jump_psexec and jump_wmi updates #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Pulled from Thanatos (https://github.com/MythicAgents/thanatos/blob/rewrite/.github/workflows/image.yml) - MEhrn00 | |
# Name for the Github actions workflow | |
name: Build and push container images | |
on: | |
# Only run workflow when there is a new release published in Github | |
#release: | |
# types: [published] | |
push: | |
branches: | |
- 'master' | |
- 'Mythic3.3' | |
tags: | |
- "v*.*.*" | |
# Variables holding configuration settings | |
env: | |
# Container registry the built container image will be pushed to | |
REGISTRY: ghcr.io | |
# Set the container image name to the Github repository name. (MythicAgents/apollo) | |
AGENT_IMAGE_NAME: ${{ github.repository }} | |
# Description label for the package in Github | |
IMAGE_DESCRIPTION: ${{ github.repository }} container for use with Mythic | |
# Source URL for the package in Github. This links the Github repository packages list | |
# to this container image | |
IMAGE_SOURCE: ${{ github.server_url }}/${{ github.repository }} | |
# License for the container image | |
IMAGE_LICENSE: BSD-3-Clause | |
# Set the container image version to the Github release tag | |
VERSION: ${{ github.ref_name }} | |
#VERSION: ${{ github.event.head_commit.message }} | |
RELEASE_BRANCH: master | |
jobs: | |
# Builds the base container image and pushes it to the container registry | |
agent_build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
packages: write | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 # ref: https://github.com/marketplace/actions/checkout | |
- name: Log in to the container registry | |
uses: docker/login-action@v3 # ref: https://github.com/marketplace/actions/docker-login | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
with: | |
platforms: 'arm64,arm' | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
# the following are unique to this job | |
- name: Lowercase the server container image name | |
run: echo "AGENT_IMAGE_NAME=${AGENT_IMAGE_NAME,,}" >> ${GITHUB_ENV} | |
- name: Build and push the server container image | |
uses: docker/build-push-action@v5 # ref: https://github.com/marketplace/actions/build-and-push-docker-images | |
with: | |
context: Payload_Type/apollo | |
file: Payload_Type/apollo/Dockerfile | |
tags: | | |
${{ env.REGISTRY }}/${{ env.AGENT_IMAGE_NAME }}:${{ env.VERSION }} | |
${{ env.REGISTRY }}/${{ env.AGENT_IMAGE_NAME }}:latest | |
push: ${{ github.ref_type == 'tag' }} | |
# These container metadata labels allow configuring the package in Github | |
# packages. The source will link the package to this Github repository | |
labels: | | |
org.opencontainers.image.source=${{ env.IMAGE_SOURCE }} | |
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }} | |
org.opencontainers.image.licenses=${{ env.IMAGE_LICENSE }} | |
platforms: linux/amd64,linux/arm64 | |
update_files: | |
runs-on: ubuntu-latest | |
needs: | |
- agent_build | |
permissions: | |
contents: write | |
packages: write | |
steps: | |
# Pull in the repository code | |
- name: Checkout the repository | |
uses: actions/checkout@v4 # ref: https://github.com/marketplace/actions/checkout | |
# update names to lowercase | |
- name: Lowercase the container image name | |
run: echo "AGENT_IMAGE_NAME=${AGENT_IMAGE_NAME,,}" >> ${GITHUB_ENV} | |
# The Dockerfile which Mythic uses to pull in the base container image needs to be | |
# updated to reference the newly built container image | |
- name: Fix the server Dockerfile reference to reference the new release tag | |
working-directory: Payload_Type/apollo | |
run: | | |
sed -i "s|^FROM ghcr\.io.*$|FROM ${REGISTRY}/${AGENT_IMAGE_NAME}:${VERSION}|" Dockerfile | |
- name: Update package.json version | |
uses: jossef/[email protected] | |
with: | |
file: config.json | |
field: remote_images.apollo | |
value: ${{env.REGISTRY}}/${{env.AGENT_IMAGE_NAME}}:${{env.VERSION}} | |
# Push the changes to the Dockerfile | |
- name: Push the updated base Dockerfile image reference changes | |
if: ${{ github.ref_type == 'tag' }} | |
uses: EndBug/add-and-commit@v9 # ref: https://github.com/marketplace/actions/add-commit | |
with: | |
# Only add the Dockerfile changes. Nothing else should have been modified | |
add: "['Payload_Type/apollo/Dockerfile', 'config.json']" | |
# Use the Github actions bot for the commit author | |
default_author: github_actions | |
committer_email: github-actions[bot]@users.noreply.github.com | |
# Set the commit message | |
message: "Bump Dockerfile tag to match release '${{ env.VERSION }}'" | |
# Overwrite the current git tag with the new changes | |
tag: '${{ env.VERSION }} --force' | |
# Push the new changes with the tag overwriting the current one | |
tag_push: '--force' | |
# Push the commits to the branch marked as the release branch | |
push: origin HEAD:${{ env.RELEASE_BRANCH }} --set-upstream | |
# Have the workflow fail in case there are pathspec issues | |
pathspec_error_handling: exitImmediately |