diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 00000000..a27e4bc6 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,33 @@ +name-template: 'v$RESOLVED_VERSION' +tag-template: 'v$RESOLVED_VERSION' +template: | + # What's Changed + $CHANGES +categories: + - title: 'Breaking' + label: 'type: breaking' + - title: 'New' + label: 'type: feature' + - title: 'Bug Fixes' + label: 'type: bug' + - title: 'Maintenance' + label: 'type: maintenance' + - title: 'Dependency Updates' + label: 'type: dependencies' + +version-resolver: + major: + labels: + - 'type: breaking' + minor: + labels: + - 'type: feature' + patch: + labels: + - 'type: bug' + - 'type: maintenance' + - 'type: dependencies' + - 'type: security' + +exclude-labels: + - 'skip-changelog' diff --git a/.github/workflows/docker-publish-debian.yml b/.github/workflows/docker-publish-debian.yml index 1f2ccf46..c3fd991e 100644 --- a/.github/workflows/docker-publish-debian.yml +++ b/.github/workflows/docker-publish-debian.yml @@ -4,9 +4,11 @@ on: push: branches: [master] pull_request: - branches: [master, dev] + branches: [master] create: tags: + release: + types: [published, edited] concurrency: ci-debian-${{ github.ref }} @@ -38,26 +40,6 @@ jobs: id: vars run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA} - - name: Download artifact - uses: dawidd6/action-download-artifact@v2 - with: - # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed - # Required, if artifact is from a different repo - github_token: ${{secrets.GITHUB_TOKEN}} - # Required, workflow file name or ID - workflow: build-apk.yml - # Optional, will use the branch - branch: master - # Optional, uploaded artifact name, - # will download all artifacts if not specified - # and extract them in respective subdirectories - # https://github.com/actions/download-artifact#download-all-artifacts - name: apk-builds - # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input) - path: ${{ github.workspace }}/apk-build/ - # Optional, defaults to current repo - repo: Secure-Compliance-Solutions-LLC/GVM-APK-build - - name: Build the Docker image run: docker build . --file Dockerfile.debian --build-arg OPT_PDF=1 --tag ${{ env.IMAGE_REPOSITORY_GHCR }}:${{ github.sha }} @@ -102,6 +84,8 @@ jobs: build_test_anchore: name: Build and Test - Anchore + # ...but only when a `release` is `published` (combined with `on`) + if: github.event_name == 'release' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -115,26 +99,6 @@ jobs: id: vars run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA} - - name: Download artifact - uses: dawidd6/action-download-artifact@v2 - with: - # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed - # Required, if artifact is from a different repo - github_token: ${{secrets.GITHUB_TOKEN}} - # Required, workflow file name or ID - workflow: build-apk.yml - # Optional, will use the branch - branch: master - # Optional, uploaded artifact name, - # will download all artifacts if not specified - # and extract them in respective subdirectories - # https://github.com/actions/download-artifact#download-all-artifacts - name: apk-builds - # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input) - path: ${{ github.workspace }}/apk-build/ - # Optional, defaults to current repo - repo: Secure-Compliance-Solutions-LLC/GVM-APK-build - - name: Build the Docker image run: docker build . --file Dockerfile.debian --build-arg OPT_PDF=1 --tag ${{ env.IMAGE_REPOSITORY_GHCR }}:${{ github.sha }} @@ -218,26 +182,6 @@ jobs: fi echo -n "${IMAGE_NAME_GHCR}" - - name: Download artifact - uses: dawidd6/action-download-artifact@v2 - with: - # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed - # Required, if artifact is from a different repo - github_token: ${{secrets.GITHUB_TOKEN}} - # Required, workflow file name or ID - workflow: build-apk.yml - # Optional, will use the branch - branch: master - # Optional, uploaded artifact name, - # will download all artifacts if not specified - # and extract them in respective subdirectories - # https://github.com/actions/download-artifact#download-all-artifacts - name: apk-builds - # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input) - path: ${{ github.workspace }}/apk-build/ - # Optional, defaults to current repo - repo: Secure-Compliance-Solutions-LLC/GVM-APK-build - # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata @@ -375,3 +319,8 @@ jobs: build-args: | SETUP=1 OPT_PDF=1 + + - name: Update changelog + uses: thomaseizinger/keep-a-changelog-new-release@1.1.0 + with: + version: ${{ github.event.inputs.version }} diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 5cbdc3dc..5905c386 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -4,7 +4,7 @@ on: push: branches: [master] pull_request: - branches: [master, dev] + branches: [master] create: tags: diff --git a/Readme.md b/Readme.md index 2ba06bfe..97b20fd5 100644 --- a/Readme.md +++ b/Readme.md @@ -25,6 +25,42 @@ You want to send GVM/OpenVAS results to Elasticsearch, try our [GVM Logstash pro If you would like something added to the documentation please create a issue [GVM-Docker Gitbook Repo](https://github.com/Secure-Compliance-Solutions-LLC/gitbook/issues) +## Quick Start + +- Now all `-data` images are full pre-initialized (with available data from the build time) + +> Pre Initialized (-data) images, have a web ui password: `adminpassword` and should be changed after the deployment. Also the Postgres got a default password: `none` + +### Github Registry + +``` +docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master-data-full +docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master-data +docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master-full +docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master +``` + + +### Docker Hub + +``` +docker pull securecompliance/gvm:debian-master-data-full +docker pull securecompliance/gvm:debian-master-data +docker pull securecompliance/gvm:debian-master-full +docker pull securecompliance/gvm:debian-master +``` + +## Estimated Hardware Requirements + +| Hosts | CPU Cores | Memory | Disk Space | +| :----------------- | :------------ | :-------- | :--------- | +| 512 active IPs | 4@2GHz cores | 8 GB RAM | 30 GB | +| 2,500 active IPs | 6@2GHz cores | 12 GB RAM | 60 GB | +| 10,000 active IPs | 8@3GHz cores | 16 GB RAM | 250 GB | +| 25,000 active IPs | 16@3GHz cores | 32 GB RAM | 1 TB | +| 100,000 active IPs | 32@3GHz cores | 64 GB RAM | 2 TB | + + ## Architecture The key points to take away from the diagram below, is the way our setup establishes connection with the remote sensor, and the available ports on the GMV-Docker container. You can still use any add on tools you've used in the past with OpenVAS on 9390. One of the latest/best upgrades allows you connect directly to postgres using your favorite database tool.