2020-11-16 23:12:00 +01:00
|
|
|
# This is a basic workflow to help you get started with Actions
|
|
|
|
|
|
|
|
|
|
name: misp
|
|
|
|
|
|
|
|
|
|
# Controls when the action will run. Triggers the workflow on push or pull request
|
2020-12-01 08:52:15 +01:00
|
|
|
# events but only for the 2.4 and develop branches
|
2020-11-16 23:12:00 +01:00
|
|
|
on:
|
|
|
|
|
push:
|
2024-01-14 10:20:15 +01:00
|
|
|
branches: [ '2.4', develop, misp-stix, taxii ]
|
2020-11-16 23:12:00 +01:00
|
|
|
pull_request:
|
2024-01-14 10:20:15 +01:00
|
|
|
branches: [ '2.4', develop, misp-stix ]
|
2020-11-16 23:12:00 +01:00
|
|
|
|
|
|
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
|
|
|
|
jobs:
|
|
|
|
|
# This workflow contains a single job called "build"
|
|
|
|
|
build:
|
|
|
|
|
# The type of runner that the job will run on
|
2020-11-17 10:31:27 +01:00
|
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
|
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
2023-03-11 14:25:14 +01:00
|
|
|
os: [ubuntu-22.04]
|
2023-11-29 20:25:03 +01:00
|
|
|
php: ['7.4']
|
2020-11-16 23:12:00 +01:00
|
|
|
|
|
|
|
|
# Steps represent a sequence of tasks that will be executed as part of the job
|
|
|
|
|
steps:
|
|
|
|
|
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
2023-09-22 14:26:32 +02:00
|
|
|
- uses: actions/checkout@v4
|
2021-03-28 23:59:21 +02:00
|
|
|
with:
|
|
|
|
|
submodules: 'recursive'
|
2020-11-16 23:12:00 +01:00
|
|
|
|
|
|
|
|
# Run mariadb
|
|
|
|
|
- uses: getong/mariadb-action@v1.1
|
|
|
|
|
with:
|
|
|
|
|
host port: 3306
|
|
|
|
|
container port: 3306
|
|
|
|
|
mysql root password: 'bar'
|
|
|
|
|
mysql database: 'misp'
|
|
|
|
|
mysql user: 'misp'
|
|
|
|
|
mysql password: 'blah'
|
|
|
|
|
|
|
|
|
|
- uses: zhulik/redis-action@1.1.0
|
|
|
|
|
with:
|
|
|
|
|
redis version: '5'
|
|
|
|
|
number of databases: 100
|
|
|
|
|
|
|
|
|
|
# prepare php stuff
|
|
|
|
|
- name: Setup PHP
|
|
|
|
|
uses: shivammathur/setup-php@v2
|
|
|
|
|
with:
|
2020-11-17 10:31:27 +01:00
|
|
|
php-version: ${{ matrix.php }}
|
2021-11-18 17:26:25 +01:00
|
|
|
extensions: mysql, mbstring, json, xml, opcache, readline, redis, gd, apcu
|
2020-11-16 23:12:00 +01:00
|
|
|
|
2020-11-23 13:25:57 +01:00
|
|
|
- name: Initialize variables
|
|
|
|
|
run: |
|
|
|
|
|
echo "USER=`id -u -n`" >> $GITHUB_ENV
|
2021-04-20 16:18:38 +02:00
|
|
|
echo "HOST=localhost" >> $GITHUB_ENV
|
2020-11-23 13:25:57 +01:00
|
|
|
|
2022-03-27 17:02:36 +02:00
|
|
|
- name: Install system deps
|
2020-11-17 10:31:27 +01:00
|
|
|
env:
|
|
|
|
|
php_version: ${{ matrix.php }}
|
2020-11-16 23:12:00 +01:00
|
|
|
run: |
|
2022-03-27 17:02:36 +02:00
|
|
|
sudo apt-get -y update
|
2022-03-27 18:53:50 +02:00
|
|
|
sudo apt-get -y install curl python3 python3-pip python3-virtualenv apache2 libapache2-mod-php$php_version
|
2022-03-27 17:02:36 +02:00
|
|
|
|
|
|
|
|
# Runs a set of commands using the runners shell
|
|
|
|
|
- name: Install deps
|
|
|
|
|
run: |
|
2024-01-27 11:35:00 +01:00
|
|
|
sudo chown $USER:www-data $HOME/.composer
|
|
|
|
|
pushd app
|
2024-01-27 16:17:11 +01:00
|
|
|
composer config --no-plugins allow-plugins.composer/installers true
|
|
|
|
|
composer install --no-progress
|
2024-01-27 11:35:00 +01:00
|
|
|
popd
|
|
|
|
|
cp -fa INSTALL/setup/config.php app/Plugin/CakeResque/Config/config.php
|
2024-02-02 12:27:39 +01:00
|
|
|
|
2024-01-27 11:35:00 +01:00
|
|
|
# Set perms
|
|
|
|
|
sudo chown -R $USER:www-data `pwd`
|
|
|
|
|
sudo chmod -R 775 `pwd`
|
|
|
|
|
sudo chmod -R g+ws `pwd`/app/tmp
|
|
|
|
|
sudo chmod -R g+ws `pwd`/app/tmp/cache
|
|
|
|
|
sudo chmod -R g+ws `pwd`/app/tmp/cache/persistent
|
|
|
|
|
sudo chmod -R g+ws `pwd`/app/tmp/cache/models
|
|
|
|
|
sudo chmod -R g+ws `pwd`/app/tmp/logs
|
|
|
|
|
sudo chmod -R g+ws `pwd`/app/files
|
|
|
|
|
sudo chmod -R g+ws `pwd`/app/files/scripts/tmp
|
|
|
|
|
sudo chown -R $USER:www-data `pwd`
|
2024-02-02 12:27:39 +01:00
|
|
|
|
2024-01-27 11:35:00 +01:00
|
|
|
# Resque perms
|
|
|
|
|
sudo chown -R $USER:www-data `pwd`/app/Plugin/CakeResque/tmp
|
|
|
|
|
sudo chmod -R 755 `pwd`/app/Plugin/CakeResque/tmp
|
2024-02-02 12:27:39 +01:00
|
|
|
|
2024-01-27 16:17:11 +01:00
|
|
|
# Fill database with basic MISP schema
|
2024-01-27 11:35:00 +01:00
|
|
|
mysql -h 127.0.0.1 --port 3306 -u root -pbar -e "SET GLOBAL sql_mode = 'STRICT_ALL_TABLES';"
|
|
|
|
|
mysql -h 127.0.0.1 --port 3306 -u root -pbar -e "grant usage on *.* to misp@'%' identified by 'blah';"
|
|
|
|
|
mysql -h 127.0.0.1 --port 3306 -u root -pbar -e "grant all privileges on misp.* to misp@'%';"
|
|
|
|
|
mysql -h 127.0.0.1 --port 3306 -u misp -pblah misp < INSTALL/MYSQL.sql
|
2024-02-02 12:27:39 +01:00
|
|
|
|
2024-01-27 11:35:00 +01:00
|
|
|
# configure apache virtual hosts
|
|
|
|
|
sudo mkdir -p /etc/apache2/sites-available
|
|
|
|
|
sudo cp -f build/github-action-ci-apache /etc/apache2/sites-available/misp.conf
|
|
|
|
|
sudo sed -e "s?%GITHUB_WORKSPACE%?$(pwd)?g" --in-place /etc/apache2/sites-available/misp.conf
|
|
|
|
|
sudo sed -e "s?%HOST%?${HOST}?g" --in-place /etc/apache2/sites-available/misp.conf
|
|
|
|
|
sudo a2dissite 000-default
|
|
|
|
|
sudo a2ensite misp.conf
|
|
|
|
|
cat /etc/apache2/sites-enabled/misp.conf
|
|
|
|
|
sudo a2enmod rewrite
|
2024-01-27 16:17:11 +01:00
|
|
|
sudo systemctl start --no-block apache2
|
2024-02-02 12:27:39 +01:00
|
|
|
|
2024-01-27 11:35:00 +01:00
|
|
|
# MISP configuration
|
|
|
|
|
sudo cp app/Config/bootstrap.default.php app/Config/bootstrap.php
|
2024-01-27 11:51:34 +01:00
|
|
|
sudo cp build/database.php app/Config/database.php
|
2024-01-27 11:35:00 +01:00
|
|
|
sudo cp app/Config/core.default.php app/Config/core.php
|
|
|
|
|
sudo cp app/Config/config.default.php app/Config/config.php
|
2024-01-27 11:51:34 +01:00
|
|
|
sudo cp build/email.php app/Config/email.php
|
2024-02-02 12:27:39 +01:00
|
|
|
|
2024-01-27 11:35:00 +01:00
|
|
|
# GPG setup
|
|
|
|
|
sudo mkdir `pwd`/.gnupg
|
|
|
|
|
# /!\ VERY INSECURE BUT FASTER ON THE BUILD ENV OF TRAVIS
|
|
|
|
|
sudo cp -a /dev/urandom /dev/random
|
2024-01-27 11:51:34 +01:00
|
|
|
sudo gpg --no-tty --no-permission-warning --pinentry-mode=loopback --passphrase "travistest" --homedir `pwd`/.gnupg --gen-key --batch `pwd`/build/gpg
|
2024-01-27 11:35:00 +01:00
|
|
|
sudo gpg --list-secret-keys --homedir `pwd`/.gnupg
|
2024-02-02 12:27:39 +01:00
|
|
|
|
2024-01-27 11:35:00 +01:00
|
|
|
# change perms
|
|
|
|
|
sudo chown -R $USER:www-data `pwd`
|
|
|
|
|
sudo chown -R www-data:www-data `pwd`/.gnupg
|
|
|
|
|
sudo chmod -R 700 `pwd`/.gnupg
|
|
|
|
|
sudo usermod -a -G www-data $USER
|
|
|
|
|
sudo chmod -R 777 `pwd`/app/Plugin/CakeResque/tmp/
|
|
|
|
|
# Ensure the perms of config files
|
|
|
|
|
sudo chown -R $USER:www-data `pwd`/app/Config
|
|
|
|
|
sudo chmod -R 777 `pwd`/app/Config
|
|
|
|
|
app/Console/cake Admin setSetting "MISP.server_settings_skip_backup_rotate" 1
|
|
|
|
|
sudo chown -R $USER:www-data `pwd`/app/Config
|
|
|
|
|
sudo chmod -R 777 `pwd`/app/Config
|
|
|
|
|
|
|
|
|
|
# fix perms (?)
|
2024-01-27 16:17:11 +01:00
|
|
|
namei -m /home/runner/work
|
2024-01-27 11:35:00 +01:00
|
|
|
sudo chmod +x /home/runner/work
|
|
|
|
|
sudo chmod +x /home/runner
|
|
|
|
|
sudo chmod +x /home
|
|
|
|
|
sudo chmod +x /
|
2023-03-11 14:45:31 +01:00
|
|
|
|
2024-01-14 15:47:41 +01:00
|
|
|
- name: Python setup
|
|
|
|
|
run: |
|
|
|
|
|
# Dirty install python stuff
|
|
|
|
|
python3 -m virtualenv -p python3 ./venv
|
2024-01-27 11:35:00 +01:00
|
|
|
app/Console/cake Admin setSetting "MISP.python_bin" "$GITHUB_WORKSPACE/venv/bin/python"
|
2024-01-14 15:47:41 +01:00
|
|
|
. ./venv/bin/activate
|
|
|
|
|
export PYTHONPATH=$PYTHONPATH:./app/files/scripts
|
|
|
|
|
pip install ./PyMISP[fileobjects,email] ./app/files/scripts/python-stix ./app/files/scripts/cti-python-stix2 pyzmq redis plyara pytest
|
|
|
|
|
deactivate
|
|
|
|
|
|
2020-11-23 13:25:57 +01:00
|
|
|
- name: DB Update
|
2020-11-16 23:12:00 +01:00
|
|
|
run: |
|
2024-01-27 11:35:00 +01:00
|
|
|
app/Console/cake Admin setSetting "MISP.osuser" $USER
|
|
|
|
|
app/Console/cake Admin runUpdates
|
|
|
|
|
app/Console/cake Admin schemaDiagnostics
|
2020-11-23 13:25:57 +01:00
|
|
|
|
|
|
|
|
- name: Configure MISP
|
|
|
|
|
run: |
|
2024-01-27 11:35:00 +01:00
|
|
|
app/Console/cake User init | sudo tee ./key.txt
|
|
|
|
|
echo "AUTH=`cat key.txt`" >> $GITHUB_ENV
|
|
|
|
|
app/Console/cake Admin setSetting "Session.autoRegenerate" 0
|
|
|
|
|
app/Console/cake Admin setSetting "Session.timeout" 600
|
|
|
|
|
app/Console/cake Admin setSetting "Session.cookieTimeout" 3600
|
|
|
|
|
app/Console/cake Admin setSetting "MISP.host_org_id" 1
|
|
|
|
|
app/Console/cake Admin setSetting "MISP.email" "info@admin.test"
|
|
|
|
|
app/Console/cake Admin setSetting "MISP.disable_emailing" false
|
|
|
|
|
app/Console/cake Admin setSetting --force "debug" true
|
|
|
|
|
app/Console/cake Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
|
|
|
|
app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"
|
|
|
|
|
app/Console/cake Admin setSetting "MISP.redis_port" 6379
|
|
|
|
|
app/Console/cake Admin setSetting "MISP.redis_database" 13
|
|
|
|
|
app/Console/cake Admin setSetting "MISP.redis_password" ""
|
|
|
|
|
app/Console/cake Admin setSetting "GnuPG.email" "info@admin.test"
|
|
|
|
|
app/Console/cake Admin setSetting "GnuPG.homedir" "`pwd`/.gnupg"
|
|
|
|
|
app/Console/cake Admin setSetting "GnuPG.password" "travistest"
|
|
|
|
|
app/Console/cake Admin setSetting "MISP.download_gpg_from_homedir" 1
|
|
|
|
|
app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_host" "127.0.0.1"
|
|
|
|
|
app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
|
|
|
|
app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
|
|
|
|
app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_password" ""
|
|
|
|
|
app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" 1
|
|
|
|
|
app/Console/cake Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" 1
|
2020-11-16 23:12:00 +01:00
|
|
|
|
2020-11-23 13:25:57 +01:00
|
|
|
- name: Update Galaxies
|
2024-01-27 11:35:00 +01:00
|
|
|
run: app/Console/cake Admin updateGalaxies
|
2021-10-09 11:04:03 +02:00
|
|
|
|
2020-11-23 13:25:57 +01:00
|
|
|
- name: Update Taxonomies
|
2024-01-27 11:35:00 +01:00
|
|
|
run: app/Console/cake Admin updateTaxonomies
|
2021-10-09 11:04:03 +02:00
|
|
|
|
2020-11-23 13:25:57 +01:00
|
|
|
- name: Update Warninglists
|
2024-01-27 11:35:00 +01:00
|
|
|
run: app/Console/cake Admin updateWarningLists --verbose
|
2021-10-09 11:04:03 +02:00
|
|
|
|
2020-11-23 13:25:57 +01:00
|
|
|
- name: Update Noticelists
|
2024-01-27 11:35:00 +01:00
|
|
|
run: app/Console/cake Admin updateNoticeLists
|
2021-10-09 11:04:03 +02:00
|
|
|
|
2020-11-23 13:25:57 +01:00
|
|
|
- name: Update Object Templates
|
2024-01-27 11:35:00 +01:00
|
|
|
run: app/Console/cake Admin updateObjectTemplates 1
|
2020-11-23 13:25:57 +01:00
|
|
|
|
2020-11-16 23:12:00 +01:00
|
|
|
- name: Turn MISP live
|
2024-01-27 11:35:00 +01:00
|
|
|
run: app/Console/cake Admin live 1
|
2020-11-16 23:12:00 +01:00
|
|
|
|
2023-05-24 10:28:39 +02:00
|
|
|
- name: Check if Redis is ready
|
2024-01-27 11:35:00 +01:00
|
|
|
run: app/Console/cake Admin redisReady
|
2023-05-24 10:28:39 +02:00
|
|
|
|
2020-11-16 23:12:00 +01:00
|
|
|
- name: Start workers
|
|
|
|
|
run: |
|
2024-01-27 11:35:00 +01:00
|
|
|
sudo chmod +x app/Console/worker/start.sh
|
|
|
|
|
sudo -u www-data 'app/Console/worker/start.sh'
|
2020-11-16 23:12:00 +01:00
|
|
|
|
|
|
|
|
- name: Test if apache is working
|
|
|
|
|
run: |
|
2024-01-27 11:35:00 +01:00
|
|
|
sudo systemctl status apache2 --no-pager -l
|
|
|
|
|
sudo apache2ctl -S
|
2024-01-27 12:05:38 +01:00
|
|
|
curl -sS http://${HOST}
|
2024-01-27 11:35:00 +01:00
|
|
|
|
|
|
|
|
- name: Check if dependencies working as expected
|
|
|
|
|
run: |
|
|
|
|
|
sudo chmod -R 777 PyMISP
|
|
|
|
|
pushd PyMISP
|
|
|
|
|
echo 'url = "http://'${HOST}'"' >> tests/keys.py
|
|
|
|
|
echo 'key = "'${AUTH}'"' >> tests/keys.py
|
|
|
|
|
cat tests/keys.py
|
|
|
|
|
popd
|
|
|
|
|
. ./venv/bin/activate
|
|
|
|
|
pushd tests
|
|
|
|
|
bash ./build-test.sh
|
|
|
|
|
popd
|
|
|
|
|
deactivate
|
2021-10-09 11:04:03 +02:00
|
|
|
|
2021-07-27 09:42:50 +02:00
|
|
|
- name: Run PHP tests
|
2020-11-16 23:12:00 +01:00
|
|
|
run: |
|
2024-01-27 11:35:00 +01:00
|
|
|
./app/Vendor/bin/parallel-lint --exclude app/Lib/cakephp/ --exclude app/Vendor/ -e php,ctp app/
|
|
|
|
|
sudo -u www-data ./app/Vendor/bin/phpunit app/Test/
|
2020-11-18 21:09:25 +01:00
|
|
|
|
2023-09-22 14:26:32 +02:00
|
|
|
- name: Clone test files
|
|
|
|
|
uses: actions/checkout@v4
|
|
|
|
|
with:
|
|
|
|
|
repository: viper-framework/viper-test-files
|
|
|
|
|
path: PyMISP/tests/viper-test-files
|
|
|
|
|
|
2021-07-27 09:42:50 +02:00
|
|
|
- name: Run tests
|
|
|
|
|
run: |
|
2024-01-27 11:35:00 +01:00
|
|
|
pushd tests
|
|
|
|
|
./curl_tests_GH.sh $AUTH $HOST
|
|
|
|
|
popd
|
2024-02-02 12:27:39 +01:00
|
|
|
|
2024-01-27 11:35:00 +01:00
|
|
|
sudo chmod -R g+ws `pwd`/app/tmp/logs
|
2024-02-02 12:27:39 +01:00
|
|
|
|
2024-01-27 11:35:00 +01:00
|
|
|
. ./venv/bin/activate
|
|
|
|
|
pushd PyMISP
|
|
|
|
|
cp tests/keys.py .
|
|
|
|
|
python -m pytest -v --durations=0 tests/test_mispevent.py
|
|
|
|
|
python -m pytest -v --durations=0 tests/testlive_comprehensive.py
|
|
|
|
|
popd
|
|
|
|
|
python tests/testlive_comprehensive_local.py -v
|
2024-02-02 12:27:39 +01:00
|
|
|
python tests/testlive_sync.py -v
|
|
|
|
|
python tests/testlive_security.py -v
|
2024-01-27 11:35:00 +01:00
|
|
|
cp PyMISP/tests/keys.py PyMISP/examples/events/
|
|
|
|
|
pushd PyMISP/examples/events/
|
|
|
|
|
python ./create_massive_dummy_events.py -l 5 -a 30
|
|
|
|
|
popd
|
|
|
|
|
pip install jsonschema
|
|
|
|
|
python tools/misp-feed/validate.py
|
|
|
|
|
deactivate
|
2020-11-23 20:57:39 +01:00
|
|
|
|
2023-10-25 10:39:13 +02:00
|
|
|
- name: Check requirements.txt
|
|
|
|
|
run: python tests/check_requirements.py
|
|
|
|
|
|
2020-11-23 20:57:39 +01:00
|
|
|
- name: Logs
|
|
|
|
|
if: ${{ always() }}
|
2023-12-01 10:17:36 +01:00
|
|
|
# update logs_test.sh when adding more logsources here
|
2020-11-23 20:57:39 +01:00
|
|
|
run: |
|
2024-01-27 11:35:00 +01:00
|
|
|
tail -n +1 `pwd`/app/tmp/logs/*
|
|
|
|
|
tail -n +1 /var/log/apache2/*.log
|
2023-03-11 14:25:14 +01:00
|
|
|
|
2024-01-27 11:35:00 +01:00
|
|
|
app/Console/cake Log export /tmp/logs.json.gz --without-changes
|
|
|
|
|
zcat /tmp/logs.json.gz
|
2023-12-01 10:17:36 +01:00
|
|
|
|
|
|
|
|
- name: Errors in Logs
|
|
|
|
|
if: ${{ always() }}
|
|
|
|
|
run: |
|
2024-02-02 12:27:39 +01:00
|
|
|
./tests/logs_tests.sh
|
