merge conflicts

Signed-off-by: Amndeep Singh Mann <[email protected]>
mitre · Oct 22, 2024 · 429adc9 · 429adc9
2 parents f01817a + 05feeef
commit 429adc9
Show file tree

Hide file tree

Showing 206 changed files with 2,036,109 additions and 3,217 deletions.
diff --git a/.github/workflows/anchore-syft.yml b/.github/workflows/anchore-syft.yml
@@ -0,0 +1,38 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, builds an image, performs a container image
+# scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency
+# submission API.
+
+# For more information on the Anchore sbom-action usage
+# and parameters, see https://github.com/anchore/sbom-action. For more
+# information about the Anchore SBOM tool, Syft, see
+# https://github.com/anchore/syft
+name: Anchore Syft SBOM scan
+
+on:
+  push:
+    branches: [ "master" ]
+
+permissions:
+  contents: write
+
+jobs:
+  Anchore-Build-Scan:
+    permissions:
+      contents: write # required to upload to the Dependency submission API
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v4
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag localbuild/testimage:latest
+    - name: Scan the image and upload dependency results
+      uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a
+      with:
+        image: "localbuild/testimage:latest"
+        artifact-name: image.spdx.json
+        dependency-snapshot: true
diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml
@@ -28,7 +28,7 @@ jobs:
         run: 'echo "heimdall-lite.mitre.org" > ./dist/frontend/CNAME'
 
       - name: deploy
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: ./dist/frontend
diff --git a/.github/workflows/hdfconverter-tests.yml b/.github/workflows/hdfconverter-tests.yml
@@ -12,7 +12,7 @@ jobs:
 
     services:
       splunk:
-        image: splunk/splunk:9.1.2
+        image: splunk/splunk
         volumes:
           - /$(pwd)/test/configs/splunk/server.conf:/etc/system/local/server.conf
         ports:

diff --git a/.github/workflows/push-lite-to-docker.yml b/.github/workflows/push-lite-to-docker.yml
@@ -8,21 +8,21 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
+      - name: Checkout the Heimdall Repository
+        uses: actions/checkout@v4
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Checkout the Heimdall Repository
-        uses: actions/checkout@v4
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile.lite
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall-lite:latest
diff --git a/.github/workflows/push-server-to-docker.yml b/.github/workflows/push-server-to-docker.yml
@@ -21,9 +21,9 @@ jobs:
           fetch-depth: 0
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall2:latest
diff --git a/.github/workflows/release-lite-to-docker.yml b/.github/workflows/release-lite-to-docker.yml
@@ -8,8 +8,6 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
       - name: Run string replace # remove the v from the version number before using it in the docker tag
         uses: frabert/replace-string-action@v2
         id: format-tag
@@ -18,19 +16,21 @@ jobs:
           string: '${{ github.event.release.tag_name }}'
           replace-with: ''
           flags: 'g'
+      - name: Checkout the Heimdall Repository
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Checkout the Heimdall Repository
-        uses: actions/checkout@v4
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile.lite
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall-lite:release-latest,mitre/heimdall-lite:${{ steps.format-tag.outputs.replaced }}
diff --git a/.github/workflows/release-server-to-docker.yml b/.github/workflows/release-server-to-docker.yml
@@ -3,40 +3,45 @@ name: Push Heimdall Server to Docker Hub on every release and tag as release-lat
 on:
   release:
     types: [published]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version'     
+        required: true
 
 jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Run string replace # remove the v from the version number before using it in the docker tag
         uses: frabert/replace-string-action@v2
         id: format-tag
         with:
           pattern: 'v'
-          string: '${{ github.event.release.tag_name }}'
+          string: '${{ github.event.release.tag_name || github.event.inputs.version}}'
           replace-with: ''
           flags: 'g'
       - name: Checkout the Heimdall Repository
         uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall2:release-latest,mitre/heimdall2:${{ steps.format-tag.outputs.replaced }}
       - name: Get Docker SHA
         shell: bash
         id: get-docker-sha
-        run: echo "DOCKER_SHA=$(docker manifest inspect --verbose docker.io/mitre/heimdall2:${{ steps.format-tag.outputs.replaced }} | jq -r '.Descriptor.digest')" >> $GITHUB_ENV
+        run: echo "DOCKER_SHA=$(docker pull mitre/heimdall2:${{ steps.format-tag.outputs.replaced }} > /dev/null 2>&1 && docker inspect --format='{{index .RepoDigests 0}}' mitre/heimdall2:${{ steps.format-tag.outputs.replaced }} | cut -d '@' -f 2)" >> $GITHUB_ENV
       - name: Sophos Factory pipeline
         uses: sophos/factory-run-pipeline@v2
         with: