-
Notifications
You must be signed in to change notification settings - Fork 42
147 lines (126 loc) · 5.15 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Create Release
on:
workflow_dispatch:
inputs:
version:
description: "Release version (eg: 1.0.1)"
required: true
type: string
env:
# Registry for the container image
CONTAINER_IMAGE_REGISTRY: ghcr.io
# Name of the container image
CONTAINER_IMAGE_NAME: ${{ github.repository }}
# URL to the repository source code
SOURCE_URL: "https://github.com/${{ github.repository }}"
# Description of the base container image
CONTAINER_IMAGE_DESCRIPTION: "Base container image for the Thanatos Mythic C2 agent"
# License for the base container image
CONTAINER_IMAGE_LICENSE: BSD-3-Clause
# Path to the agent code
AGENT_CODE_PATH: Payload_Type/thanatos/thanatos/agent_code
concurrency:
group: "release"
cancel-in-progress: true
jobs:
image:
name: Build and push the base container image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Set the container image fully qualified url
run: echo "CONTAINER_IMAGE_URL=${CONTAINER_IMAGE_URL,,}" >> ${GITHUB_ENV}
env:
CONTAINER_IMAGE_URL: ${{ env.CONTAINER_IMAGE_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:v${{ inputs.version }}
- name: Log in to the container registry
uses: docker/login-action@v3
with:
registry: ${{ env.CONTAINER_IMAGE_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push the container image
uses: docker/build-push-action@v5
with:
context: Payload_Type/thanatos
tags: ${{ env.CONTAINER_IMAGE_URL }}
push: true
labels: |
org.opencontainers.image.source=${{ env.SOURCE_URL }}
org.opencontainers.image.description=${{ env.CONTAINER_IMAGE_DESCRIPTION }}
org.opencontainers.image.licenses=${{ env.CONTAINER_IMAGE_LICENSE }}
release:
name: Create new repository release
runs-on: ubuntu-latest
needs:
- image
permissions:
contents: write
packages: read
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Lowercase the container image name
run: echo "CONTAINER_IMAGE_NAME=${CONTAINER_IMAGE_NAME,,}" >> ${GITHUB_ENV}
- name: Set config.json version number
uses: jossef/[email protected]
with:
file: config.json
field: remote_images.thanatos
value: ${{ env.CONTAINER_IMAGE_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:v${{ inputs.version }}
- name: Set agent_capabilities.json version number
uses: jossef/[email protected]
with:
file: agent_capabilities.json
field: agent_version
value: ${{ inputs.version }}
- name: Set agent Cargo.toml version number
working-directory: ${{ env.AGENT_CODE_PATH }}
env:
RELEASE_VERSION: ${{ inputs.version }}
run: sed -i "0,/^version = .*$/s//version = \"${RELEASE_VERSION}\"/" Cargo.toml
- name: Update the CHANGELOG.md for the new version
env:
RELEASE_VERSION: ${{ inputs.version }}
SOURCE_URL: ${{ env.SOURCE_URL }}
run: |
sed -i "s/^## \[Unreleased\]$/## [$RELEASE_VERSION] - $(date -I)/" CHANGELOG.md
sed -i "s/^\[unreleased\]: \(.\+\)\.\.\.HEAD$/[$RELEASE_VERSION]: \1...v$RELEASE_VERSION/" CHANGELOG.md
sed -i "/^## \[$RELEASE_VERSION\] \- .*/i ## [Unreleased]\n" CHANGELOG.md
sed -i "/^\[$RELEASE_VERSION\]: .*/i [unreleased]: $SOURCE_URL/compare/v$RELEASE_VERSION...HEAD" CHANGELOG.md
- name: Commit the updated changes
uses: EndBug/add-and-commit@v9
with:
add: "['CHANGELOG.md', 'config.json', 'agent_capabilities.json', 'Payload_Type/thanatos/Dockerfile', '${{ format('{0}/Cargo.toml', env.AGENT_CODE_PATH) }}']"
default_author: github_actions
committer_email: github-actions[bot]@users.noreply.github.com
message: "chore(release): Thanatos release 'v${{ inputs.version }}'"
pathspec_error_handling: exitImmediately
- name: Create a new tag for the release
uses: EndBug/add-and-commit@v9
with:
message: "chore(release): Thanatos v${{ inputs.version }}"
push: true
tag: "v${{ inputs.version }}"
pathspec_error_handling: exitImmediately
- name: Create a new Github release
env:
GIT_TAG: "v${{ inputs.version }}"
GH_TOKEN: ${{ github.token }}
run: |
RELEASE_BODY=$(python .github/scripts/changelogtool.py extract ${GIT_TAG})
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-Github-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/releases \
-f tag_name="${GIT_TAG}" \
-f target_commitish="$GITHUB_REF_NAME" \
-f name="Thanatos ${GIT_TAG}" \
-f body="$RELEASE_BODY" \
-F draft=false \
-F prerelease=false \
-F generate_release_notes=false