From 670cbddbbece1fea29f5c10fc7062014de8fa6f5 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 10:18:52 +0200 Subject: [PATCH 01/21] Create Dockerfile --- Dockerfile | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b422b44 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +# Use Alpine Python 3 Image as Base +FROM python:3-alpine + +# Add Files +COPY sigma-cli /opt/sigma-cli +# Change Directory +WORKDIR /opt/sigma-cli + +# Install Python Modules +RUN set -eux; \ + python -m pipx install sigma-cli; \ + +# Execute sigma +CMD ["sigma"] From 5b3febba78a4428fe517d1a2e72805ab1e2473c1 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 10:32:23 +0200 Subject: [PATCH 02/21] Create dependabot.yml --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..2c7d170 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" From b7cde2efb0037c571c6b7775331b53ee4acd57c0 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 10:57:59 +0200 Subject: [PATCH 03/21] Create release-docker.yml --- .github/workflows/release-docker.yml | 80 ++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 .github/workflows/release-docker.yml diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml new file mode 100644 index 0000000..e0c5376 --- /dev/null +++ b/.github/workflows/release-docker.yml @@ -0,0 +1,80 @@ +# +# To use this workflow a GITHUB_TOKEN is necessary to create as a secret in the github repository +# with thedescribed scope in the documentation: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry +# + +name: Release to Github Docker Package +on: + release: + types: [published] + push: + tags: + - v*.*.* + branches: + - main + schedule: + - cron: '0 0 * * 0' + - cron: '0 0 * * 4' + +env: + GITHUB_REPO: ${{ github.repository }} + DOCKER_REPO: PLEASECHANGE + NAME: sigma-cli + +jobs: + build-and-publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + # list of Docker images to use as base name for tags + # https://github.com/docker/build-push-action/blob/master/docs/advanced/push-multi-registries.md + images: | + # $DOCKER_REPO/$NAME + ghcr.io/$GITHUB_REPO/$NAME + # generate Docker tags based on the following events/attributes + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + #- name: Login to Docker Hub + # uses: docker/login-action@v2 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push for push event + uses: docker/build-push-action@v3 + with: + # https://github.com/docker/build-push-action/blob/master/docs/advanced/tags-labels.md + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Update repo description + # https://github.com/docker/build-push-action/blob/master/docs/advanced/dockerhub-desc.md + if: ${{ github.event_name == 'release' }} + uses: peter-evans/dockerhub-description@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + repository: $DOCKER_REPO/$NAME From 4da33999888466bed7acd2943bc096cc9a77f528 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:00:28 +0200 Subject: [PATCH 04/21] Update release-docker.yml Try to fix Issue --- .github/workflows/release-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml index e0c5376..37d5c46 100644 --- a/.github/workflows/release-docker.yml +++ b/.github/workflows/release-docker.yml @@ -33,8 +33,8 @@ jobs: with: # list of Docker images to use as base name for tags # https://github.com/docker/build-push-action/blob/master/docs/advanced/push-multi-registries.md - images: | # $DOCKER_REPO/$NAME + images: | ghcr.io/$GITHUB_REPO/$NAME # generate Docker tags based on the following events/attributes tags: | From b9be06f539f417d2b7f427ec8129546a0c54039b Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:08:11 +0200 Subject: [PATCH 05/21] Update and rename release-docker.yml to docker.yml Fix issues for tags --- .../{release-docker.yml => docker.yml} | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) rename .github/workflows/{release-docker.yml => docker.yml} (81%) diff --git a/.github/workflows/release-docker.yml b/.github/workflows/docker.yml similarity index 81% rename from .github/workflows/release-docker.yml rename to .github/workflows/docker.yml index 37d5c46..6d0e8ec 100644 --- a/.github/workflows/release-docker.yml +++ b/.github/workflows/docker.yml @@ -35,7 +35,8 @@ jobs: # https://github.com/docker/build-push-action/blob/master/docs/advanced/push-multi-registries.md # $DOCKER_REPO/$NAME images: | - ghcr.io/$GITHUB_REPO/$NAME + name=PLEASECHANGE/sigma-cli,enable=false + name=ghcr.io/${GITHUB_REPOSITORY}/${{NAME}},enable=true # generate Docker tags based on the following events/attributes tags: | type=schedule @@ -70,11 +71,11 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - name: Update repo description - # https://github.com/docker/build-push-action/blob/master/docs/advanced/dockerhub-desc.md - if: ${{ github.event_name == 'release' }} - uses: peter-evans/dockerhub-description@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: $DOCKER_REPO/$NAME + #- name: Update repo description + # # https://github.com/docker/build-push-action/blob/master/docs/advanced/dockerhub-desc.md + # if: ${{ github.event_name == 'release' }} + # uses: peter-evans/dockerhub-description@v2 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_PASSWORD }} + # repository: $DOCKER_REPO/$NAME From 67834b42a3e0a187c25669b0b3cdfe8509d4f024 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:10:30 +0200 Subject: [PATCH 06/21] Update docker.yml Test env substituion --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6d0e8ec..62f1b6e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,7 +36,7 @@ jobs: # $DOCKER_REPO/$NAME images: | name=PLEASECHANGE/sigma-cli,enable=false - name=ghcr.io/${GITHUB_REPOSITORY}/${{NAME}},enable=true + name=ghcr.io/${GITHUB_REPOSITORY}/${{env.NAME}},enable=true # generate Docker tags based on the following events/attributes tags: | type=schedule From 7ae0839cd67b171db55d11b2e159b4111e7735c1 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:12:23 +0200 Subject: [PATCH 07/21] Update docker.yml Fix env for github repo name --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 62f1b6e..ff10cd5 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,7 +36,7 @@ jobs: # $DOCKER_REPO/$NAME images: | name=PLEASECHANGE/sigma-cli,enable=false - name=ghcr.io/${GITHUB_REPOSITORY}/${{env.NAME}},enable=true + name=ghcr.io/${{env.GITHUB_REPOSITORY}}/${{env.NAME}},enable=true # generate Docker tags based on the following events/attributes tags: | type=schedule From a92425c98f7d5abda4bdb08848f727d0b0aa3cb3 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:13:01 +0200 Subject: [PATCH 08/21] Update docker.yml Rename Workflow --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ff10cd5..489d689 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,7 +3,7 @@ # with thedescribed scope in the documentation: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry # -name: Release to Github Docker Package +name: Build and Release Docker Package on: release: types: [published] From 149989e83f9d0a21b0bd06102af688f0eef2443f Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:14:36 +0200 Subject: [PATCH 09/21] Update docker.yml Fix env variables --- .github/workflows/docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 489d689..f58dbe4 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -35,8 +35,8 @@ jobs: # https://github.com/docker/build-push-action/blob/master/docs/advanced/push-multi-registries.md # $DOCKER_REPO/$NAME images: | - name=PLEASECHANGE/sigma-cli,enable=false - name=ghcr.io/${{env.GITHUB_REPOSITORY}}/${{env.NAME}},enable=true + name=${{env.DOCKER_REPO}}/${{env.NAME}},enable=false + name=ghcr.io/${{env.GITHUB_REPO}}/${{env.NAME}},enable=true # generate Docker tags based on the following events/attributes tags: | type=schedule From 67ff120df6cf638b3a753d459b9d987cf0ef98d8 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:16:27 +0200 Subject: [PATCH 10/21] Update docker.yml Add Set up qumu step --- .github/workflows/docker.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f58dbe4..7478fe8 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -47,6 +47,8 @@ jobs: type=semver,pattern={{major}} type=sha + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 From 487be6cc4c28208eac591b94bc4d48e0502e1a5e Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:17:54 +0200 Subject: [PATCH 11/21] Update Dockerfile Fix RUN issue --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index b422b44..0db8ef9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,8 @@ WORKDIR /opt/sigma-cli # Install Python Modules RUN set -eux; \ - python -m pipx install sigma-cli; \ + python -m pipx install sigma-cli; + +# Use sigma as entrypoint +ENTRYPOINT ["sigma"] -# Execute sigma -CMD ["sigma"] From f5be4cda4a5a2037cfaf62532aa1c0de27a637da Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:19:00 +0200 Subject: [PATCH 12/21] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0db8ef9..84dab57 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM python:3-alpine # Add Files -COPY sigma-cli /opt/sigma-cli +COPY sigma-cli /opt/ # Change Directory WORKDIR /opt/sigma-cli From 3ebd778d85c6853ee2dda408377121379716762a Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:36:31 +0200 Subject: [PATCH 13/21] Update Dockerfile Add non-priv user --- Dockerfile | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 84dab57..a216abe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,30 @@ # Use Alpine Python 3 Image as Base FROM python:3-alpine +# Set Environment Variables +ENV PUID=1000 +ENV PGID=1000 + +# Add Non-Root User +RUN set -eux; \ + echo "**** create abc user and make our folders ****" && \ + groupmod -g $PGID users && \ + useradd -u $PUID -U -d /config -s /bin/false abc && \ + usermod -G users abc && \ + mkdir -p /opt/sigma && \ + chmod -R abc. /opt/sigma + + # Add Files -COPY sigma-cli /opt/ +COPY sigma/cli /opt/sigma/ + # Change Directory WORKDIR /opt/sigma-cli # Install Python Modules RUN set -eux; \ - python -m pipx install sigma-cli; + python -m pipx install sigma-cli; \ + chmod -R abc. /opt/sigma; # Use sigma as entrypoint ENTRYPOINT ["sigma"] From 90b9f648490ebccba382ef0e346b9b85710878a7 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:39:24 +0200 Subject: [PATCH 14/21] Update Dockerfile Fix user add lines --- Dockerfile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index a216abe..494fc2c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,11 +8,9 @@ ENV PGID=1000 # Add Non-Root User RUN set -eux; \ echo "**** create abc user and make our folders ****" && \ - groupmod -g $PGID users && \ - useradd -u $PUID -U -d /config -s /bin/false abc && \ - usermod -G users abc && \ - mkdir -p /opt/sigma && \ - chmod -R abc. /opt/sigma + #groupmod -g $PGID users && \ + useradd -u $PUID -U -d /opt/sigma -s /bin/false abc && \ + usermod -G users abc # Add Files From e732c3989ff0ac36ea799de09e6f850fea7cfec4 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:46:26 +0200 Subject: [PATCH 15/21] Update Dockerfile --- Dockerfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 494fc2c..4c4e8ed 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,13 +4,14 @@ FROM python:3-alpine # Set Environment Variables ENV PUID=1000 ENV PGID=1000 +ENV USER=abc # Add Non-Root User RUN set -eux; \ - echo "**** create abc user and make our folders ****" && \ - #groupmod -g $PGID users && \ - useradd -u $PUID -U -d /opt/sigma -s /bin/false abc && \ - usermod -G users abc + echo "**** create $USER user and $USER group with home directory /opt/sigma ****" && \ + addgroup -S $USER && \ + adduser -u $PUID -s /bin/false -h /opt/sigma -S -G $USER $USER && \ + adduser $USER users # Add Files From d51baabb436ce23bf8fb49dab5c26d84bd8d2628 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:48:21 +0200 Subject: [PATCH 16/21] Update Dockerfile Change from pipx to pip --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4c4e8ed..d56a74f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,8 +12,7 @@ RUN set -eux; \ addgroup -S $USER && \ adduser -u $PUID -s /bin/false -h /opt/sigma -S -G $USER $USER && \ adduser $USER users - - + # Add Files COPY sigma/cli /opt/sigma/ @@ -22,7 +21,7 @@ WORKDIR /opt/sigma-cli # Install Python Modules RUN set -eux; \ - python -m pipx install sigma-cli; \ + python -m pip install sigma-cli; \ chmod -R abc. /opt/sigma; # Use sigma as entrypoint From 20e1c439ec34c15aba591b4973725e03855dafe0 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 11:50:04 +0200 Subject: [PATCH 17/21] Update Dockerfile --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d56a74f..eb27e5a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,8 +21,7 @@ WORKDIR /opt/sigma-cli # Install Python Modules RUN set -eux; \ - python -m pip install sigma-cli; \ - chmod -R abc. /opt/sigma; + python -m pip install sigma-cli; # Use sigma as entrypoint ENTRYPOINT ["sigma"] From eeb7e4bb57ed174a07b7142cc0321e0c3c4cba4e Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 12:18:39 +0200 Subject: [PATCH 18/21] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 4a68bbc..450f270 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,12 @@ poetry install poetry shell ``` +### Docker Usage +docker pull docker pull ghcr.io/sigmaHQ/sigma-cli/sigma-cli:latest +docker run \ + -v /rules:/opt/sigma/rules + convert -t -t -p -p [...] /opt/sigma/rules + ### Usage The CLI is available as *sigma* command. A typical invocation is: From 55cc14a9b8d1ff309a08a0ecbe6afe72a34145d7 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 12:27:57 +0200 Subject: [PATCH 19/21] Update README.md --- README.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 450f270..13c930e 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,15 @@ poetry install poetry shell ``` -### Docker Usage -docker pull docker pull ghcr.io/sigmaHQ/sigma-cli/sigma-cli:latest -docker run \ - -v /rules:/opt/sigma/rules - convert -t -t -p -p [...] /opt/sigma/rules +The third way is via an docker container: +``` +# Download the sigma rules: +git clone https://github.com/SigmaHQ/sigma.git +# Add an alias: +echo "alias sigma='docker run -v $PWD/sigma/rules:/opt/sigma/rules ghcr.io/SigmaHQ/sigma-cli/sigma-cli:latest'" >> ~/.bashrc +# Use sigma: +sigma convert -t -p -p [...] /opt/sigma/rules +``` ### Usage From 3f5c0943d33fa4aa79e1963d49119d8b9b277ba9 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 12:29:25 +0200 Subject: [PATCH 20/21] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 13c930e..d5930d3 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ The third way is via an docker container: # Download the sigma rules: git clone https://github.com/SigmaHQ/sigma.git # Add an alias: -echo "alias sigma='docker run -v $PWD/sigma/rules:/opt/sigma/rules ghcr.io/SigmaHQ/sigma-cli/sigma-cli:latest'" >> ~/.bashrc +echo "alias sigma='docker run -v $PWD/sigma/rules:/opt/sigma/rules ghcr.io/sigmahq/sigma-cli/sigma-cli:latest'" >> ~/.bashrc # Use sigma: sigma convert -t -p -p [...] /opt/sigma/rules ``` From 682ca2ffdf5564aa0cc22ca883a75c8221d553d0 Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Fri, 28 Oct 2022 13:23:15 +0200 Subject: [PATCH 21/21] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d5930d3..c14852c 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ The third way is via an docker container: # Download the sigma rules: git clone https://github.com/SigmaHQ/sigma.git # Add an alias: -echo "alias sigma='docker run -v $PWD/sigma/rules:/opt/sigma/rules ghcr.io/sigmahq/sigma-cli/sigma-cli:latest'" >> ~/.bashrc +echo "alias sigma='docker run -ti -v $PWD/sigma/rules:/opt/sigma/rules ghcr.io/sigmahq/sigma-cli/sigma-cli:latest'" >> ~/.bashrc # Use sigma: sigma convert -t -p -p [...] /opt/sigma/rules ```