Merge pull request #239 from Secure-Compliance-Solutions-LLC/dev

v21.4.2-v3

.github/workflows/docker-publish.yml

@@ -23,8 +23,46 @@ permissions:
   packages: write
 
 jobs:
-  build_apks:
-    name: Build APKs
+  build_test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set tag var
+        id: vars
+        run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}
+
+      - name: Download artifact
+        uses: dawidd6/action-download-artifact@v2
+        with:
+          # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed
+          # Required, if artifact is from a different repo
+          github_token: ${{secrets.GITHUB_TOKEN}}
+          # Required, workflow file name or ID
+          workflow: build-apk.yml
+          # Optional, will use the branch
+          branch: master
+          # Optional, uploaded artifact name,
+          # will download all artifacts if not specified
+          # and extract them in respective subdirectories
+          # https://github.com/actions/download-artifact#download-all-artifacts
+          name: apk-builds
+          # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input)
+          path: ${{ github.workspace }}/apk-build/
+          # Optional, defaults to current repo
+          repo: Secure-Compliance-Solutions-LLC/GVM-APK-build
+
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile --build-arg OPT_PDF=1 --tag myapp:${{ steps.vars.outputs.docker_tag }}
+
+      - name: Scan with Phonito Security
+        uses: phonito/phonito-scanner-action@master
+        with:
+          image: myapp:${{ steps.vars.outputs.docker_tag }}
+          phonito-token: ${{ secrets.PHONITO_TOKEN }}
+
+  build_release:
+    name: Build and Release
     runs-on: ubuntu-latest
 
     outputs:
@@ -139,6 +177,7 @@ jobs:
           images: ${{ steps.releasePreare.outputs.images }}
           flavor: |
             latest=${{ steps.releasePreareLatestTag.outputs.latest}}
+            onlatest=${{ steps.releasePreareLatestTag.outputs.latest}}
             prefix=
             suffix=-full
           tags: |
@@ -172,6 +211,7 @@ jobs:
           images: ${{ steps.releasePreare.outputs.images }}
           flavor: |
             latest=${{ steps.releasePreareLatestTag.outputs.latest}}
+            onlatest=${{ steps.releasePreareLatestTag.outputs.latest}}
             prefix=
             suffix=-data
           tags: |
@@ -203,6 +243,7 @@ jobs:
           images: ${{ steps.releasePreare.outputs.images }}
           flavor: |
             latest=${{ steps.releasePreareLatestTag.outputs.latest}}
+            onlatest=${{ steps.releasePreareLatestTag.outputs.latest}}
             prefix=
             suffix=-data-full
           tags: |

scripts/start.sh

@@ -32,6 +32,13 @@ mkdir -p /var/lib/gvm/private
 mkdir -p /var/lib/gvm/scap-data
 chown gvm:gvm -R /var/lib/gvm
 
+# fix for greenbone-nvt-sync
+mkdir -p /run/ospd/
+chown gvm:gvm /run/ospd
+su -c "touch /run/ospd/feed-update.lock" gvm
+mkdir -p /var/lib/openvas/plugins/
+chown -R gvm:gvm /var/lib/openvas/plugins/
+
 ## This need on HyperVisor for GVM
 #echo 'never' >/sys/kernel/mm/transparent_hugepage/enabled
 #echo 'never' >/sys/kernel/mm/transparent_hugepage/defrag

scripts/sync-all.sh

@@ -31,7 +31,8 @@ if [ ! -f "/var/lib/gvm/.firstsync" ]; then
 fi
 
 echo "Updating NVTs..."
-su -c "rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet rsync://feed.community.greenbone.net:/nvt-feed /var/lib/openvas/plugins" gvm
+#su -c "rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet rsync://feed.community.greenbone.net:/nvt-feed /var/lib/openvas/plugins" gvm
+su -c "greenbone-nvt-sync" gvm
 sleep 5
 
 echo "Updating GVMd data..."