forked from dotCMS/core
-
Notifications
You must be signed in to change notification settings - Fork 0
99 lines (81 loc) · 3.42 KB
/
security_scheduled_pentest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: pentest
on:
workflow_dispatch:
schedule:
- cron: '0 3 1,15 * *'
- cron: '0 2 * * 0'
jobs:
scanner:
if: (github.event.schedule == '0 3 1,15 * *') || (github.event.workflow_dispatch)
runs-on: [self-hosted, linux, x64, ubuntu-server]
steps:
- name: Start dotCMS with docker
id: start-dotcms
run: |
docker-compose down && docker-compose up -d
- name: Install updates
run: sudo apt-get update
- name: Pull dotCMS/core-test-results repository
run: |
git config pull.rebase false
git remote set-url origin [email protected]:dotCMS/core-test-results.git
git pull origin main
working-directory: /home/ubuntu/core-test-results
- name: Get latest release version
id: get-latest-release
run: |
releases=$(curl -s "https://api.github.com/repos/dotCMS/core/releases")
release_version=$(echo "$releases" | jq -r '.[].tag_name' | sort -rV | head -n 1 | sed 's/^v//')
formatted_version="release-$release_version"
echo "Latest release version: $formatted_version"
echo "release_version=$formatted_version" >> $GITHUB_ENV
- name: Check if web server is running
run: |
server_status=$(wget --spider -S http://localhost:8082 2>&1 | grep "HTTP/" | awk '{print $2}')
if [[ "$server_status" == "200" ]]; then
echo "Web server is running"
else
echo "Web server is not running"
exit 1
fi
- name: Run nikto scan
run: |
report_dir="/home/ubuntu/core-test-results/pentest/$(date +'%Y-%m-%d')-$release_version"
mkdir -p "$report_dir"
nikto -h localhost:8082 |& tee "$report_dir/report.txt"
- name: Run sslscan
run: |
report_dir="/home/ubuntu/test-results/pentest/$(date +'%Y-%m-%d')-$release_version"
mkdir -p "$report_dir"
sslscan localhost:8443 |& tee "$report_dir/sslscan_report.txt"
- name: Run htmlreport.py
run: python3 /home/ubuntu/htmlreport.py $release_version
- name: Run clear-old-tests.py
run: python3 /home/ubuntu/clear-old-tests.py $release_version
- name: Stop dotCMS
run: docker-compose down
working-directory: /home/ubuntu
- name: Switch to release branch
run: |
branch_name="${{ env.release_version }}"
git fetch origin "$branch_name" && git checkout "$branch_name" || git checkout -b "$branch_name"
working-directory: /home/ubuntu/core-test-results
- name: Add files and commit changes
run: |
git add .
git commit -m "Add test results for release ${{ env.release_version }}"
working-directory: /home/ubuntu/core-test-results
- name: Push changes to dotCMS/core-test-results repository
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.SECRET_PENTEST_TOKEN }}
branch: ${{ env.release_version }}
force: true
directory: /home/ubuntu/core-test-results/
repository: dotCMS/core-test-results
maintenance:
if: github.event.schedule == '0 2 * * 0'
runs-on: [self-hosted, linux, x64, ubuntu-server]
steps:
- name: Connect to self-hosted runner
run: echo "Connecting to self-hosted runner to avoid termination due to inactivity"