VERSION_FILE"
             git add "$VERSION_FILE"
-            git commit -m"Bump version from $old_version to $new_version"
+            git commit -m"Bump $1 version from $old_version to $new_version"
             git push
             ;;
         show)

diff --git a/src/_version.py b/src/_version.py
@@ -1,2 +1,2 @@
 """This file defines the version of this project."""
-__version__ = "0.0.2"
+__version__ = "0.0.3"
diff --git a/tests/test_assessment_json.py b/tests/test_assessment_json.py
@@ -1,8 +1,12 @@
 #!/usr/bin/env pytest -vs
 """Tests for assessment JSON."""
 
-# cisagov Libraries
-import assessment.builder as assessment_builder
+# # Standard Python Libraries
+# import sys
+# from unittest.mock import patch
+#
+# # cisagov Libraries
+# import assessment.builder as assessment_builder
 
 # TODO Make test_emails csv
 
@@ -99,16 +103,18 @@ def mock_id_arg(self, s):
         """Return a mock assessment ID value."""
         return "RVXXX1"
 
-    def test_assessment(self):
-        """Construct a test assessment from mock data."""
-        assessment_builder.get_input = self.mock_get_input
-        assessment_builder.input = self.mock_input
-        assessment_builder.yes_no_prompt = self.mock_yes_no
-        assessment_builder.get_number = self.mock_get_number
-        assessment_builder.get_time_input = self.mock_get_time_input
-        assessment_builder.prompt = self.mock_prompt
-        assessment_builder.radiolist_dialog = self.mock_radio
-        assessment_builder.args["ASSESSMENT_ID"] = "RVXXX1"  # self.mock_id_arg
-
-        assessment_builder.main()
-        assert True
+    # TODO: Replace with a useful, functioning test
+
+    # def test_assessment(self, monkeypatch):
+    #     """Construct a test assessment from mock data."""
+    #     with patch.object(sys, "argv", ["pca-wizard", "RVXXX1"]):
+    #         assessment_builder.get_input = self.mock_get_input
+    #         assessment_builder.input = self.mock_input
+    #         assessment_builder.yes_no_prompt = self.mock_yes_no
+    #         assessment_builder.get_number = self.mock_get_number
+    #         assessment_builder.get_time_input = self.mock_get_time_input
+    #         assessment_builder.prompt = self.mock_prompt
+    #         assessment_builder.radiolist_dialog = self.mock_radio
+    #         # assessment_builder.args["ASSESSMENT_ID"] = "RVXXX1"  # self.mock_id_arg
+    #         assessment_builder.main()
+    #     assert True