WIP: Change: Ci: following guidelines

Author: nichtsfrei

.github/install-openvas-dependencies.sh

@@ -10,6 +10,7 @@ apt-get update && apt-get install --no-install-recommends --no-install-suggests
     clang-tools \
     cmake \
     curl \
+    git \
     lcov \
     libgnutls28-dev \
     libgpgme-dev \

.github/workflows/build-container.yml

@@ -1,22 +1,6 @@
 name: Build Container
 
-on:
-  push:
-    branches: [ main, stable, oldstable, middleware ]
-    tags: ["v*"]
-    paths:
-      - .github/workflows/build-container.yml
-      - .docker/build.Dockerfile
-  pull_request:
-    branches: [ main, stable, oldstable, middleware ]
-    paths:
-      - .github/workflows/build-container.yml
-      - .docker/build.Dockerfile
-  workflow_dispatch:
-  repository_dispatch:
-  schedule:
-    # rebuild image every sunday
-    - cron: "0 0 * * 0"
+on: [workflow_call]
 
 jobs:
   build:

.github/workflows/build.yml

@@ -0,0 +1,25 @@
+name: "Build"
+
+on: [workflow_call]
+
+jobs:
+  OpenVAS:
+    runs-on: ubuntu-latest
+    container: greenbone/gvm-libs:stable
+    steps:
+      - uses: actions/checkout@v4
+      - name: install dependencies
+        run: |
+          sh .github/install-openvas-dependencies.sh
+      - name: build 
+        run: |
+          cmake -Bbuild -DCMAKE_C_COMPILER=/usr/share/clang/scan-build-14/libexec/ccc-analyzer
+          scan-build -o ~/scan-build-report cmake --build build
+      - name: Upload scan-build report
+        uses: actions/upload-artifact@v3
+        with:
+          name: scan-build-report
+          path: ~/scan-build-report/
+          retention-days: 7
+  OpenVAS_Daemon:
+    uses: ./.github/workflows/build-rust.yml

.github/workflows/build_and_test.yml

@@ -0,0 +1,40 @@
+name: "Linting"
+
+on: [workflow_call]
+
+jobs:
+  OpenVAS:
+    runs-on: ubuntu-latest
+    container: greenbone/gvm-libs:stable
+    steps:
+      - uses: actions/checkout@v4
+      - name: install dependencies
+        run: |
+          sh .github/install-openvas-dependencies.sh
+      - name: Formatting
+        run: |
+          clang-format --dry-run --Werror -i -style=file {src,misc,nasl}/*.{c,h}
+      - name: unit-tests
+        run: |
+          cmake -Bbuild -DCMAKE_BUILD_TYPE=Release
+          CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test
+  OpenVAS_Daemon:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: rust
+    steps:
+      - uses: actions/checkout@v4
+      - run: sudo apt update && sudo apt-get install -y libpcap-dev
+      - run: rustup update stable && rustup default stable || rustup default stable 
+      - run: cargo install cargo-audit
+      - run: cargo install typos-cli
+      - name: unit-tests
+        run: cargo test --lib --tests --workspace
+      - name: Clippy
+        run: cargo clippy -- -D warnings
+      - name: Audit
+        run: cargo audit
+      - run: typos
+      - name: Formatting
+        run: cargo fmt --check

.github/workflows/ci.yml

@@ -0,0 +1,24 @@
+name: CI
+
+on:
+  push:
+    branches: [ main]
+    tags: ["v*"]
+  pull_request:
+  workflow_dispatch:
+  repository_dispatch:
+  schedule:
+    # rebuild image every sunday
+    - cron: "0 0 * * 0"
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yml
+  linting:
+    uses: ./.github/workflows/ci.yml
+  smoketests:
+    needs: [build]
+    uses: ./.github/workflows/smoketest.yml
+  container:
+    needs: [smoketests]
+    uses: ./.github/workflows/push-container.yml

.github/workflows/codeql-analysis-c.yml renamed to .github/workflows/codeql.yml

@@ -0,0 +1,144 @@
+name: Container
+
+on: [workflow_call]
+
+jobs:
+  production-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: "set IS_VERSION_TAG"
+        run: |
+          echo "IS_VERSION_TAG=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}" >> $GITHUB_ENV
+          # set defaults
+          echo "IS_LATEST_TAG=false" >> $GITHUB_ENV
+      - name: "set IS_LATEST_TAG"
+        if: ( env.IS_VERSION_TAG )
+        run: |
+          # find the latest version that is not ourself
+          export LATEST_VERSION=$(git tag -l | grep -v '${{ github.ref_name }}' | sort -r --version-sort)
+          # get major minor patch versions
+          IFS='.' read -r latest_major latest_minor latest_patch << EOF
+          $LATEST_VERSION
+          EOF
+          IFS='.' read -r tag_major tag_minor tag_patch << EOF
+          ${{ github.ref_name }}
+          EOF
+          # remove leading v
+          latest_major=$(echo $latest_major | cut -c2-)
+          tag_major=$(echo $tag_major | cut -c2-)
+          echo "$tag_major >= $latest_major"
+          if [[ $tag_major -ge $latest_major && ($tag_minor -ne 0 || $tag_patch -ne 0) ]]; then
+            # set this tag to latest and stable
+            echo "IS_LATEST_TAG=true" >> $GITHUB_ENV
+          fi
+      - name: "Setup meta information (IS_VERSION_TAG: ${{ env.IS_VERSION_TAG }}, IS_LATEST_TAG: ${{ env.IS_LATEST_TAG }} )"
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository }}
+          labels: |
+            org.opencontainers.image.vendor=Greenbone
+            org.opencontainers.image.base.name=greenbone/gvm-libs
+          flavor: latest=false # no auto latest container tag for git tags
+          tags: |
+            # when IS_LATEST_TAG is set create a stable and a latest tag
+            type=raw,value=latest,enable=${{ env.IS_LATEST_TAG }}
+            type=raw,value=stable,enable=${{ env.IS_LATEST_TAG }}
+            # if tag version is set than create a version tags
+            type=semver,pattern={{version}},enable=${{ env.IS_VERSION_TAG }}
+            type=semver,pattern={{major}}.{{minor}},enable=${{ env.IS_VERSION_TAG }}
+            type=semver,pattern={{major}},enable=${{ env.IS_VERSION_TAG }}
+            # if we are on the main branch set edge
+            type=edge,branch=main
+            # use branch-sha otherwise for pushes to branches other then main (will not be uploaded)
+            type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
+            # use pr-$PR_ID for pull requests (will not be uploaded)
+            type=ref,event=pr
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - uses: actions/download-artifact@v3
+        with:
+          name: rs-binaries
+          path: assets
+      - run: mkdir -p assets/linux/amd64
+      - run: mkdir -p assets/linux/arm64
+      - run: mv assets/openvasd-aarch64-unknown-linux-gnu assets/linux/arm64/openvasd
+      - run: mv assets/openvasd-x86_64-unknown-linux-gnu assets/linux/amd64/openvasd
+      - run: mv assets/nasl-cli-aarch64-unknown-linux-gnu assets/linux/arm64/nasl-cli
+      - run: mv assets/nasl-cli-x86_64-unknown-linux-gnu assets/linux/amd64/nasl-cli
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
+          file: .docker/prod.Dockerfile
+          build-args: |
+            REPOSITORY=${{ github.repository }}
+          platforms: linux/amd64,linux/aarch64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: "Setup meta information debian:oldstable"
+        id: old_stable_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository }}
+          labels: |
+            org.opencontainers.image.vendor=Greenbone
+            org.opencontainers.image.base.name=greenbone/gvm-libs
+          flavor: latest=false # no auto latest container tag for git tags
+          tags: |
+            # for the images provided for debian:oldstable we just provide
+            # oldstable on an new version or oldstable-edge when it is on main.
+            # oldstable-branch-sha on a branch
+            type=raw,value=oldstable,enable=${{ env.IS_LATEST_TAG }}
+            type=raw,value=oldstable-edge,enable=${{ github.ref_name == 'main' }}
+            type=raw,value=oldstable-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
+            type=ref,event=pr
+      - name: Build and push Container image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
+          file: .docker/prod-oldstable.Dockerfile
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.old_stable_meta.outputs.tags }}
+          labels: ${{ steps.old_stable_meta.outputs.labels }}
+
+      - name: "Setup meta information debian:testing"
+        id: test_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository }}
+          labels: |
+            org.opencontainers.image.vendor=Greenbone
+            org.opencontainers.image.base.name=greenbone/gvm-libs
+          flavor: latest=false # no auto latest container tag for git tags
+          tags: |
+            # for the images provided for debian:testing we just provide
+            # testing on an new version or testing-edge when it is on main.
+            # testing-branch-sha on a branch
+            type=raw,value=testing,enable=${{ env.IS_LATEST_TAG }}
+            type=raw,value=testing-edge,enable=${{ github.ref_name == 'main' }}
+            type=raw,value=testing-{{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
+            type=ref,event=pr
+      - name: Build and push Container image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
+          file: .docker/prod-testing.Dockerfile
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.test_meta.outputs.tags }}
+          labels: ${{ steps.test_meta.outputs.labels }}