0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'master' into http_plugin_unix_socket

Browse source
This commit is contained in:
Laurence Jones 2024-01-30 16:09:32 +00:00 committed by GitHub
commit 521e76a8c6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
30 changed files with 287 additions and 374 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/bats-hub.yml vendored
View file

@ -28,13 +28,13 @@ jobs:
echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id
- name: "Check out CrowdSec repository" - name: "Check out CrowdSec repository"
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
submodules: true submodules: true
- name: "Set up Go" - name: "Set up Go"
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: "1.21.6" go-version: "1.21.6"

12
.github/workflows/bats-mysql.yml vendored
View file

@ -12,10 +12,6 @@ env:
jobs: jobs:
build: build:
strategy:
matrix:
go-version: ["1.21.6"]
name: "Build + tests" name: "Build + tests"
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 30 timeout-minutes: 30
@ -35,15 +31,15 @@ jobs:
echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id
- name: "Check out CrowdSec repository" - name: "Check out CrowdSec repository"
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
submodules: true submodules: true
- name: "Set up Go ${{ matrix.go-version }}" - name: "Set up Go"
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: ${{ matrix.go-version }} go-version: "1.21.6"
- name: "Install bats dependencies" - name: "Install bats dependencies"
env: env:

12
.github/workflows/bats-postgres.yml vendored
View file

@ -8,10 +8,6 @@ env:
jobs: jobs:
build: build:
strategy:
matrix:
go-version: ["1.21.6"]
name: "Build + tests" name: "Build + tests"
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 30 timeout-minutes: 30
@ -44,15 +40,15 @@ jobs:
echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id
- name: "Check out CrowdSec repository" - name: "Check out CrowdSec repository"
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
submodules: true submodules: true
- name: "Set up Go ${{ matrix.go-version }}" - name: "Set up Go"
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: ${{ matrix.go-version }} go-version: "1.21.6"
- name: "Install bats dependencies" - name: "Install bats dependencies"
env: env:

12
.github/workflows/bats-sqlite-coverage.yml vendored
View file

@ -9,10 +9,6 @@ env:
jobs: jobs:
build: build:
strategy:
matrix:
go-version: ["1.21.6"]
name: "Build + tests" name: "Build + tests"
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 20 timeout-minutes: 20
@ -25,15 +21,15 @@ jobs:
echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id
- name: "Check out CrowdSec repository" - name: "Check out CrowdSec repository"
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
submodules: true submodules: true
- name: "Set up Go ${{ matrix.go-version }}" - name: "Set up Go"
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: ${{ matrix.go-version }} go-version: "1.21.6"
- name: "Install bats dependencies" - name: "Install bats dependencies"
env: env:

2
.github/workflows/cache-cleanup.yaml vendored
View file

@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Cleanup - name: Cleanup
run: | run: |

12
.github/workflows/ci-windows-build-msi.yml vendored
View file

@ -21,25 +21,21 @@ on:
jobs: jobs:
build: build:
strategy:
matrix:
go-version: ["1.21.6"]
name: Build name: Build
runs-on: windows-2019 runs-on: windows-2019
steps: steps:
- name: Check out code into the Go module directory - name: Check out code into the Go module directory
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
submodules: false submodules: false
- name: "Set up Go ${{ matrix.go-version }}" - name: "Set up Go"
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: ${{ matrix.go-version }} go-version: "1.21.6"
- name: Build - name: Build
run: make windows_installer BUILD_RE2_WASM=1 run: make windows_installer BUILD_RE2_WASM=1

4
.github/workflows/codeql-analysis.yml vendored
View file

@ -44,7 +44,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
# required to pick up tags for BUILD_VERSION # required to pick up tags for BUILD_VERSION
fetch-depth: 0 fetch-depth: 0
@ -72,7 +72,7 @@ jobs:
# uses a compiled language # uses a compiled language
- name: "Set up Go" - name: "Set up Go"
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: "1.21.6" go-version: "1.21.6"
cache-dependency-path: "**/go.sum" cache-dependency-path: "**/go.sum"

10
.github/workflows/docker-tests.yml vendored
View file

@ -21,17 +21,17 @@ jobs:
steps: steps:
- name: Check out the repo - name: Check out the repo
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v3
with: with:
config: .github/buildkit.toml config: .github/buildkit.toml
- name: "Build flavor: slim" - name: "Build flavor: slim"
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
with: with:
context: . context: .
file: ./Dockerfile file: ./Dockerfile
@ -43,7 +43,7 @@ jobs:
cache-to: type=gha,mode=min cache-to: type=gha,mode=min
- name: "Build flavor: full" - name: "Build flavor: full"
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
with: with:
context: . context: .
file: ./Dockerfile file: ./Dockerfile
@ -55,7 +55,7 @@ jobs:
cache-to: type=gha,mode=min cache-to: type=gha,mode=min
- name: "Build flavor: full (debian)" - name: "Build flavor: full (debian)"
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
with: with:
context: . context: .
file: ./Dockerfile.debian file: ./Dockerfile.debian

12
.github/workflows/go-tests-windows.yml vendored
View file

@ -20,25 +20,21 @@ env:
jobs: jobs:
build: build:
strategy:
matrix:
go-version: ["1.21.6"]
name: "Build + tests" name: "Build + tests"
runs-on: windows-2022 runs-on: windows-2022
steps: steps:
- name: Check out CrowdSec repository - name: Check out CrowdSec repository
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
submodules: false submodules: false
- name: "Set up Go ${{ matrix.go-version }}" - name: "Set up Go"
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: ${{ matrix.go-version }} go-version: "1.21.6"
- name: Build - name: Build
run: | run: |

4
.github/workflows/go-tests.yml vendored
View file

@ -118,13 +118,13 @@ jobs:
steps: steps:
- name: Check out CrowdSec repository - name: Check out CrowdSec repository
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
submodules: false submodules: false
- name: "Set up Go" - name: "Set up Go"
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: "1.21.6" go-version: "1.21.6"

47
.github/workflows/publish-docker-master.yml vendored Normal file
View file

@ -0,0 +1,47 @@
name: Publish Docker image on Push to Master
on:
push:
branches: [ master ]
paths:
- 'pkg/**'
- 'cmd/**'
- 'plugins/**'
- 'docker/docker_start.sh'
- 'docker/config.yaml'
- '.github/workflows/publish_docker-master.yml'
- '.github/workflows/publish-docker.yml'
- 'Dockerfile'
- 'Dockerfile.debian'
- 'go.mod'
- 'go.sum'
- 'Makefile'
jobs:
dev-alpine:
uses: ./.github/workflows/publish-docker.yml
with:
platform: linux/amd64
crowdsec_version: ""
image_version: dev
latest: false
push: true
slim: false
debian: false
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
dev-debian:
uses: ./.github/workflows/publish-docker.yml
with:
platform: linux/amd64
crowdsec_version: ""
image_version: dev
latest: false
push: true
slim: false
debian: true
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

56
.github/workflows/publish-docker-release.yml vendored Normal file
View file

@ -0,0 +1,56 @@
name: Publish Docker images
on:
workflow_dispatch:
inputs:
image_version:
description: Docker Image version (base tag, i.e. v1.6.0-2)
required: true
crowdsec_version:
description: Crowdsec version (BUILD_VERSION)
required: true
latest:
description: Overwrite latest (and slim) tags?
default: false
required: true
push:
description: Really push?
default: false
required: true
jobs:
alpine:
strategy:
matrix:
platform: ["linux/amd64", "linux/386", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
uses: ./.github/workflows/publish-docker.yml
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
with:
platform: ${{ matrix.platform }}
image_version: ${{ github.event.inputs.image_version }}
crowdsec_version: ${{ github.event.inputs.crowdsec_version }}
latest: ${{ github.event.inputs.latest == 'true' }}
push: ${{ github.event.inputs.push == 'true' }}
slim: true
debian: false
debian:
strategy:
matrix:
platform: ["linux/amd64", "linux/386", "linux/arm64"]
uses: ./.github/workflows/publish-docker.yml
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
with:
platform: ${{ matrix.platform }}
image_version: ${{ github.event.inputs.image_version }}
crowdsec_version: ${{ github.event.inputs.crowdsec_version }}
latest: ${{ github.event.inputs.latest == 'true' }}
push: ${{ github.event.inputs.push == 'true' }}
slim: false
debian: true

125
.github/workflows/publish-docker.yml vendored Normal file
View file

@ -0,0 +1,125 @@
name: Publish Docker image / platform
on:
workflow_call:
secrets:
DOCKER_USERNAME:
required: true
DOCKER_PASSWORD:
required: true
inputs:
platform:
required: true
type: string
image_version:
required: true
type: string
crowdsec_version:
required: true
type: string
latest:
required: true
type: boolean
push:
required: true
type: boolean
slim:
required: true
type: boolean
debian:
required: true
type: boolean
jobs:
push_to_registry:
name: Push Docker image to registries
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
config: .github/buildkit.toml
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Prepare (slim)
if: ${{ inputs.slim }}
id: slim
run: |
DOCKERHUB_IMAGE=${{ secrets.DOCKER_USERNAME }}/crowdsec
GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec
VERSION=${{ inputs.image_version }}
DEBIAN=${{ inputs.debian && '-debian' || '' }}
TAGS="${DOCKERHUB_IMAGE}:${VERSION}-slim${DEBIAN},${GHCR_IMAGE}:${VERSION}-slim${DEBIAN}"
if [[ ${{ inputs.latest }} == true ]]; then
TAGS=$TAGS,${DOCKERHUB_IMAGE}:slim${DEBIAN},${GHCR_IMAGE}:slim${DEBIAN}
fi
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Prepare (full)
id: full
run: |
DOCKERHUB_IMAGE=${{ secrets.DOCKER_USERNAME }}/crowdsec
GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec
VERSION=${{ inputs.image_version }}
DEBIAN=${{ inputs.debian && '-debian' || '' }}
TAGS="${DOCKERHUB_IMAGE}:${VERSION}${DEBIAN},${GHCR_IMAGE}:${VERSION}${DEBIAN}"
if [[ ${{ inputs.latest }} == true ]]; then
TAGS=$TAGS,${DOCKERHUB_IMAGE}:latest${DEBIAN},${GHCR_IMAGE}:latest${DEBIAN}
fi
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Build and push image (slim)
if: ${{ inputs.slim }}
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile${{ inputs.debian && '.debian' || '' }}
push: ${{ inputs.push }}
tags: ${{ steps.slim.outputs.tags }}
target: slim
platforms: ${{ inputs.platform }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.slim.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
build-args: |
BUILD_VERSION=${{ inputs.crowdsec_version }}
- name: Build and push image (full)
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile${{ inputs.debian && '.debian' || '' }}
push: ${{ inputs.push }}
tags: ${{ steps.full.outputs.tags }}
target: full
platforms: ${{ inputs.platform }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.full.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
build-args: |
BUILD_VERSION=${{ inputs.crowdsec_version }}

14
.github/workflows/release_publish-package.yml → .github/workflows/publish-tarball-release.yml vendored
View file

@ -1,5 +1,5 @@
# .github/workflows/build-docker-image.yml # .github/workflows/build-docker-image.yml
name: build name: Release
on: on:
release: release:
@ -12,24 +12,20 @@ permissions:
jobs: jobs:
build: build:
strategy:
matrix:
go-version: ["1.21.6"]
name: Build and upload binary package name: Build and upload binary package
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out code into the Go module directory - name: Check out code into the Go module directory
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
submodules: false submodules: false
- name: "Set up Go ${{ matrix.go-version }}" - name: "Set up Go"
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: ${{ matrix.go-version }} go-version: "1.21.6"
- name: Build the binaries - name: Build the binaries
run: | run: |

71
.github/workflows/publish_docker-image_on_master-debian.yml vendored
View file

@ -1,71 +0,0 @@
name: Publish Debian Docker image on Push to Master
on:
push:
branches: [ master ]
paths:
- 'pkg/**'
- 'cmd/**'
- 'plugins/**'
- 'docker/docker_start.sh'
- 'docker/config.yaml'
- '.github/workflows/publish_docker-image_on_master-debian.yml'
- 'Dockerfile.debian'
- 'go.mod'
- 'go.sum'
- 'Makefile'
jobs:
push_to_registry:
name: Push Debian Docker image to Docker Hub
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'crowdsecurity' }}
steps:
- name: Check out the repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=crowdsecurity/crowdsec
GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec
VERSION=dev-debian
TAGS="${DOCKER_IMAGE}:${VERSION},${GHCR_IMAGE}:${VERSION}"
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
config: .github/buildkit.toml
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push full image
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile.debian
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prep.outputs.tags }}
platforms: linux/amd64
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=min

71
.github/workflows/publish_docker-image_on_master.yml vendored
View file

@ -1,71 +0,0 @@
name: Publish Docker image on Push to Master
on:
push:
branches: [ master ]
paths:
- 'pkg/**'
- 'cmd/**'
- 'plugins/**'
- 'docker/docker_start.sh'
- 'docker/config.yaml'
- '.github/workflows/publish_docker-image_on_master.yml'
- 'Dockerfile'
- 'go.mod'
- 'go.sum'
- 'Makefile'
jobs:
push_to_registry:
name: Push Docker image to Docker Hub
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'crowdsecurity' }}
steps:
- name: Check out the repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=crowdsecurity/crowdsec
GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec
VERSION=dev
TAGS="${DOCKER_IMAGE}:${VERSION},${GHCR_IMAGE}:${VERSION}"
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
config: .github/buildkit.toml
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push full image
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prep.outputs.tags }}
platforms: linux/amd64
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=min

61
.github/workflows/release_publish_docker-image-debian.yml vendored
View file

@ -1,61 +0,0 @@
name: Publish Docker Debian image
on:
release:
types:
- released
- prereleased
workflow_dispatch:
jobs:
push_to_registry:
name: Push Docker debian image to Docker Hub
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=crowdsecurity/crowdsec
VERSION=bullseye
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
elif [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -E 's#/+#-#g')
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.number }}
fi
TAGS="${DOCKER_IMAGE}:${VERSION}-debian"
if [[ "${{ github.event.action }}" == "released" ]]; then
TAGS=$TAGS,${DOCKER_IMAGE}:latest-debian
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
config: .github/buildkit.toml
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile.debian
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prep.outputs.tags }}
platforms: linux/amd64,linux/arm64,linux/386
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}

86
.github/workflows/release_publish_docker-image.yml vendored
View file

@ -1,86 +0,0 @@
name: Publish Docker image
on:
release:
types:
- released
- prereleased
jobs:
push_to_registry:
name: Push Docker image to Docker Hub
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=crowdsecurity/crowdsec
GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec
VERSION=edge
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
elif [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -E 's#/+#-#g')
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.number }}
fi
TAGS="${DOCKER_IMAGE}:${VERSION},${GHCR_IMAGE}:${VERSION}"
TAGS_SLIM="${DOCKER_IMAGE}:${VERSION}-slim,${GHCR_IMAGE}:${VERSION}-slim"
if [[ ${{ github.event.action }} == released ]]; then
TAGS=$TAGS,${DOCKER_IMAGE}:latest,${GHCR_IMAGE}:latest
TAGS_SLIM=$TAGS_SLIM,${DOCKER_IMAGE}:slim,${GHCR_IMAGE}:slim
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "tags_slim=${TAGS_SLIM}" >> $GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
config: .github/buildkit.toml
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push slim image
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prep.outputs.tags_slim }}
target: slim
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/386
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
- name: Build and push full image
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prep.outputs.tags }}
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/386
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}

2
.github/workflows/update_docker_hub_doc.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
steps: steps:
- -
name: Check out the repo name: Check out the repo
uses: actions/checkout@v3 uses: actions/checkout@v4
if: ${{ github.repository_owner == 'crowdsecurity' }} if: ${{ github.repository_owner == 'crowdsecurity' }}
- -
name: Update docker hub README name: Update docker hub README

5
Dockerfile
View file

@ -1,8 +1,7 @@
# vim: set ft=dockerfile: # vim: set ft=dockerfile:
ARG GOVERSION=1.21.6 FROM golang:1.21.6-alpine3.18 AS build
ARG BUILD_VERSION
FROM golang:${GOVERSION}-alpine3.18 AS build ARG BUILD_VERSION
WORKDIR /go/src/crowdsec WORKDIR /go/src/crowdsec

5
Dockerfile.debian
View file

@ -1,8 +1,7 @@
# vim: set ft=dockerfile: # vim: set ft=dockerfile:
ARG GOVERSION=1.21.6 FROM golang:1.21.6-bookworm AS build
ARG BUILD_VERSION
FROM golang:${GOVERSION}-bookworm AS build ARG BUILD_VERSION
WORKDIR /go/src/crowdsec WORKDIR /go/src/crowdsec

4
cmd/crowdsec-cli/require/require.go
View file

@ -11,7 +11,7 @@ import (
) )
func LAPI(c *csconfig.Config) error { func LAPI(c *csconfig.Config) error {
if err := c.LoadAPIServer(); err != nil { if err := c.LoadAPIServer(true); err != nil {
return fmt.Errorf("failed to load Local API: %w", err) return fmt.Errorf("failed to load Local API: %w", err)
} }
@ -47,7 +47,7 @@ func CAPIRegistered(c *csconfig.Config) error {
} }
func DB(c *csconfig.Config) error { func DB(c *csconfig.Config) error {
if err := c.LoadDBConfig(); err != nil { if err := c.LoadDBConfig(true); err != nil {
return fmt.Errorf("this command requires direct database access (must be run on the local API machine): %w", err) return fmt.Errorf("this command requires direct database access (must be run on the local API machine): %w", err)
} }

2
cmd/crowdsec-cli/support.go
View file

@ -305,7 +305,7 @@ cscli support dump -f /tmp/crowdsec-support.zip
infos[SUPPORT_AGENTS_PATH] = []byte(err.Error()) infos[SUPPORT_AGENTS_PATH] = []byte(err.Error())
} }
if err := csConfig.LoadAPIServer(); err != nil { if err := csConfig.LoadAPIServer(true); err != nil {
log.Warnf("could not load LAPI, skipping CAPI check") log.Warnf("could not load LAPI, skipping CAPI check")
skipLAPI = true skipLAPI = true
infos[SUPPORT_CAPI_STATUS_PATH] = []byte(err.Error()) infos[SUPPORT_CAPI_STATUS_PATH] = []byte(err.Error())

2
cmd/crowdsec-cli/utils.go
View file

@ -48,7 +48,7 @@ func manageCliDecisionAlerts(ip *string, ipRange *string, scope *string, value *
} }
func getDBClient() (*database.Client, error) { func getDBClient() (*database.Client, error) {
if err := csConfig.LoadAPIServer(); err != nil || csConfig.DisableAPI { if err := csConfig.LoadAPIServer(true); err != nil || csConfig.DisableAPI {
return nil, err return nil, err
} }
ret, err := database.NewClient(csConfig.DbConfig) ret, err := database.NewClient(csConfig.DbConfig)

2
cmd/crowdsec/main.go
View file

@ -262,7 +262,7 @@ func LoadConfig(configFile string, disableAgent bool, disableAPI bool, quiet boo
} }
if !cConfig.DisableAPI { if !cConfig.DisableAPI {
if err := cConfig.LoadAPIServer(); err != nil { if err := cConfig.LoadAPIServer(false); err != nil {
return nil, err return nil, err
} }
} }

8
docker/docker_start.sh
View file

@ -3,7 +3,7 @@
# shellcheck disable=SC2292 # allow [ test ] syntax # shellcheck disable=SC2292 # allow [ test ] syntax
# shellcheck disable=SC2310 # allow "if function..." syntax with -e # shellcheck disable=SC2310 # allow "if function..." syntax with -e
# set -e set -e
shopt -s inherit_errexit shopt -s inherit_errexit
# match true, TRUE, True, tRuE, etc. # match true, TRUE, True, tRuE, etc.
@ -109,6 +109,8 @@ cscli_if_clean() {
for obj in $objs; do for obj in $objs; do
if cscli "$itemtype" inspect "$obj" -o json | yq -e '.tainted // false' >/dev/null 2>&1; then if cscli "$itemtype" inspect "$obj" -o json | yq -e '.tainted // false' >/dev/null 2>&1; then
echo "Object $itemtype/$obj is tainted, skipping" echo "Object $itemtype/$obj is tainted, skipping"
elif cscli "$itemtype" inspect "$obj" -o json | yq -e '.local // false' >/dev/null 2>&1; then
echo "Object $itemtype/$obj is local, skipping"
else else
# # Too verbose? Only show errors if not in debug mode # # Too verbose? Only show errors if not in debug mode
# if [ "$DEBUG" != "true" ]; then # if [ "$DEBUG" != "true" ]; then
@ -301,8 +303,8 @@ fi
conf_set_if "$PLUGIN_DIR" '.config_paths.plugin_dir = strenv(PLUGIN_DIR)' conf_set_if "$PLUGIN_DIR" '.config_paths.plugin_dir = strenv(PLUGIN_DIR)'
## Install hub items ## Install hub items
cscli hub update cscli hub update || true
cscli hub upgrade cscli hub upgrade || true
cscli_if_clean parsers install crowdsecurity/docker-logs cscli_if_clean parsers install crowdsecurity/docker-logs
cscli_if_clean parsers install crowdsecurity/cri-logs cscli_if_clean parsers install crowdsecurity/cri-logs

4
pkg/csconfig/api.go
View file

@ -236,7 +236,7 @@ type LocalApiServerCfg struct {
CapiWhitelists *CapiWhitelist `yaml:"-"` CapiWhitelists *CapiWhitelist `yaml:"-"`
} }
func (c *Config) LoadAPIServer() error { func (c *Config) LoadAPIServer(inCli bool) error {
if c.DisableAPI { if c.DisableAPI {
log.Warning("crowdsec local API is disabled from flag") log.Warning("crowdsec local API is disabled from flag")
} }
@ -289,7 +289,7 @@ func (c *Config) LoadAPIServer() error {
log.Printf("push and pull to Central API disabled") log.Printf("push and pull to Central API disabled")
} }
if err := c.LoadDBConfig(); err != nil { if err := c.LoadDBConfig(inCli); err != nil {
return err return err
} }

2
pkg/csconfig/api_test.go
View file

@ -240,7 +240,7 @@ func TestLoadAPIServer(t *testing.T) {
for _, tc := range tests { for _, tc := range tests {
tc := tc tc := tc
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
err := tc.input.LoadAPIServer() err := tc.input.LoadAPIServer(false)
cstest.RequireErrorContains(t, err, tc.expectedErr) cstest.RequireErrorContains(t, err, tc.expectedErr)
if tc.expectedErr != "" { if tc.expectedErr != "" {
return return

8
pkg/csconfig/database.go
View file

@ -50,7 +50,7 @@ type FlushDBCfg struct {
AgentsGC *AuthGCCfg `yaml:"agents_autodelete,omitempty"` AgentsGC *AuthGCCfg `yaml:"agents_autodelete,omitempty"`
} }
func (c *Config) LoadDBConfig() error { func (c *Config) LoadDBConfig(inCli bool) error {
if c.DbConfig == nil { if c.DbConfig == nil {
return fmt.Errorf("no database configuration provided") return fmt.Errorf("no database configuration provided")
} }
@ -77,10 +77,8 @@ func (c *Config) LoadDBConfig() error {
c.DbConfig.DecisionBulkSize = maxDecisionBulkSize c.DbConfig.DecisionBulkSize = maxDecisionBulkSize
} }
if c.DbConfig.Type == "sqlite" { if !inCli && c.DbConfig.Type == "sqlite" && c.DbConfig.UseWal == nil {
if c.DbConfig.UseWal == nil { log.Warning("You are using sqlite without WAL, this can have a performance impact. If you do not store the database in a network share, set db_config.use_wal to true. Set explicitly to false to disable this warning.")
log.Warning("You are using sqlite without WAL, this can have a performance impact. If you do not store the database in a network share, set db_config.use_wal to true. Set explicitly to false to disable this warning.")
}
} }
return nil return nil

2
pkg/csconfig/database_test.go
View file

@ -47,7 +47,7 @@ func TestLoadDBConfig(t *testing.T) {
for _, tc := range tests { for _, tc := range tests {
tc := tc tc := tc
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
err := tc.input.LoadDBConfig() err := tc.input.LoadDBConfig(false)
cstest.RequireErrorContains(t, err, tc.expectedErr) cstest.RequireErrorContains(t, err, tc.expectedErr)
if tc.expectedErr != "" { if tc.expectedErr != "" {
return return