This repository has been archived by the owner on Jan 16, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 38bc207
Showing
82 changed files
with
8,947 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| version: 2 | ||
| updates: | ||
| - package-ecosystem: "gomod" # See documentation for possible values | ||
| directory: "/" # Location of package manifests | ||
| schedule: | ||
| interval: "weekly" | ||
| - package-ecosystem: "docker" # See documentation for possible values | ||
| directory: "/" # Location of package manifests | ||
| schedule: | ||
| interval: "weekly" | ||
| - package-ecosystem: "docker" # See documentation for possible values | ||
| directory: "/testing/Dockerfiles" # Location of package manifests | ||
| schedule: | ||
| interval: "weekly" | ||
| - package-ecosystem: "github-actions" # See documentation for possible values | ||
| directory: "/" # Location of package manifests | ||
| schedule: | ||
| interval: "weekly" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| name: YouShallNotPass Integration Test | ||
| run-name: Running YouShallNotPass Integration Tests | ||
| on: | ||
| pull_request: | ||
| types: [opened, edited, ready_for_review, reopened, synchronize] | ||
| jobs: | ||
| hashicorp-integration-test: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set Up Docker | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Set Up Docker Compose | ||
| uses: ndeloof/[email protected] | ||
|
|
||
| - name: Run Hashicorp Integration Test | ||
| run: ./testing/test.sh integration hashicorpclient | ||
|
|
||
| mattermost-integration-test: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set Up Docker | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Set Up Docker Compose | ||
| uses: ndeloof/[email protected] | ||
|
|
||
| - name: Run Mattermost Integration Test | ||
| run: ./testing/test.sh integration mattermostclient | ||
|
|
||
| hashicorp-gitlab-automatic-test: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set Up Docker | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Set Up Docker Compose | ||
| uses: ndeloof/[email protected] | ||
|
|
||
| - name: Run Hashicorp Gitlab Automatic Integration Test | ||
| run: ./testing/test.sh integration hashicorpgitlabautomatic | ||
|
|
||
| hashicorp-gitlab-failure-test: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set Up Docker | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Set Up Docker Compose | ||
| uses: ndeloof/[email protected] | ||
|
|
||
| - name: Run Hashicorp Gitlab Failure Integration Test | ||
| run: ./testing/test.sh integration hashicorpgitlabfail | ||
|
|
||
| # I cannot figure out a way to automate the authentication integration test, which is | ||
| # probably a good thing. | ||
|
|
||
| hashicorp-gitlab-auth-timeout-test: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set Up Docker | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Set Up Docker Compose | ||
| uses: ndeloof/[email protected] | ||
|
|
||
| - name: Run Hashicorp Gitlab Auth Timeout Integration Test | ||
| run: ./testing/test.sh integration hashicorpgitlabtimeout | ||
|
|
||
| hashicorp-gitlab-bash-test: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set Up Docker | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Set Up Docker Compose | ||
| uses: ndeloof/[email protected] | ||
|
|
||
| - name: Run Hashicorp Gitlab Bash Integration Test | ||
| run: ./testing/test.sh integration hashicorpgitlabbash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| name: YouShallNotPass Linter | ||
| run-name: Linting YouShallNotPass | ||
| on: [push] | ||
| jobs: | ||
| golangci-lint: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Run Golangci-Lint | ||
| uses: golangci/golangci-lint-action@v3 | ||
| with: | ||
| version: v1.53 | ||
|
|
||
| shellcheck-lint: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Run ShellCheck | ||
| uses: ludeeus/action-shellcheck@master |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| name: YouShallNotPass Release | ||
| run-name: Create Release for YouShallNotPass | ||
| on: | ||
| push: | ||
| tags: | ||
| '[0-9].[0-9].[0-9]' | ||
|
|
||
| jobs: | ||
| create-release: | ||
| permissions: write-all | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Create Changelog | ||
| uses: heinrichreimer/[email protected] | ||
| id: Changelog | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Add Custom Executors to Artifacts | ||
| run: | | ||
| cd custom_executors | ||
| zip -r github_custom_executor.zip github_custom_executor | ||
| zip -r gitlab_custom_executor.zip gitlab_custom_executor | ||
| cd .. | ||
| working-directory: ${{ github.workspace }} | ||
|
|
||
| - name: Set Up Go | ||
| uses: actions/setup-go@v4 | ||
| with: | ||
| go-version: '1.20' | ||
|
|
||
| - name: Create YouShallNotPass Binary | ||
| run: | | ||
| go build -o youshallnotpass | ||
| - name: Upload Artifacts and Create Release | ||
| uses: softprops/action-gh-release@v1 | ||
| with: | ||
| tag_name: ${{ github.ref }} | ||
| name: Release ${{ github.ref_name }} | ||
| body: | | ||
| ${{ steps.Changelog.outputs.changelog }} | ||
| draft: false | ||
| prerelease: false | ||
| files: | | ||
| custom_executors/github_custom_executor.zip | ||
| custom_executors/gitlab_custom_executor.zip | ||
| youshallnotpass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| name: Run test jobs to validate with YSNP | ||
| on: workflow_dispatch | ||
|
|
||
| jobs: | ||
| Test-job-default-conf-ask-mfa-YSNP: | ||
| runs-on: self-hosted | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
| - run: echo "Job is run after YSNP verification using default checks - fallbacked to user check!" | ||
|
|
||
| Test-job-image-check-YSNP: | ||
| runs-on: self-hosted | ||
| container: | ||
| image: alpine:3.18.4@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
| - run: | | ||
| echo "Job is run after YSNP verification using image + job checks!" | ||
| Test-job-only-ask-mfa-YSNP: | ||
| runs-on: self-hosted | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
| - run: echo "Job is run after YSNP verification using only user check!" | ||
|
|
||
| Test-job-all-checks-YSNP: | ||
| runs-on: self-hosted | ||
| container: | ||
| image: alpine:3.18.4@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
| - run: echo "Job is run after YSNP verification using image + script + hash check!" | ||
|
|
||
| # this is the whitelist config on Vault | ||
| # echo -n '{ | ||
| # "allowed_images": [ | ||
| # "alpine:3.18.4@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978" | ||
| # ], | ||
| # "allowed_scripts": [ | ||
| # "Test-job-image-check-YSNP@sha256:DoBpHT_168adOHRIj5O1bYkai3qrtyvmgNPKNgeID8U=", | ||
| # "Test-job-all-checks-YSNP@sha256:IgO3t_wZKFABuLyUBeQs6wQLvHl476rQFcyBm9GCAAE=" | ||
| # ] | ||
| # }' | vault kv put your_mount_root/your_github_username_or_organization/project_name/whitelist - | ||
|
|
||
| # this is the youshallnotpass_config on Vault | ||
| # echo -n '{ | ||
| # "jobs": [ | ||
| # { | ||
| # "jobName": "Test-job-only-ask-mfa-YSNP", | ||
| # "checks": [ | ||
| # { | ||
| # "name": "mfaRequired" | ||
| # } | ||
| # ] | ||
| # }, | ||
| # { | ||
| # "jobName": "Test-job-all-checks-YSNP", | ||
| # "checks": [ | ||
| # { | ||
| # "name": "mfaRequired" | ||
| # }, | ||
| # { | ||
| # "name": "imageHash" | ||
| # }, | ||
| # { | ||
| # "name": "scriptHash" | ||
| # } | ||
| # ] | ||
| # } | ||
| # ] | ||
| # }' | vault kv put your_mount_root/your_github_username_or_organization/project_name/youshallnotpass_config - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| name: YouShallNotPass Unit Test | ||
| run-name: Running YouShallNotPass Unit Tests | ||
| on: [push] | ||
| jobs: | ||
| golang-unit-test: | ||
| runs-on: ubuntu-latest | ||
| container: | ||
| image: golang:alpine3.18@sha256:7839c9f01b5502d7cb5198b2c032857023424470b3e31ae46a8261ffca72912a | ||
| steps: | ||
| - name: Check out Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Add Bash Dependencies | ||
| run: | | ||
| apk update | ||
| apk add bash | ||
| - name: Execute Bash Testing Script | ||
| run: ./testing/test.sh unit |
Oops, something went wrong.