Merge pull request #11 from matusso/binwalk-fix #128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: rapid7/metasploit-framework | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - msf-6.4.47 | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| env: | |
| RELEASE_VERSION: "6.4.47" | |
| jobs: | |
| build-and-push-amd64: | |
| runs-on: ubuntu-latest # Native amd64 GitHub runner | |
| steps: | |
| - name: Checkout Metasploit Framework Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: rapid7/metasploit-framework | |
| path: metasploit-framework | |
| ref: ${{ env.RELEASE_VERSION }} | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push amd64 Docker image | |
| run: | | |
| docker build --platform linux/amd64 \ | |
| --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }}-amd64 \ | |
| --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest-amd64 \ | |
| metasploit-framework | |
| docker push ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }}-amd64 | |
| docker push ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest-amd64 | |
| - name: Logout from Docker Hub | |
| run: docker logout | |
| build-and-push-arm64: | |
| runs-on: ubuntu-24.04-arm | |
| steps: | |
| - name: Checkout Metasploit Framework Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: rapid7/metasploit-framework | |
| path: metasploit-framework | |
| ref: ${{ env.RELEASE_VERSION }} | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push arm64 Docker image | |
| run: | | |
| docker build --platform linux/arm64 \ | |
| --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }}-arm64 \ | |
| --tag ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest-arm64 \ | |
| metasploit-framework | |
| docker push ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }}-arm64 | |
| docker push ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest-arm64 | |
| - name: Logout from Docker Hub | |
| run: docker logout | |
| create-multiarch-manifest: | |
| needs: [build-and-push-amd64, build-and-push-arm64] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create and push multi-platform manifest | |
| run: | | |
| docker manifest create ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} \ | |
| --amend ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }}-amd64 \ | |
| --amend ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }}-arm64 | |
| docker manifest create ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest \ | |
| --amend ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest-amd64 \ | |
| --amend ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest-arm64 | |
| docker manifest push ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} | |
| docker manifest push ghcr.io/${{ github.repository_owner }}/metasploit-framework:latest | |
| - name: Logout from Docker Hub | |
| run: docker logout | |
| security-scan: | |
| needs: create-multiarch-manifest | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Metasploit Framework Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: rapid7/metasploit-framework | |
| path: metasploit-framework | |
| ref: ${{ env.RELEASE_VERSION }} | |
| - name: Check ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} image | |
| uses: snyk/actions/docker@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: ghcr.io/${{ github.repository_owner }}/metasploit-framework:${{ env.RELEASE_VERSION }} | |
| args: --file=./metasploit-framework/Dockerfile | |
| json: true | |
| - uses: garethr/snyk-to-sarif@master | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: SARIF | |
| path: snyk.sarif | |
| - name: Upload SARIF Report to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: snyk.sarif | |
| sonarcloud-scan: | |
| needs: create-multiarch-manifest | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: SonarCloud Scan | |
| uses: sonarsource/sonarqube-scan-action@v4 | |
| continue-on-error: true | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=matusso | |
| -Dsonar.projectKey=docker-builds:metasploit-framework | |
| -Dsonar.verbose=true | |
| -Dsonar.projectName=metasploit-framework | |
| -Dsonar.languages=ruby | |
| -Dsonar.sources=metasploit-framework | |
| -Dsonar.exclusions=**/*.java,**/*.c,**/*.cpp,**/*.h,**/*.mm,**/*.m | |
| -Dsonar.c.file.suffixes=- | |
| -Dsonar.cpp.file.suffixes=- | |
| -Dsonar.objc.file.suffixes=- |