mirror of
https://github.com/Aryma-f4/Ares-mythic.git
synced 2026-06-22 01:04:13 +00:00
d2dae022a4
Use the dedicated GHCR_TOKEN secret instead of the default GITHUB_TOKEN for pushing Docker images to GitHub Container Registry. This ensures proper authentication and permissions for the container registry operations. Also add the "ares" agent image reference to the config.json to include the latest Ares Mythic image from GHCR.
140 lines
5.3 KiB
YAML
140 lines
5.3 KiB
YAML
# Pulled from Thanatos (https://github.com/MythicAgents/thanatos/blob/rewrite/.github/workflows/image.yml) - MEhrn00
|
|
|
|
# Name for the Github actions workflow
|
|
name: Build and push container images
|
|
|
|
on:
|
|
# Only run workflow when there is a new release published in Github
|
|
#release:
|
|
# types: [published]
|
|
push:
|
|
branches:
|
|
- 'master'
|
|
- 'Mythic3.3'
|
|
tags:
|
|
- "v*.*.*"
|
|
|
|
# Variables holding configuration settings
|
|
env:
|
|
# Container registry the built container image will be pushed to
|
|
REGISTRY: ghcr.io
|
|
|
|
# Set the container image name to the Github repository name. (MythicAgents/apollo)
|
|
AGENT_IMAGE_NAME: ${{ github.repository }}
|
|
|
|
# Description label for the package in Github
|
|
IMAGE_DESCRIPTION: ${{ github.repository }} container for use with Mythic
|
|
|
|
# Source URL for the package in Github. This links the Github repository packages list
|
|
# to this container image
|
|
IMAGE_SOURCE: ${{ github.server_url }}/${{ github.repository }}
|
|
|
|
# License for the container image
|
|
IMAGE_LICENSE: BSD-3-Clause
|
|
|
|
# Set the container image version to the Github release tag
|
|
VERSION: ${{ github.ref_name }}
|
|
#VERSION: ${{ github.event.head_commit.message }}
|
|
|
|
RELEASE_BRANCH: master
|
|
|
|
jobs:
|
|
# Builds the base container image and pushes it to the container registry
|
|
agent_build:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
steps:
|
|
- name: Checkout the repository
|
|
uses: actions/checkout@v4 # ref: https://github.com/marketplace/actions/checkout
|
|
- name: Log in to the container registry
|
|
uses: docker/login-action@v3 # ref: https://github.com/marketplace/actions/docker-login
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GHCR_TOKEN }}
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v2
|
|
with:
|
|
platforms: 'arm64,arm'
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
# the following are unique to this job
|
|
- name: Lowercase the server container image name
|
|
run: echo "AGENT_IMAGE_NAME=${AGENT_IMAGE_NAME,,}" >> ${GITHUB_ENV}
|
|
- name: Build and push the server container image
|
|
uses: docker/build-push-action@v5 # ref: https://github.com/marketplace/actions/build-and-push-docker-images
|
|
with:
|
|
context: Payload_Type/ares
|
|
file: Payload_Type/ares/Dockerfile
|
|
tags: |
|
|
${{ env.REGISTRY }}/${{ env.AGENT_IMAGE_NAME }}:${{ env.VERSION }}
|
|
${{ env.REGISTRY }}/${{ env.AGENT_IMAGE_NAME }}:latest
|
|
push: ${{ github.ref_type == 'tag' }}
|
|
# These container metadata labels allow configuring the package in Github
|
|
# packages. The source will link the package to this Github repository
|
|
labels: |
|
|
org.opencontainers.image.source=${{ env.IMAGE_SOURCE }}
|
|
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
|
|
org.opencontainers.image.licenses=${{ env.IMAGE_LICENSE }}
|
|
platforms: linux/amd64,linux/arm64
|
|
|
|
update_files:
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- agent_build
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
|
|
steps:
|
|
# Pull in the repository code
|
|
- name: Checkout the repository
|
|
uses: actions/checkout@v4 # ref: https://github.com/marketplace/actions/checkout
|
|
|
|
# update names to lowercase
|
|
- name: Lowercase the container image name
|
|
run: echo "AGENT_IMAGE_NAME=${AGENT_IMAGE_NAME,,}" >> ${GITHUB_ENV}
|
|
|
|
# The Dockerfile which Mythic uses to pull in the base container image needs to be
|
|
# updated to reference the newly built container image
|
|
- name: Fix the server Dockerfile reference to reference the new release tag
|
|
working-directory: Payload_Type/apollo
|
|
run: |
|
|
sed -i "s|^FROM ghcr\.io.*$|FROM ${REGISTRY}/${AGENT_IMAGE_NAME}:${VERSION}|" Dockerfile
|
|
|
|
- name: Update package.json version
|
|
uses: jossef/action-set-json-field@v2.1
|
|
with:
|
|
file: config.json
|
|
field: remote_images.apollo
|
|
value: ${{env.REGISTRY}}/${{env.AGENT_IMAGE_NAME}}:${{env.VERSION}}
|
|
|
|
# Push the changes to the Dockerfile
|
|
- name: Push the updated base Dockerfile image reference changes
|
|
if: ${{ github.ref_type == 'tag' }}
|
|
uses: EndBug/add-and-commit@v9 # ref: https://github.com/marketplace/actions/add-commit
|
|
with:
|
|
# Only add the Dockerfile changes. Nothing else should have been modified
|
|
add: "['Payload_Type/apollo/Dockerfile', 'config.json']"
|
|
# Use the Github actions bot for the commit author
|
|
default_author: github_actions
|
|
committer_email: github-actions[bot]@users.noreply.github.com
|
|
|
|
# Set the commit message
|
|
message: "Bump Dockerfile tag to match release '${{ env.VERSION }}'"
|
|
|
|
# Overwrite the current git tag with the new changes
|
|
tag: '${{ env.VERSION }} --force'
|
|
|
|
# Push the new changes with the tag overwriting the current one
|
|
tag_push: '--force'
|
|
|
|
# Push the commits to the branch marked as the release branch
|
|
push: origin HEAD:${{ env.RELEASE_BRANCH }} --set-upstream
|
|
|
|
# Have the workflow fail in case there are pathspec issues
|
|
pathspec_error_handling: exitImmediately
|