Merge pull request #7 from cisagov/improvement/upstream

Improvement/upstream

.github/workflows/build.yml

@@ -0,0 +1,97 @@
+---
+name: build
+
+on: [push]
+
+env:
+  IMAGE_NAME: cisagov/gophish
+  PIP_CACHE_DIR: ~/.cache/pip
+  PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: 3.7
+      - name: Cache pip test requirements
+        uses: actions/cache@v1
+        with:
+          path: ${{ env.PIP_CACHE_DIR }}
+          key: "${{ runner.os }}-pip-test-\
+            ${{ hashFiles('**/requirements-test.txt') }}"
+          restore-keys: |
+            ${{ runner.os }}-pip-test-
+            ${{ runner.os }}-pip-
+      - name: Cache pre-commit hooks
+        uses: actions/cache@v1
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE_DIR }}
+          key: "${{ runner.os }}-pre-commit-\
+            ${{ hashFiles('**/.pre-commit-config.yaml') }}"
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install --upgrade -r requirements-test.txt
+      - name: Run linters on all files
+        run: pre-commit run --all-files
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Determine image version
+        id: get_ver
+        run: |
+          echo "##[set-output name=version;]$(./bump_version.sh show)"
+      - name: Build docker image
+        run: |
+          version=$(./bump_version.sh show)
+          docker build \
+            --tag "$IMAGE_NAME" \
+            --build-arg GIT_COMMIT=$(git log -1 --format=%H) \
+            --build-arg GIT_REMOTE=$(git remote get-url origin) \
+            --build-arg VERSION=${{ steps.get_ver.outputs.version }} \
+            .
+      - name: Save docker image artifact
+        run: |
+          mkdir dist
+          version=$(./bump_version.sh show)
+          docker save $IMAGE_NAME:latest | gzip > dist/image.tar.gz
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v1
+        with:
+          name: dist
+          path: dist
+  test:
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: 3.7
+      - name: Cache pip test requirements
+        uses: actions/cache@v1
+        with:
+          path: ${{ env.PIP_CACHE_DIR }}
+          key: "${{ runner.os }}-pip-test-\
+            ${{ hashFiles('**/requirements-test.txt') }}"
+          restore-keys: |
+            ${{ runner.os }}-pip-test-
+            ${{ runner.os }}-pip-
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install --upgrade -r requirements-test.txt
+      - name: Download docker image artifact
+        uses: actions/download-artifact@v1
+        with:
+          name: dist
+      - name: Load docker image
+        run: docker load < dist/image.tar.gz
+      - name: Run tests
+        env:
+          RELEASE_TAG: ${{ github.event.release.tag_name }}
+        run: pytest

.github/workflows/release.yml

@@ -0,0 +1,53 @@
+---
+name: release
+
+on:
+  release:
+    types: [prereleased, released]
+
+env:
+  IMAGE_NAME: cisagov/gophish
+  DOCKER_PW: ${{ secrets.DOCKER_PW }}
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: 3.7
+      - name: Determine image version
+        id: get_ver
+        run: |
+          echo "##[set-output name=version;]$(./bump_version.sh show)"
+      - name: Build Docker image
+        run: |
+          docker build \
+            --tag "$IMAGE_NAME" \
+            --build-arg GIT_COMMIT=$(git log -1 --format=%H) \
+            --build-arg GIT_REMOTE=$(git remote get-url origin) \
+            --build-arg VERSION=${{ steps.get_ver.outputs.version }} \
+            .
+      - name: Tag Docker image
+        run: |
+          IFS='.' read -r -a version_array \
+            <<< "${{ steps.get_ver.outputs.version }}"
+          docker login --username "$DOCKER_USER" --password "$DOCKER_PW"
+          docker tag "$IMAGE_NAME" "${IMAGE_NAME}:latest"
+          docker tag "$IMAGE_NAME" \
+            "${IMAGE_NAME}:${{ steps.get_ver.outputs.version }}"
+          docker tag "$IMAGE_NAME" \
+            "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}"
+          docker tag "$IMAGE_NAME" "${IMAGE_NAME}:${version_array[0]}"
+      - name: Publish image to Docker Hub
+        run: |
+          IFS='.' read -r -a version_array \
+            <<< "${{ steps.get_ver.outputs.version }}"
+          docker push "${IMAGE_NAME}:latest"
+          docker push "${IMAGE_NAME}:${{ steps.get_ver.outputs.version }}"
+          docker push "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}"
+          docker push "${IMAGE_NAME}:${version_array[0]}"
+      - name: Publish README.md to Docker Hub
+        run: ./push_readme.sh

.pre-commit-config.yaml

@@ -1,7 +1,11 @@
 ---
+default_language_version:
+  # force all unspecified python hooks to run python3
+  python: python3
+
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.2.3
+    rev: v2.4.0
     hooks:
       - id: check-executables-have-shebangs
       - id: check-json
@@ -24,32 +28,32 @@ repos:
       - id: requirements-txt-fixer
       - id: trailing-whitespace
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.17.0
+    rev: v0.19.0
     hooks:
       - id: markdownlint
         args:
           - --config=.mdl_config.json
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.16.0
+    rev: v1.18.0
     hooks:
       - id: yamllint
   - repo: https://github.com/detailyang/pre-commit-shell
     rev: 1.0.5
     hooks:
       - id: shell-lint
   - repo: https://gitlab.com/pycqa/flake8
-    rev: 3.7.7
+    rev: 3.7.9
     hooks:
       - id: flake8
         additional_dependencies:
           - flake8-docstrings
   - repo: https://github.com/asottile/pyupgrade
-    rev: v1.19.0
+    rev: v1.25.1
     hooks:
       - id: pyupgrade
   # Run bandit on "tests" tree with a configuration
   - repo: https://github.com/PyCQA/bandit
-    rev: 1.6.1
+    rev: 1.6.2
     hooks:
       - id: bandit
         name: bandit (tests tree)
@@ -64,11 +68,11 @@ repos:
         name: bandit (everything else)
         exclude: tests
   - repo: https://github.com/python/black
-    rev: 19.3b0
+    rev: 19.10b0
     hooks:
       - id: black
   - repo: https://github.com/ansible/ansible-lint.git
-    rev: v4.1.0a0
+    rev: v4.1.1a3
     hooks:
       - id: ansible-lint
   - repo: https://github.com/antonbabenko/pre-commit-terraform.git

README.md

@@ -1,11 +1,13 @@
 # gophish-docker 🎣🐳 #
 
-[![Build Status](https://travis-ci.com/cisagov/gophish-docker.svg?branch=develop)](https://travis-ci.com/cisagov/gophish-docker)
+[![GitHub Build Status](https://github.com/cisagov/gophish-docker/workflows/build/badge.svg)](https://github.com/cisagov/gophish-docker/actions)
+[![Total alerts](https://img.shields.io/lgtm/alerts/g/cisagov/gophish-docker.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/cisagov/gophish-docker/alerts/)
+[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/cisagov/gophish-docker.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/cisagov/gophish-docker/context:python)
 
 ## Docker Image ##
 
-![MicroBadger Layers](https://img.shields.io/microbadger/layers/dhsncats/gophish.svg)
-![MicroBadger Size](https://img.shields.io/microbadger/image-size/dhsncats/gophish.svg)
+![MicroBadger Layers](https://img.shields.io/microbadger/layers/cisagov/gophish.svg)
+![MicroBadger Size](https://img.shields.io/microbadger/image-size/cisagov/gophish.svg)
 
 Creates a Docker container with an installation of the
 [gophish](https://getgophish.com) phishing framework.
@@ -14,11 +16,11 @@ Creates a Docker container with an installation of the
 
 ### Install ###
 
-Pull `dhsncats/gophish` from the Docker repository:
+Pull `cisagov/gophish` from the Docker repository:
 
-    docker pull dhsncats/gophish
+    docker pull cisagov/gophish
 
-Or build `dhsncats/gophish` from source:
+Or build `cisagov/gophish` from source:
 
     git clone https://github.com/cisagov/gophish-docker.git
     cd gophish-docker

docker-compose.yml

@@ -20,7 +20,7 @@ services:
       # e.g., --build-arg VERSION=0.0.1
       context: .
       dockerfile: Dockerfile
-    image: dhsncats/gophish
+    image: cisagov/gophish
     init: true
     restart: always
     ports:

src/secrets/config.json

@@ -1,5 +1,6 @@
 {
   "admin_server": {
+    "api_key_init": "dba840fa0f7e03851ca695801f41c4a50fbbdb653ece0e2cdebbcb2977e5dfe1",
     "cert_path": "/run/secrets/admin_fullchain.pem",
     "key_path": "/run/secrets/admin_privkey.pem",
     "listen_url": "0.0.0.0:3333",

src/version.txt

@@ -1 +1 @@
-__version__ = "0.0.4"
+__version__ = "0.0.5"

tests/container_test.py

@@ -6,7 +6,7 @@
 import time
 
 READY_MESSAGE = "Starting admin server"
-TRAVIS_TAG = os.getenv("TRAVIS_TAG")
+RELEASE_TAG = os.getenv("RELEASE_TAG")
 VERSION_FILE = "src/version.txt"
 
 
@@ -33,7 +33,7 @@ def test_wait_for_ready(main_container):
 
 
 @pytest.mark.skipif(
-    TRAVIS_TAG in [None, ""], reason="this is not a release (TRAVIS_TAG not set)"
+    RELEASE_TAG in [None, ""], reason="this is not a release (RELEASE_TAG not set)"
 )
 def test_release_version():
     """Verify that release tag version agrees with the module version."""
@@ -42,8 +42,8 @@ def test_release_version():
         exec(f.read(), pkg_vars)  # nosec
     project_version = pkg_vars["__version__"]
     assert (
-        TRAVIS_TAG == f"v{project_version}"
-    ), "TRAVIS_TAG does not match the project version"
+        RELEASE_TAG == f"v{project_version}"
+    ), "RELEASE_TAG does not match the project version"
 
 
 def test_container_version_label_matches(main_container):