Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Dependabot.yml and Docker Container Build and release workflow #7

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
83 changes: 83 additions & 0 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
#
# To use this workflow a GITHUB_TOKEN is necessary to create as a secret in the github repository
# with thedescribed scope in the documentation: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry
#

name: Build and Release Docker Package
on:
release:
types: [published]
push:
tags:
- v*.*.*
branches:
- main
schedule:
- cron: '0 0 * * 0'
- cron: '0 0 * * 4'

env:
GITHUB_REPO: ${{ github.repository }}
DOCKER_REPO: PLEASECHANGE
NAME: sigma-cli

jobs:
build-and-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
# https://github.com/docker/build-push-action/blob/master/docs/advanced/push-multi-registries.md
# $DOCKER_REPO/$NAME
images: |
name=${{env.DOCKER_REPO}}/${{env.NAME}},enable=false
name=ghcr.io/${{env.GITHUB_REPO}}/${{env.NAME}},enable=true
# generate Docker tags based on the following events/attributes
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha

- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

#- name: Login to Docker Hub
# uses: docker/login-action@v2
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push for push event
uses: docker/build-push-action@v3
with:
# https://github.com/docker/build-push-action/blob/master/docs/advanced/tags-labels.md
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

#- name: Update repo description
# # https://github.com/docker/build-push-action/blob/master/docs/advanced/dockerhub-desc.md
# if: ${{ github.event_name == 'release' }}
# uses: peter-evans/dockerhub-description@v2
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
# repository: $DOCKER_REPO/$NAME
28 changes: 28 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Use Alpine Python 3 Image as Base
FROM python:3-alpine

# Set Environment Variables
ENV PUID=1000
ENV PGID=1000
ENV USER=abc

# Add Non-Root User
RUN set -eux; \
echo "**** create $USER user and $USER group with home directory /opt/sigma ****" && \
addgroup -S $USER && \
adduser -u $PUID -s /bin/false -h /opt/sigma -S -G $USER $USER && \
adduser $USER users

# Add Files
COPY sigma/cli /opt/sigma/

# Change Directory
WORKDIR /opt/sigma-cli

# Install Python Modules
RUN set -eux; \
python -m pip install sigma-cli;

# Use sigma as entrypoint
ENTRYPOINT ["sigma"]

10 changes: 10 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,16 @@ poetry install
poetry shell
```

The third way is via an docker container:
```
# Download the sigma rules:
git clone https://github.com/SigmaHQ/sigma.git
# Add an alias:
echo "alias sigma='docker run -ti -v $PWD/sigma/rules:/opt/sigma/rules ghcr.io/sigmahq/sigma-cli/sigma-cli:latest'" >> ~/.bashrc
# Use sigma:
sigma convert -t <backend> -p <processing pipeline 1> -p <processing pipeline 2> [...] /opt/sigma/rules
```

### Usage

The CLI is available as *sigma* command. A typical invocation is:
Expand Down