adding builds (#53)

muchdogesec · Dec 6, 2024 · 50d0c63 · 50d0c63
1 parent 66d2527
commit 50d0c63
Show file tree

Hide file tree

Showing 4 changed files with 143 additions and 59 deletions.
diff --git a/.github/workflows/deploy-image.yml b/.github/workflows/deploy-image.yml
diff --git a/.github/workflows/deploy-production-image.yaml b/.github/workflows/deploy-production-image.yaml
@@ -0,0 +1,53 @@
+name: Create and publish the Docker image for CTI Butler Web Production
+
+on:
+  push:
+    branches: ['main']
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}_web_production
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    environment: ctibutler_web_production
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile.deploy
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            DJANGO_DEBUG=True
+            DJANGO_SECRET=${{ secrets.DJANGO_SECRET }}
+            POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
+            ARANGODB_PASSWORD=${ secrets.ARANGODB_PASSWORD }}
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/.github/workflows/deploy-staging-image.yaml b/.github/workflows/deploy-staging-image.yaml
@@ -0,0 +1,53 @@
+name: Create and publish the Docker image for CTI Butler Web Staging
+
+on:
+  push:
+    branches: ['main']
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}_web_staging
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    environment: ctibutler_web_staging
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile.deploy
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            DJANGO_DEBUG=True
+            DJANGO_SECRET=${{ secrets.DJANGO_SECRET }}
+            POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
+            ARANGODB_PASSWORD=${ secrets.ARANGODB_PASSWORD }}
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/Dockerfile.deploy b/Dockerfile.deploy
@@ -0,0 +1,37 @@
+FROM python:3.11
+ENV PYTHONUNBUFFERED=1
+
+ARG DJANGO_SECRET
+ARG DJANGO_DEBUG
+ARG POSTGRES_PASSWORD
+ARG ARANGODB_PASSWORD
+
+ENV DJANGO_SECRET=${DJANGO_SECRET}
+ENV DJANGO_DEBUG=${DJANGO_DEBUG}
+ENV POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+ENV ARANGODB_PASSWORD=${ARANGODB_PASSWORD}
+
+ENV POSTGRES_HOST=host.docker.internal
+ENV POSTGRES_PORT=5432
+ENV POSTGRES_DB=ctibutler_database
+ENV POSTGRES_USER=ctibutler
+ENV ARANGODB_HOST_URL=http://host.docker.internal:8529
+ENV ARANGODB_USERNAME=ctibutler
+ENV MAX_PAGE_SIZE=50
+ENV DEFAULT_PAGE_SIZE=50
+ENV ATLAS_BUCKET_ROOT_PATH=https://downloads.ctibutler.com/mitre-atlas-repo-data/
+ENV CTI_BUTLER_ROOT=https://downloads.ctibutler.com/
+ENV LOCATION_BUCKET_ROOT_PATH=https://downloads.ctibutler.com/location2stix-manual-output/
+ENV TLP_BUCKET_ROOT_PATH=https://downloads.ctibutler.com/tlp/
+ENV CWE_BUCKET_ROOT_PATH=https://downloads.ctibutler.com/cwe2stix-manual-output/
+ENV CAPEC_BUCKET_ROOT_PATH=https://downloads.ctibutler.com/mitre-capec-repo-data/
+ENV ATTACK_ENTERPRISE_BUCKET_ROOT_PATH=https://downloads.ctibutler.com/mitre-attack-enterprise-repo-data/
+ENV ATTACK_MOBILE_BUCKET_ROOT_PATH=https://downloads.ctibutler.com/mitre-attack-mobile-repo-data/
+ENV ATTACK_ICS_BUCKET_ROOT_PATH=https://downloads.ctibutler.com/mitre-attack-ics-repo-data/
+ENV DISARM_BUCKET_ROOT_PATH=https://downloads.ctibutler.com/disarm2stix-manual-output/
+
+WORKDIR /usr/src/app
+COPY requirements.txt ./
+RUN pip install -r requirements.txt
+
+COPY . /usr/src/app