-
Notifications
You must be signed in to change notification settings - Fork 46
207 lines (175 loc) · 6.95 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
name: Release
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
# Registry for the container image
CONTAINER_IMAGE_REGISTRY: ghcr.io
# Name of the container image
CONTAINER_IMAGE_NAME: ${{ github.repository }}
# Description of the base container image
CONTAINER_IMAGE_DESCRIPTION: "Base container image for the Thanatos Mythic C2 agent"
# License for the base container image
CONTAINER_IMAGE_LICENSE: BSD-3-Clause
# Path to the agent code
AGENT_CODE_PATH: Payload_Type/thanatos/thanatos/agent_code
jobs:
# Get the new release version number
version:
name: Get and verify the new release version
if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'release')) || (github.event.action == 'labeled' && github.event.label.name == 'release') }}
runs-on: ubuntu-latest
outputs:
number: ${{ steps.release.outputs.version }}
permissions:
contents: read
packages: read
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Get the latest release version from the changelog
run: echo "RELEASE_VERSION=$(python .github/scripts/changelogtool.py latest)" >> $GITHUB_ENV
- name: Assert that a git tag does not exist for the latest entry
run: |
if [ $(git tag -l "$RELEASE_VERSION") ]; then
echo "Git tag for changelog entry $RELEASE_VERSION already exists"
false
else
true
fi
- name: Assert that a release does not already exist for the latest entry
env:
GH_TOKEN: ${{ github.token }}
run: |
export LATEST_RELEASE=$(gh api --silent \
-H "Accept: application/vnd.github+json" \
-H "X-Github-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/releases/tags/${RELEASE_VERSION} 2>&1)
if [[ "$LATEST_RELEASE" == *"Not Found"* ]]; then
true
else
echo "Release for changelog entry $RELEASE_VERSION already exists"
false
fi
- name: Store the new release version number
id: release
run: echo "version=${RELEASE_VERSION#v}" >> $GITHUB_OUTPUT
bump:
name: Bump repository version numbers
if: ${{ github.event_name == 'push' }}
needs: version
runs-on: ubuntu-latest
permissions:
contents: write
packages: read
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Lowercase the container image name
run: echo "CONTAINER_IMAGE_NAME=${CONTAINER_IMAGE_NAME,,}" >> ${GITHUB_ENV}
- name: Set config.json version number
uses: jossef/action-set-json-field@v2.1
with:
file: config.json
field: remote_images.thanatos
value: ${{ env.CONTAINER_IMAGE_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:v${{ needs.version.outputs.number }}
- name: Set agent_capabilities.json version number
uses: jossef/action-set-json-field@v2.1
with:
file: agent_capabilities.json
field: agent_version
value: ${{ needs.version.outputs.number }}
- name: Set base Dockerfile image reference tag to match the version number
working-directory: Payload_Type/thanatos
env:
VERSION: ${{ needs.version.outputs.number }}
run: sed -i "s|^FROM .*$|FROM ${CONTAINER_IMAGE_REGISTRY}/${CONTAINER_IMAGE_NAME}:v${VERSION}|" Dockerfile
- name: Set agent Cargo.toml version number
working-directory: ${{ env.AGENT_CODE_PATH }}
env:
VERSION: ${{ needs.version.outputs.number }}
run: sed -i "0,/^version = .*$/s//version = \"${VERSION}\"/" Cargo.toml
- name: Push the updated version number changes
uses: EndBug/add-and-commit@v9
with:
add: "['config.json', 'agent_capabilities.json', 'Payload_Type/thanatos/Dockerfile', '${{ format('{0}/Cargo.toml', env.AGENT_CODE_PATH) }}']"
default_author: github_actions
committer_email: github-actions[bot]@users.noreply.github.com
message: "chore(release): bump version numbers to match release 'v${{ needs.version.outputs.number }}'"
pathspec_error_handling: exitImmediately
image:
name: Build and push the base container image
if: ${{ github.event_name == 'push' }}
needs:
- version
- bump
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Set the container image fully qualified url
run: echo "CONTAINER_IMAGE_URL=${CONTAINER_IMAGE_URL,,}" >> ${GITHUB_ENV}
env:
CONTAINER_IMAGE_URL: ${{ env.CONTAINER_IMAGE_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:v${{ needs.version.outputs.number }}
- name: Log in to the container registry
uses: docker/login-action@v3
with:
registry: ${{ env.CONTAINER_IMAGE_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push the container image
uses: docker/build-push-action@v5
with:
context: Payload_Type/thanatos
file: Payload_Type/thanatos/.docker/Dockerfile
tags: ${{ env.CONTAINER_IMAGE_URL }}
push: true
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.description=${{ env.CONTAINER_IMAGE_DESCRIPTION }}
org.opencontainers.image.licenses=${{ env.CONTAINER_IMAGE_LICENSE }}
release:
name: Create a new release
if: ${{ github.event_name == 'push' }}
needs:
- version
- image
runs-on: ubuntu-latest
permissions:
contents: write
packages: read
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Create a new tag for the release
uses: EndBug/add-and-commit@v9
with:
message: "chore(release): Thanatos v${{ needs.version.outputs.number }}"
push: true
tag: "v${{ needs.version.outputs.number }}"
pathspec_error_handling: exitImmediately
- name: Create a new release
env:
VERSION: ${{ needs.version.outputs.number }}
GH_TOKEN: ${{ github.token }}
run: |
RELEASE_BODY=$(python .github/scripts/changelogtool.py extract $VERSION)
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-Github-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/releases \
-f tag_name="v${VERSION}" \
-f target_commitish="$GITHUB_REF_NAME" \
-f name="Thanatos v${VERSION}" \
-f body="$RELEASE_BODY" \
-F draft=false \
-F prerelease=false \
-F generate_release_notes=false