build #233
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| tags: | |
| - "*" | |
| workflow_dispatch: | |
| schedule: | |
| # Every Month, the first day at 8:42 | |
| - cron: "42 8 1 * *" | |
| jobs: | |
| generate-matrix: | |
| name: Generate Matrix | |
| runs-on: ubuntu-latest | |
| outputs: | |
| analyzers_matrix: ${{ steps.set-matrix.outputs.analyzers_matrix }} | |
| responders_matrix: ${{ steps.set-matrix.outputs.responders_matrix }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: List analyzer and responder directories and build matrices | |
| id: set-matrix | |
| run: | | |
| echo "Listing analyzer directories in 'analyzers/'..." | |
| analyzer_dirs=$(find analyzers -mindepth 1 -maxdepth 1 -type d -printf '%f\n') | |
| echo "Found analyzer directories:" | |
| echo "$analyzer_dirs" | |
| echo "Listing responder directories in 'responders/'..." | |
| responder_dirs=$(find responders -mindepth 1 -maxdepth 1 -type d -printf '%f\n') | |
| echo "Found responder directories:" | |
| echo "$responder_dirs" | |
| # Build JSON for analyzers (each object has a directory name) | |
| analyzer_json=$(echo "$analyzer_dirs" | jq -R -s -c 'split("\n")[:-1] | map({directory: .})') | |
| # Build JSON for responders | |
| responder_json=$(echo "$responder_dirs" | jq -R -s -c 'split("\n")[:-1] | map({directory: .})') | |
| # Wrap them in an "include" object | |
| analyzers_matrix=$(echo "$analyzer_json" | jq -c '{include: .}') | |
| responders_matrix=$(echo "$responder_json" | jq -c '{include: map(. + {component: "responders"})}') | |
| echo "Generated analyzers matrix: $analyzers_matrix" | |
| echo "Generated responders matrix: $responders_matrix" | |
| { | |
| echo "analyzers_matrix<<EOF" | |
| echo "$analyzers_matrix" | |
| echo "EOF" | |
| } >> "$GITHUB_OUTPUT" | |
| { | |
| echo "responders_matrix<<EOF" | |
| echo "$responders_matrix" | |
| echo "EOF" | |
| } >> "$GITHUB_OUTPUT" | |
| build_analyzers: | |
| name: Build Analyzers (multi-arch) | |
| needs: generate-matrix | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| directory: ${{ fromJson(needs.generate-matrix.outputs.analyzers_matrix).include[*].directory }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Pre-pull builder image (if not already cached) | |
| run: docker pull thehiveproject/cortex-neurons-builder:latest | |
| - name: Build analyzer ${{ matrix.directory }} (linux/amd64,linux/arm64) | |
| uses: docker://thehiveproject/cortex-neurons-builder:latest | |
| with: | |
| driver-opts: image=moby/buildkit:v0.19.0 | |
| args: | | |
| --namespace cortexneurons --path analyzers -w ${{ matrix.directory }} --registry_dockerhub ${{ secrets.REGISTRY_DOCKERHUB }} --platform linux/amd64,linux/arm64 ${{ (startsWith(github.ref, 'refs/tags') || github.event_name == 'schedule') && '--stable' || '' }} | |
| build_responders: | |
| name: Build Responders (multi-arch) | |
| needs: generate-matrix | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| directory: ${{ fromJson(needs.generate-matrix.outputs.responders_matrix).include[*].directory }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Pre-pull builder image (if not already cached) | |
| run: docker pull thehiveproject/cortex-neurons-builder:latest | |
| - name: Build responder ${{ matrix.directory }} (linux/amd64,linux/arm64) | |
| uses: docker://thehiveproject/cortex-neurons-builder:latest | |
| with: | |
| driver-opts: image=moby/buildkit:v0.19.0 | |
| args: | | |
| --namespace cortexneurons --path responders -w ${{ matrix.directory }} --registry_dockerhub ${{ secrets.REGISTRY_DOCKERHUB }} --platform linux/amd64,linux/arm64 ${{ (startsWith(github.ref, 'refs/tags') || github.event_name == 'schedule') && '--stable' || '' }} | |
| build_catalog: | |
| name: Build Catalog | |
| runs-on: ubuntu-latest | |
| needs: [ build_analyzers, build_responders ] | |
| if: always() | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Build catalog | |
| uses: docker://thehiveproject/neurons-build-catalogs | |
| - name: Build report-templates zip package | |
| uses: docker://thehiveproject/neurons-build-report-templates | |
| - name: Save Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: catalog | |
| path: | | |
| analyzers/analyzers.json | |
| analyzers/report-templates.zip | |
| responders/responders.json | |
| - name: Make Release | |
| uses: softprops/action-gh-release@v1 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| generate_release_notes: true | |
| files: | | |
| analyzers/analyzers-stable.json | |
| analyzers/analyzers.json | |
| analyzers/report-templates.zip | |
| responders/responders-stable.json | |
| responders/responders.json | |
| build_docs: | |
| name: Build documentation | |
| runs-on: ubuntu-latest | |
| needs: [ build_analyzers, build_responders ] | |
| if: startsWith(github.ref, 'refs/tags/') && always() | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Prepare documentation files | |
| uses: docker://thehiveproject/doc-builder | |
| with: | |
| args: --type Cortex-Neurons | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.x" | |
| architecture: x64 | |
| - name: Install requirements | |
| run: python3 -m pip install -r utils/test_doc/requirements.txt | |
| - name: Set up git user | |
| run: | | |
| git config user.name 'github-actions[bot]' | |
| git config user.email 'github-actions[bot]@users.noreply.github.com' | |
| - name: Deploy documentation | |
| run: python3 -m mkdocs gh-deploy --remote-branch gh-pages --force | |
| notify: | |
| name: Notify | |
| runs-on: ubuntu-latest | |
| needs: [ build_analyzers, build_responders, build_catalog, build_docs ] | |
| if: false # Temporarily disable notifications | |
| steps: | |
| - name: Slack notification | |
| uses: Gamesight/slack-workflow-status@master | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| channel: "#ci-cortex" | |
| name: Cortex Analyzers build | |
| include_commit_message: true | |
| include_jobs: true |