Skip to content
Release

Merge pull request #34 from MythicAgents/dev #9

Sign in to view logs

Merge pull request #34 from MythicAgents/dev

Merge pull request #34 from MythicAgents/dev #9

Workflow file for this run

.github/workflows/release.yml at e6eab0e
name: Release
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
# Registry for the container image
CONTAINER_IMAGE_REGISTRY: ghcr.io
# Name of the container image
CONTAINER_IMAGE_NAME: ${{ github.repository }}
# Description of the base container image
CONTAINER_IMAGE_DESCRIPTION: "Base container image for the Thanatos Mythic C2 agent"
# License for the base container image
CONTAINER_IMAGE_LICENSE: BSD-3-Clause
# Path to the agent code
AGENT_CODE_PATH: Payload_Type/thanatos/thanatos/agent_code
jobs:
# Get the new release version number
version:
name: Get and verify the new release version
if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'release')) || (github.event.action == 'labeled' && github.event.label.name == 'release') }}
runs-on: ubuntu-latest
outputs:
number: ${{ steps.release.outputs.version }}
permissions:
contents: read
packages: read
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Get the latest release version from the changelog
run: echo "RELEASE_VERSION=$(python .github/scripts/changelogtool.py latest)" >> $GITHUB_ENV
- name: Assert that a git tag does not exist for the latest entry
run: |
if [ $(git tag -l "$RELEASE_VERSION") ]; then
echo "Git tag for changelog entry $RELEASE_VERSION already exists"
false
else
true
fi
- name: Assert that a release does not already exist for the latest entry
env:
GH_TOKEN: ${{ github.token }}
run: |
export LATEST_RELEASE=$(gh api --silent \
-H "Accept: application/vnd.github+json" \
-H "X-Github-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/releases/tags/${RELEASE_VERSION} 2>&1)
if [[ "$LATEST_RELEASE" == *"Not Found"* ]]; then
true
else
echo "Release for changelog entry $RELEASE_VERSION already exists"
false
fi
- name: Store the new release version number
id: release
run: echo "version=${RELEASE_VERSION#v}" >> $GITHUB_OUTPUT
bump:
name: Bump repository version numbers
if: ${{ github.event_name == 'push' }}
needs: version
runs-on: ubuntu-latest
permissions:
contents: write
packages: read
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Lowercase the container image name
run: echo "CONTAINER_IMAGE_NAME=${CONTAINER_IMAGE_NAME,,}" >> ${GITHUB_ENV}
- name: Set config.json version number
uses: jossef/action-set-json-field@v2.1
with:
file: config.json
field: remote_images.thanatos
value: ${{ env.CONTAINER_IMAGE_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:v${{ needs.version.outputs.number }}
- name: Set agent_capabilities.json version number
uses: jossef/action-set-json-field@v2.1
with:
file: agent_capabilities.json
field: agent_version
value: ${{ needs.version.outputs.number }}
- name: Set base Dockerfile image reference tag to match the version number
working-directory: Payload_Type/thanatos
env:
VERSION: ${{ needs.version.outputs.number }}
run: sed -i "s|^FROM .*$|FROM ${CONTAINER_IMAGE_REGISTRY}/${CONTAINER_IMAGE_NAME}:v${VERSION}|" Dockerfile
- name: Set agent Cargo.toml version number
working-directory: ${{ env.AGENT_CODE_PATH }}
env:
VERSION: ${{ needs.version.outputs.number }}
run: sed -i "0,/^version = .*$/s//version = \"${VERSION}\"/" Cargo.toml
- name: Push the updated version number changes
uses: EndBug/add-and-commit@v9
with:
add: "['config.json', 'agent_capabilities.json', 'Payload_Type/thanatos/Dockerfile', '${{ format('{0}/Cargo.toml', env.AGENT_CODE_PATH) }}']"
default_author: github_actions
committer_email: github-actions[bot]@users.noreply.github.com
message: "chore(release): bump version numbers to match release 'v${{ needs.version.outputs.number }}'"
pathspec_error_handling: exitImmediately
image:
name: Build and push the base container image
if: ${{ github.event_name == 'push' }}
needs:
- version
- bump
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Set the container image fully qualified url
run: echo "CONTAINER_IMAGE_URL=${CONTAINER_IMAGE_URL,,}" >> ${GITHUB_ENV}
env:
CONTAINER_IMAGE_URL: ${{ env.CONTAINER_IMAGE_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:v${{ needs.version.outputs.number }}
- name: Log in to the container registry
uses: docker/login-action@v3
with:
registry: ${{ env.CONTAINER_IMAGE_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push the container image
uses: docker/build-push-action@v5
with:
context: Payload_Type/thanatos
file: Payload_Type/thanatos/.docker/Dockerfile
tags: ${{ env.CONTAINER_IMAGE_URL }}
push: true
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.description=${{ env.CONTAINER_IMAGE_DESCRIPTION }}
org.opencontainers.image.licenses=${{ env.CONTAINER_IMAGE_LICENSE }}
release:
name: Create a new release
if: ${{ github.event_name == 'push' }}
needs:
- version
- image
runs-on: ubuntu-latest
permissions:
contents: write
packages: read
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Create a new tag for the release
uses: EndBug/add-and-commit@v9
with:
message: "chore(release): Thanatos v${{ needs.version.outputs.number }}"
push: true
tag: "v${{ needs.version.outputs.number }}"
pathspec_error_handling: exitImmediately
- name: Create a new release
env:
VERSION: ${{ needs.version.outputs.number }}
GH_TOKEN: ${{ github.token }}
run: |
RELEASE_BODY=$(python .github/scripts/changelogtool.py extract $VERSION)
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-Github-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/releases \
-f tag_name="v${VERSION}" \
-f target_commitish="$GITHUB_REF_NAME" \
-f name="Thanatos v${VERSION}" \
-f body="$RELEASE_BODY" \
-F draft=false \
-F prerelease=false \
-F generate_release_notes=false