pentest #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: pentest | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 3 1,15 * *' | |
- cron: '0 2 * * 0' | |
jobs: | |
scanner: | |
if: (github.event.schedule == '0 3 1,15 * *') || (github.event.workflow_dispatch) | |
runs-on: [self-hosted, linux, x64, ubuntu-server] | |
steps: | |
- name: Start dotCMS with docker | |
id: start-dotcms | |
run: | | |
docker-compose down && docker-compose up -d | |
- name: Install updates | |
run: sudo apt-get update | |
- name: Pull dotCMS/core-test-results repository | |
run: | | |
git config pull.rebase false | |
git remote set-url origin [email protected]:dotCMS/core-test-results.git | |
git pull origin master | |
working-directory: /home/ubuntu/core-test-results | |
- name: Get latest release version | |
id: get-latest-release | |
run: | | |
releases=$(curl -s "https://api.github.com/repos/dotCMS/core/releases") | |
release_version=$(echo "$releases" | jq -r '.[].tag_name' | sort -rV | head -n 1 | sed 's/^v//') | |
formatted_version="release-$release_version" | |
echo "Latest release version: $formatted_version" | |
echo "release_version=$formatted_version" >> $GITHUB_ENV | |
- name: Check if web server is running | |
run: | | |
server_status=$(wget --spider -S http://localhost:8082 2>&1 | grep "HTTP/" | awk '{print $2}') | |
if [[ "$server_status" == "200" ]]; then | |
echo "Web server is running" | |
else | |
echo "Web server is not running" | |
exit 1 | |
fi | |
- name: Run nikto scan | |
run: | | |
report_dir="/home/ubuntu/core-test-results/pentest/$(date +'%Y-%m-%d')-$release_version" | |
mkdir -p "$report_dir" | |
nikto -h localhost:8082 |& tee "$report_dir/report.txt" | |
- name: Run sslscan | |
run: | | |
report_dir="/home/ubuntu/test-results/pentest/$(date +'%Y-%m-%d')-$release_version" | |
mkdir -p "$report_dir" | |
sslscan localhost:8443 |& tee "$report_dir/sslscan_report.txt" | |
- name: Run htmlreport.py | |
run: python3 /home/ubuntu/htmlreport.py $release_version | |
- name: Run clear-old-tests.py | |
run: python3 /home/ubuntu/clear-old-tests.py $release_version | |
- name: Stop dotCMS | |
run: docker-compose down | |
working-directory: /home/ubuntu | |
- name: Switch to release branch | |
run: | | |
branch_name="${{ env.release_version }}" | |
git fetch origin "$branch_name" && git checkout "$branch_name" || git checkout -b "$branch_name" | |
working-directory: /home/ubuntu/core-test-results | |
- name: Add files and commit changes | |
run: | | |
git add . | |
git commit -m "Add test results for release ${{ env.release_version }}" | |
working-directory: /home/ubuntu/core-test-results | |
- name: Push changes to dotCMS/core-test-results repository | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.SECRET_PENTEST_TOKEN }} | |
branch: ${{ env.release_version }} | |
force: true | |
directory: /home/ubuntu/core-test-results/ | |
repository: dotCMS/core-test-results | |
maintenance: | |
if: github.event.schedule == '0 2 * * 0' | |
runs-on: [self-hosted, linux, x64, ubuntu-server] | |
steps: | |
- name: Connect to self-hosted runner | |
run: echo "Connecting to self-hosted runner to avoid termination due to inactivity" |