Merge pull request #5 from matusso/sonarcloud-ghauri #86
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: rapid7/metasploit-framework | |
| on: | |
| push: | |
| branches: | |
| - main # Change to your default branch if not main | |
| - msf-6.4.39 | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| env: | |
| RELEASE_VERSION: "6.4.39" | |
| RUBY_VERSION: "3.2.5" | |
| jobs: | |
| build-and-push: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| steps: | |
| - name: Checkout Metasploit Framework Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: rapid7/metasploit-framework | |
| path: metasploit-framework # Optional: Clone into a specific directory | |
| ref: ${{ env.RELEASE_VERSION }} | |
| - uses: snyk/actions/setup@master | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ github.workspace }}/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Install libpcap | |
| run: sudo apt update && sudo apt install -y libpcap-dev | |
| # Set up Ruby environment | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: ${{ env.RUBY_VERSION }} | |
| bundler-cache: true | |
| # Install Ruby dependencies | |
| - name: Install Ruby dependencies | |
| run: | | |
| cd metasploit-framework | |
| bundle install --path vendor/bundle | |
| - name: Build and push Docker image | |
| run: | | |
| docker buildx build --push \ | |
| --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} \ | |
| --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest \ | |
| --platform linux/amd64,linux/arm64 ./metasploit-framework | |
| - name: Logout from Docker Hub | |
| run: docker logout | |
| - name: Check ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} image | |
| uses: snyk/actions/docker@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} | |
| args: --file=./metasploit-framework/Dockerfile | |
| json: true | |
| - uses: garethr/snyk-to-sarif@master | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: SARIF | |
| path: snyk.sarif | |
| - name: Upload SARIF Report to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: snyk.sarif | |
| # SonarCloud Scan for Metasploit Framework | |
| - name: SonarCloud Scan | |
| uses: sonarsource/sonarqube-scan-action@v4 | |
| continue-on-error: true | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=matusso | |
| -Dsonar.projectKey=docker-builds:metasploit-framework | |
| -Dsonar.verbose=true | |
| -Dsonar.projectName=metasploit-framework | |
| -Dsonar.languages=ruby | |
| -Dsonar.sources=metasploit-framework | |
| -Dsonar.exclusions=**/*.java,**/*.c,**/*.cpp,**/*.h,**/*.mm,**/*.m | |
| -Dsonar.c.file.suffixes=- | |
| -Dsonar.cpp.file.suffixes=- | |
| -Dsonar.objc.file.suffixes=- |