From a5ea5cef9ae88f7ed90d28ca67d59a94c89826c8 Mon Sep 17 00:00:00 2001 From: Guillaume Date: Wed, 11 Dec 2024 09:44:59 +0100 Subject: [PATCH] [tool] update drone & circle for prerelease platform (#1909) --- .circleci/config.yml | 151 ++++++++++++++---- .drone.yml | 3 +- .../injectors/openbas/OpenBASInjector.java | 32 ++++ .../io/openbas/rest/executor/ExecutorApi.java | 61 +++---- .../io/openbas/rest/injector/InjectorApi.java | 36 +++-- .../src/main/resources/application.properties | 11 ++ .../io/openbas/asset/EndpointService.java | 24 ++- 7 files changed, 235 insertions(+), 83 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c9f5dadc2a..6d72ae6eb6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -168,7 +168,15 @@ jobs: steps: - checkout - kubernetes/install-kubectl - - run: kubectl --server=https://api.staging.eu-west.filigran.io --token=$K8S_TOKEN -n customer-testing rollout restart deployment + - run: kubectl --server=https://api.staging.eu-west.filigran.io --token=$K8S_TOKEN -n customer-testing rollout restart deployment -l app=openbas + + deploy_prerelease: + docker: + - image: cimg/base:stable + steps: + - checkout + - kubernetes/install-kubectl + - run: kubectl --server=https://api.staging.eu-west.filigran.io --token=$K8S_TOKEN_PRE_RELEASE -n customer-prerelease-openbas rollout restart deployment -l app=openbas docker_build_platform: working_directory: ~/openbas_docker @@ -185,22 +193,21 @@ jobs: command: | sudo apt-get update sudo apt-get -y install git - LATEST_VERSION=$(git describe --tags --abbrev=0) - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/arm64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-agent/linux/arm64/openbas-agent-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/x86_64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-agent/linux/x86_64/openbas-agent-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-installer-${CIRCLE_TAG:-latest}.sh - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-upgrade-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-upgrade-${CIRCLE_TAG:-latest}.sh - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/arm64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-agent/macos/arm64/openbas-agent-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-installer-${CIRCLE_TAG:-latest}.sh - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-upgrade-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-upgrade-${CIRCLE_TAG:-latest}.sh - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION}.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-${CIRCLE_TAG:-latest}.exe - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-installer-${CIRCLE_TAG:-latest}.exe - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-installer-${CIRCLE_TAG:-latest}.ps1 - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-upgrade-${CIRCLE_TAG:-$LATEST_VERSION}.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-upgrade-${CIRCLE_TAG:-latest}.ps1 - curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/arm64/openbas-implant-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-implant/linux/arm64/openbas-implant-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/x86_64/openbas-implant-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-implant/linux/x86_64/openbas-implant-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/implants/openbas-implant/macos/arm64/openbas-implant-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-implant/macos/arm64/openbas-implant-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/implants/openbas-implant/windows/x86_64/openbas-implant-${CIRCLE_TAG:-$LATEST_VERSION}.exe https://filigran.jfrog.io/artifactory/openbas-implant/windows/x86_64/openbas-implant-${CIRCLE_TAG:-latest}.exe + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/arm64/openbas-agent-${CIRCLE_TAG} https://filigran.jfrog.io/artifactory/openbas-agent/linux/arm64/openbas-agent-${CIRCLE_TAG} + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/x86_64/openbas-agent-${CIRCLE_TAG} https://filigran.jfrog.io/artifactory/openbas-agent/linux/x86_64/openbas-agent-${CIRCLE_TAG} + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-installer-${CIRCLE_TAG}.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-installer-${CIRCLE_TAG}.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-upgrade-${CIRCLE_TAG}.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-upgrade-${CIRCLE_TAG}.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/arm64/openbas-agent-${CIRCLE_TAG} https://filigran.jfrog.io/artifactory/openbas-agent/macos/arm64/openbas-agent-${CIRCLE_TAG} + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-installer-${CIRCLE_TAG}.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-installer-${CIRCLE_TAG}.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-upgrade-${CIRCLE_TAG}.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-upgrade-${CIRCLE_TAG}.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-${CIRCLE_TAG}.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-${CIRCLE_TAG}.exe + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-installer-${CIRCLE_TAG}.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-installer-${CIRCLE_TAG}.exe + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-installer-${CIRCLE_TAG}.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-installer-${CIRCLE_TAG}.ps1 + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-upgrade-${CIRCLE_TAG}.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-upgrade-${CIRCLE_TAG}.ps1 + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/arm64/openbas-implant-${CIRCLE_TAG} https://filigran.jfrog.io/artifactory/openbas-implant/linux/arm64/openbas-implant-${CIRCLE_TAG} + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/x86_64/openbas-implant-${CIRCLE_TAG} https://filigran.jfrog.io/artifactory/openbas-implant/linux/x86_64/openbas-implant-${CIRCLE_TAG} + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/macos/arm64/openbas-implant-${CIRCLE_TAG} https://filigran.jfrog.io/artifactory/openbas-implant/macos/arm64/openbas-implant-${CIRCLE_TAG} + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/windows/x86_64/openbas-implant-${CIRCLE_TAG}.exe https://filigran.jfrog.io/artifactory/openbas-implant/windows/x86_64/openbas-implant-${CIRCLE_TAG}.exe - run: name: Install buildx command: | @@ -220,7 +227,11 @@ jobs: command: echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin - run: name: Build Docker image openbas/platform - command: docker buildx build --platform $BUILDX_PLATFORMS -f Dockerfile_circleci -t openbas/platform:latest -t openbas/platform:${CIRCLE_TAG} --push . + command: | + LATEST_VERSION=$(git describe --tags --abbrev=0) + TAGS="-t openbas/platform:${CIRCLE_TAG}" + [ "$CIRCLE_TAG" = "$LATEST_VERSION" ] && TAGS="$TAGS -t openbas/platform:latest" + docker buildx build --progress=plain --platform $BUILDX_PLATFORMS -f Dockerfile_circleci $TAGS --push . no_output_timeout: 30m - slack/notify: event: fail @@ -245,21 +256,21 @@ jobs: sudo apt-get update sudo apt-get -y install git LATEST_VERSION=$(git describe --tags --abbrev=0) - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/arm64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-agent/linux/arm64/openbas-agent-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/x86_64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-agent/linux/x86_64/openbas-agent-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-installer-${CIRCLE_TAG:-latest}.sh - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-upgrade-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-upgrade-${CIRCLE_TAG:-latest}.sh - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/arm64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-agent/macos/arm64/openbas-agent-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-installer-${CIRCLE_TAG:-latest}.sh - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-upgrade-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-upgrade-${CIRCLE_TAG:-latest}.sh - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION}.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-${CIRCLE_TAG:-latest}.exe - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-installer-${CIRCLE_TAG:-latest}.exe - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-installer-${CIRCLE_TAG:-latest}.ps1 - curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-upgrade-${CIRCLE_TAG:-$LATEST_VERSION}.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-upgrade-${CIRCLE_TAG:-latest}.ps1 - curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/arm64/openbas-implant-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-implant/linux/arm64/openbas-implant-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/x86_64/openbas-implant-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-implant/linux/x86_64/openbas-implant-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/implants/openbas-implant/macos/arm64/openbas-implant-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-implant/macos/arm64/openbas-implant-${CIRCLE_TAG:-latest} - curl -L -o openbas-api/src/main/resources/implants/openbas-implant/windows/x86_64/openbas-implant-${CIRCLE_TAG:-$LATEST_VERSION}.exe https://filigran.jfrog.io/artifactory/openbas-implant/windows/x86_64/openbas-implant-${CIRCLE_TAG:-latest}.exe + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/arm64/openbas-agent-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-agent/linux/arm64/openbas-agent-testing + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/x86_64/openbas-agent-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-agent/linux/x86_64/openbas-agent-testing + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-installer-$LATEST_VERSION.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-installer-testing.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-upgrade-$LATEST_VERSION.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-upgrade-testing.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/arm64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-agent/macos/arm64/openbas-agent-testing + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-installer-testing.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-upgrade-$LATEST_VERSION.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-upgrade-testing.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-$LATEST_VERSION.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-testing.exe + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-installer-$LATEST_VERSION.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-installer-testing.exe + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-installer-$LATEST_VERSION.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-installer-testing.ps1 + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-upgrade-$LATEST_VERSION.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-upgrade-testing.ps1 + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/arm64/openbas-implant-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-implant/linux/arm64/openbas-implant-testing + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/x86_64/openbas-implant-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-implant/linux/x86_64/openbas-implant-testing + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/macos/arm64/openbas-implant-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-implant/macos/arm64/openbas-implant-testing + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/windows/x86_64/openbas-implant-$LATEST_VERSION.exe https://filigran.jfrog.io/artifactory/openbas-implant/windows/x86_64/openbas-implant-testing.exe - run: name: Install buildx command: | @@ -281,7 +292,68 @@ jobs: - run: working_directory: ~/openbas_docker name: Build Docker image openbas/platform - command: docker buildx build --platform $BUILDX_PLATFORMS -f Dockerfile_circleci -t openbas/platform:rolling --push . + command: docker buildx build --progress=plain --platform $BUILDX_PLATFORMS -f Dockerfile_circleci -t openbas/platform:rolling --push . + no_output_timeout: 30 + - slack/notify: + event: fail + template: basic_fail_1 + - ms-teams/report: + only_on_fail: true + webhook_url: $MS_TEAMS_WEBHOOK_URL + + docker_build_platform_prerelease: + working_directory: ~/openbas_docker + machine: + image: ubuntu-2004:202111-02 + resource_class: large + environment: + DOCKER_BUILDKIT: 1 + BUILDX_PLATFORMS: linux/amd64,linux/arm64 + steps: + - attach_workspace: + at: ~/ + - run: + command: | + sudo apt-get update + sudo apt-get -y install git + LATEST_VERSION=$(git describe --tags --abbrev=0) + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/arm64/openbas-agent-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-agent/linux/arm64/openbas-agent-prerelease + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/x86_64/openbas-agent-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-agent/linux/x86_64/openbas-agent-prerelease + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-installer-$LATEST_VERSION.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-installer-prerelease.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/linux/openbas-agent-upgrade-$LATEST_VERSION.sh https://filigran.jfrog.io/artifactory/openbas-agent/linux/openbas-agent-upgrade-prerelease.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/arm64/openbas-agent-${CIRCLE_TAG:-$LATEST_VERSION} https://filigran.jfrog.io/artifactory/openbas-agent/macos/arm64/openbas-agent-prerelease + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-installer-${CIRCLE_TAG:-$LATEST_VERSION}.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-installer-prerelease.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/macos/openbas-agent-upgrade-$LATEST_VERSION.sh https://filigran.jfrog.io/artifactory/openbas-agent/macos/openbas-agent-upgrade-prerelease.sh + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-$LATEST_VERSION.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-prerelease.exe + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/x86_64/openbas-agent-installer-$LATEST_VERSION.exe https://filigran.jfrog.io/artifactory/openbas-agent/windows/x86_64/openbas-agent-installer-prerelease.exe + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-installer-$LATEST_VERSION.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-installer-prerelease.ps1 + curl -L -o openbas-api/src/main/resources/agents/openbas-agent/windows/openbas-agent-upgrade-$LATEST_VERSION.ps1 https://filigran.jfrog.io/artifactory/openbas-agent/windows/openbas-agent-upgrade-prerelease.ps1 + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/arm64/openbas-implant-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-implant/linux/arm64/openbas-implant-prerelease + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/linux/x86_64/openbas-implant-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-implant/linux/x86_64/openbas-implant-prerelease + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/macos/arm64/openbas-implant-$LATEST_VERSION https://filigran.jfrog.io/artifactory/openbas-implant/macos/arm64/openbas-implant-prerelease + curl -L -o openbas-api/src/main/resources/implants/openbas-implant/windows/x86_64/openbas-implant-$LATEST_VERSION.exe https://filigran.jfrog.io/artifactory/openbas-implant/windows/x86_64/openbas-implant-prerelease.exe + - run: + name: Install buildx + command: | + BUILDX_BINARY_URL="https://github.com/docker/buildx/releases/download/v0.4.2/buildx-v0.4.2.linux-amd64" + curl --output docker-buildx \ + --silent --show-error --location --fail --retry 3 \ + "$BUILDX_BINARY_URL" + mkdir -p ~/.docker/cli-plugins + mv docker-buildx ~/.docker/cli-plugins/ + chmod a+x ~/.docker/cli-plugins/docker-buildx + docker buildx install + # Run binfmt + docker run --rm --privileged tonistiigi/binfmt:latest --install "$BUILDX_PLATFORMS" + docker buildx create --name multiarch --driver docker-container --use + docker buildx inspect --bootstrap + - run: + name: Login + command: echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin + - run: + working_directory: ~/openbas_docker + name: Build Docker image openbas/platform + command: docker buildx build --progress=plain --platform $BUILDX_PLATFORMS -f Dockerfile_circleci -t openbas/platform:prerelease --push . no_output_timeout: 30 - slack/notify: event: fail @@ -355,6 +427,13 @@ workflows: branches: only: - master + - docker_build_platform_prerelease: + requires: + - build_frontend + filters: + branches: + only: + - release/* - docker_build_platform: requires: - build_frontend @@ -366,9 +445,13 @@ workflows: - deploy_testing: requires: - docker_build_platform_rolling + - deploy_prerelease: + requires: + - docker_build_platform_prerelease - notify_rolling: requires: - deploy_testing + - deploy_prerelease - package_rolling - package_rolling_musl - notify: diff --git a/.drone.yml b/.drone.yml index 4cc253b26e..7cbb82ebd7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -94,13 +94,14 @@ steps: - name: build-circleci image: curlimages/curl commands: - - curl -X POST --data "branch=master" https://circleci.com/api/v1.1/project/github/OpenBAS-Platform/openbas/build?circle-token=$CIRCLECI_TOKEN + - curl -X POST --data "branch=$DRONE_COMMIT_BRANCH" https://circleci.com/api/v1.1/project/github/OpenBAS-Platform/openbas/build?circle-token=$CIRCLECI_TOKEN environment: CIRCLECI_TOKEN: from_secret: circleci_token when: branch: - master + - release/* event: exclude: - pull_request diff --git a/openbas-api/src/main/java/io/openbas/injectors/openbas/OpenBASInjector.java b/openbas-api/src/main/java/io/openbas/injectors/openbas/OpenBASInjector.java index 5073dd4581..961815fccb 100644 --- a/openbas-api/src/main/java/io/openbas/injectors/openbas/OpenBASInjector.java +++ b/openbas-api/src/main/java/io/openbas/injectors/openbas/OpenBASInjector.java @@ -57,6 +57,19 @@ public OpenBASInjector( + ";" + dlVar(openBASConfig, "windows", "x86_64") + ";$wc=New-Object System.Net.WebClient;$data=$wc.DownloadData($url);[io.file]::WriteAllBytes($filename,$data) | Out-Null;Remove-NetFirewallRule -DisplayName \"Allow OpenBAS Inbound\";New-NetFirewallRule -DisplayName \"Allow OpenBAS Inbound\" -Direction Inbound -Program \"$location\\$filename\" -Action Allow | Out-Null;Remove-NetFirewallRule -DisplayName \"Allow OpenBAS Outbound\";New-NetFirewallRule -DisplayName \"Allow OpenBAS Outbound\" -Direction Outbound -Program \"$location\\$filename\" -Action Allow | Out-Null;Start-Process -FilePath \"$location\\$filename\" -ArgumentList \"--uri $server --token $token --unsecured-certificate $unsecured_certificate --with-proxy $with_proxy --inject-id #{inject}\" -WindowStyle hidden;"); + executorCommands.put( + Endpoint.PLATFORM_TYPE.Windows.name() + "." + Endpoint.PLATFORM_ARCH.arm64, + "$x=\"#{location}\";$location=$x.Replace(\"\\obas-agent-caldera.exe\", \"\");[Environment]::CurrentDirectory = $location;$filename=\"obas-implant-#{inject}.exe\";$" + + tokenVar + + ";$" + + serverVar + + ";$" + + unsecuredCertificateVar + + ";$" + + withProxyVar + + ";" + + dlVar(openBASConfig, "windows", "arm64") + + ";$wc=New-Object System.Net.WebClient;$data=$wc.DownloadData($url);[io.file]::WriteAllBytes($filename,$data) | Out-Null;Remove-NetFirewallRule -DisplayName \"Allow OpenBAS Inbound\";New-NetFirewallRule -DisplayName \"Allow OpenBAS Inbound\" -Direction Inbound -Program \"$location\\$filename\" -Action Allow | Out-Null;Remove-NetFirewallRule -DisplayName \"Allow OpenBAS Outbound\";New-NetFirewallRule -DisplayName \"Allow OpenBAS Outbound\" -Direction Outbound -Program \"$location\\$filename\" -Action Allow | Out-Null;Start-Process -FilePath \"$location\\$filename\" -ArgumentList \"--uri $server --token $token --unsecured-certificate $unsecured_certificate --with-proxy $with_proxy --inject-id #{inject}\" -WindowStyle hidden;"); executorCommands.put( Endpoint.PLATFORM_TYPE.Linux.name() + "." + Endpoint.PLATFORM_ARCH.x86_64, "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");filename=obas-implant-#{inject};" @@ -70,6 +83,19 @@ public OpenBASInjector( + ";curl -s -X GET " + dlUri(openBASConfig, "linux", "x86_64") + " > $location/$filename;chmod +x $location/$filename;$location/$filename --uri $server --token $token --unsecured-certificate $unsecured_certificate --with-proxy $with_proxy --inject-id #{inject} &"); + executorCommands.put( + Endpoint.PLATFORM_TYPE.Linux.name() + "." + Endpoint.PLATFORM_ARCH.arm64, + "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");filename=obas-implant-#{inject};" + + serverVar + + ";" + + tokenVar + + ";" + + unsecuredCertificateVar + + ";" + + withProxyVar + + ";curl -s -X GET " + + dlUri(openBASConfig, "linux", "arm64") + + " > $location/$filename;chmod +x $location/$filename;$location/$filename --uri $server --token $token --unsecured-certificate $unsecured_certificate --with-proxy $with_proxy --inject-id #{inject} &"); executorCommands.put( Endpoint.PLATFORM_TYPE.MacOS.name() + "." + Endpoint.PLATFORM_ARCH.x86_64, "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");filename=obas-implant-#{inject};" @@ -100,9 +126,15 @@ public OpenBASInjector( executorClearCommands.put( Endpoint.PLATFORM_TYPE.Windows.name() + "." + Endpoint.PLATFORM_ARCH.x86_64, "$x=\"#{location}\";$location=$x.Replace(\"\\obas-agent-caldera.exe\", \"\");[Environment]::CurrentDirectory = $location;cd \"$location\";Get-ChildItem -Recurse -Filter *implant* | Remove-Item"); + executorClearCommands.put( + Endpoint.PLATFORM_TYPE.Windows.name() + "." + Endpoint.PLATFORM_ARCH.arm64, + "$x=\"#{location}\";$location=$x.Replace(\"\\obas-agent-caldera.exe\", \"\");[Environment]::CurrentDirectory = $location;cd \"$location\";Get-ChildItem -Recurse -Filter *implant* | Remove-Item"); executorClearCommands.put( Endpoint.PLATFORM_TYPE.Linux.name() + "." + Endpoint.PLATFORM_ARCH.x86_64, "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");cd \"$location\"; rm *implant*"); + executorClearCommands.put( + Endpoint.PLATFORM_TYPE.Linux.name() + "." + Endpoint.PLATFORM_ARCH.arm64, + "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");cd \"$location\"; rm *implant*"); executorClearCommands.put( Endpoint.PLATFORM_TYPE.MacOS.name() + "." + Endpoint.PLATFORM_ARCH.x86_64, "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");cd \"$location\"; rm *implant*"); diff --git a/openbas-api/src/main/java/io/openbas/rest/executor/ExecutorApi.java b/openbas-api/src/main/java/io/openbas/rest/executor/ExecutorApi.java index 43888dfb4a..70ebd22731 100644 --- a/openbas-api/src/main/java/io/openbas/rest/executor/ExecutorApi.java +++ b/openbas-api/src/main/java/io/openbas/rest/executor/ExecutorApi.java @@ -39,6 +39,12 @@ public class ExecutorApi extends RestBehavior { @Value("${info.app.version:unknown}") String version; + @Value("${executor.openbas.binaries.origin:local}") + private String executorOpenbasBinariesOrigin; + + @Value("${executor.openbas.binaries.version:${info.app.version:unknown}}") + private String executorOpenbasBinariesVersion; + private ExecutorRepository executorRepository; private EndpointService endpointService; private FileService fileService; @@ -138,24 +144,19 @@ public Executor registerExecutor( public @ResponseBody ResponseEntity getOpenBasAgentExecutable( @PathVariable String platform, @PathVariable String architecture) throws IOException { InputStream in = null; - String filename = null; - if (platform.equals("windows") && architecture.equals("x86_64")) { - filename = "openbas-agent-" + version + ".exe"; - String resourcePath = "/openbas-agent/windows/x86_64/"; - in = getClass().getResourceAsStream("/agents" + resourcePath + filename); - if (in == null) { // Dev mode, get from artifactory - filename = "openbas-agent-latest.exe"; - in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); - } - } - if (platform.equals("linux") || platform.equals("macos")) { - filename = "openbas-agent-" + version; - String resourcePath = "/openbas-agent/" + platform + "/" + architecture + "/"; + String resourcePath = "/openbas-agent/" + platform + "/" + architecture + "/"; + String filename = ""; + + if (executorOpenbasBinariesOrigin.equals("local")) { // if we want the local binaries + filename = "openbas-agent-" + version + (platform.equals("windows") ? ".exe" : ""); in = getClass().getResourceAsStream("/agents" + resourcePath + filename); - if (in == null) { // Dev mode, get from artifactory - filename = "openbas-agent-latest"; - in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); - } + } else if (executorOpenbasBinariesOrigin.equals( + "repository")) { // if we want a specific version from artifactory + filename = + "openbas-agent-" + + executorOpenbasBinariesVersion + + (platform.equals("windows") ? ".exe" : ""); + in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); } if (in != null) { HttpHeaders headers = new HttpHeaders(); @@ -176,19 +177,25 @@ public Executor registerExecutor( @PathVariable String platform, @PathVariable String architecture) throws IOException { byte[] file = null; String filename = null; - if (platform.equals("windows") && architecture.equals("x86_64")) { - filename = "openbas-agent-installer-" + version + ".exe"; - String resourcePath = "/openbas-agent/windows/x86_64/"; - InputStream in = getClass().getResourceAsStream("/agents" + resourcePath + filename); - if (in != null) { - file = IOUtils.toByteArray(in); - } else { // Dev mode, get from artifactory - filename = "openbas-agent-installer-latest.exe"; + + if (platform.equals("windows")) { + InputStream in = null; + String resourcePath = "/openbas-agent/windows/" + architecture + "/"; + if (executorOpenbasBinariesOrigin.equals("local")) { // if we want the local binaries + filename = "openbas-agent-" + version + ".exe"; + in = getClass().getResourceAsStream("/agents" + resourcePath + filename); + } else if (executorOpenbasBinariesOrigin.equals( + "repository")) { // if we want a specific version from artifactory + filename = "openbas-agent-" + executorOpenbasBinariesVersion + ".exe"; in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); - file = IOUtils.toByteArray(in); } + if (in == null) { + throw new UnsupportedOperationException( + "Agent version " + executorOpenbasBinariesVersion + " not found"); + } + file = IOUtils.toByteArray(in); } - // linux - No package needed + // linux & macos - No package needed if (file != null) { HttpHeaders headers = new HttpHeaders(); headers.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + filename); diff --git a/openbas-api/src/main/java/io/openbas/rest/injector/InjectorApi.java b/openbas-api/src/main/java/io/openbas/rest/injector/InjectorApi.java index 8bca77d30d..b1c751cb22 100644 --- a/openbas-api/src/main/java/io/openbas/rest/injector/InjectorApi.java +++ b/openbas-api/src/main/java/io/openbas/rest/injector/InjectorApi.java @@ -58,6 +58,12 @@ public class InjectorApi extends RestBehavior { @Value("${info.app.version:unknown}") String version; + @Value("${executor.openbas.binaries.origin:local}") + private String executorOpenbasBinariesOrigin; + + @Value("${executor.openbas.binaries.version:${info.app.version:unknown}}") + private String executorOpenbasBinariesVersion; + @Resource private RabbitmqConfig rabbitmqConfig; private AttackPatternRepository attackPatternRepository; @@ -333,25 +339,21 @@ public InjectorRegistration registerInjector( public @ResponseBody ResponseEntity getOpenBasImplant( @PathVariable String platform, @PathVariable String architecture) throws IOException { InputStream in = null; - String filename = null; - if (platform.equals("windows") && architecture.equals("x86_64")) { - filename = "openbas-implant-" + version + ".exe"; - String resourcePath = "/openbas-implant/windows/x86_64/"; - in = getClass().getResourceAsStream("/implants" + resourcePath + filename); - if (in == null) { // Dev mode, get from artifactory - filename = "openbas-implant-latest.exe"; - in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); - } - } - if (platform.equals("linux") || platform.equals("macos")) { - filename = "openbas-implant-" + version; - String resourcePath = "/openbas-implant/" + platform + "/" + architecture + "/"; + String filename = ""; + String resourcePath = "/openbas-implant/" + platform + "/" + architecture + "/"; + + if (executorOpenbasBinariesOrigin.equals("local")) { // if we want the local binaries + filename = "openbas-implant-" + version + (platform.equals("windows") ? ".exe" : ""); in = getClass().getResourceAsStream("/implants" + resourcePath + filename); - if (in == null) { // Dev mode, get from artifactory - filename = "openbas-implant-latest"; - in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); - } + } else if (executorOpenbasBinariesOrigin.equals( + "repository")) { // if we want a specific version from artifactory + filename = + "openbas-implant-" + + executorOpenbasBinariesVersion + + (platform.equals("windows") ? ".exe" : ""); + in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); } + if (in != null) { HttpHeaders headers = new HttpHeaders(); headers.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + filename); diff --git a/openbas-api/src/main/resources/application.properties b/openbas-api/src/main/resources/application.properties index ce9cd5dc26..dc939e1d07 100644 --- a/openbas-api/src/main/resources/application.properties +++ b/openbas-api/src/main/resources/application.properties @@ -157,6 +157,17 @@ executor.tanium.action-group-id=4 executor.tanium.windows-package-id= executor.tanium.unix-package-id= +# Executor OpenBAS + +# valid values: local | repository +# default: local +executor.openbas.binaries.origin= + +# if executor.openbas.agent.binaries.origin is set to "local", +# this config is ignored +# default: the OpenBAS instance's version +executor.openbas.binaries.version= + ############# # INJECTORS # ############# diff --git a/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java b/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java index 82daf65aa0..494b9bfc22 100644 --- a/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java +++ b/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java @@ -37,6 +37,12 @@ public class EndpointService { @Value("${info.app.version:unknown}") String version; + @Value("${executor.openbas.binaries.origin:local}") + private String executorOpenbasBinariesOrigin; + + @Value("${executor.openbas.binaries.version:${info.app.version:unknown}}") + private String executorOpenbasBinariesVersion; + private final EndpointRepository endpointRepository; public Endpoint createEndpoint(@NotNull final Endpoint endpoint) { @@ -101,13 +107,23 @@ public String getFileOrDownloadFromJfrog(String platform, String file, String ad case "linux", "macos" -> "sh"; default -> throw new UnsupportedOperationException(""); }; - String filename = file + "-" + version + "." + extension; + InputStream in = null; + String filename; String resourcePath = "/openbas-agent/" + platform.toLowerCase() + "/"; - InputStream in = getClass().getResourceAsStream("/agents" + resourcePath + filename); - if (in == null) { // Dev mode, get from artifactory - filename = file + "-latest." + extension; + + if (executorOpenbasBinariesOrigin.equals("local")) { // if we want the local binaries + filename = file + "-" + version + "." + extension; + in = getClass().getResourceAsStream("/agents" + resourcePath + filename); + } else if (executorOpenbasBinariesOrigin.equals( + "repository")) { // if we want a specific version from artifactory + filename = file + "-" + executorOpenbasBinariesVersion + "." + extension; in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); } + if (in == null) { + throw new UnsupportedOperationException( + "Agent installer version " + executorOpenbasBinariesVersion + " not found"); + } + return IOUtils.toString(in, StandardCharsets.UTF_8) .replace("${OPENBAS_URL}", openBASConfig.getBaseUrlForAgent()) .replace("${OPENBAS_TOKEN}", adminToken)