diff --git a/.github/workflows/build_publish_docker.yml b/.github/workflows/build_publish_docker.yml deleted file mode 100644 index 79a2f6e0..00000000 --- a/.github/workflows/build_publish_docker.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: Docker Build and Publish CI - -on: - push: - branches: [ "main" ] - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ "main" ] - -env: - REGISTRY: ghcr.io - - -jobs: - build: - name: Docker ${{ matrix.container }} on ${{ matrix.os }} - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - os: [ "ubuntu-latest" ] - container: [ "detector", - "inspector", - "logcollector", - "logserver", - "prefilter", - "monitoring", - "alerter", - ] - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 - - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{github.actor}} - password: ${{secrets.GITHUB_TOKEN}} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5.5.1 - with: - images: | - ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.container }} - tags: | - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - - - name: Build and push Docker image - if: github.event_name != 'pull_request' - id: build-and-push - uses: docker/build-push-action@v3 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - file: ./docker/dockerfiles/Dockerfile.${{ matrix.container }} - cache-from: type=gha - cache-to: type=gha,mode=max diff --git a/.github/workflows/publish_dev.yml b/.github/workflows/publish_dev.yml new file mode 100644 index 00000000..c0c5bd95 --- /dev/null +++ b/.github/workflows/publish_dev.yml @@ -0,0 +1,136 @@ +name: Publish Docker Images (dev) + +# Triggers on direct pushes to the 'dev' branch, which includes PR merges. +on: + push: + branches: [ "dev" ] + +env: + REGISTRY: ghcr.io + +jobs: + bump-version: + name: Bump VERSION file + runs-on: ubuntu-latest + permissions: + contents: write # needed to push the updated VERSION file back + outputs: + new_version: ${{ steps.bump.outputs.version }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + token: ${{ secrets.PAT_TOKEN }} + fetch-depth: 0 + + - name: Detect source branch and bump version + id: bump + run: | + # ── Detect source branch from merge commit subject ────────────────── + # Standard merge commit message: "Merge branch 'feature/foo' into dev" + MERGE_SUBJECT="$(git log --merges -1 --pretty=%s HEAD)" + echo "Merge subject: ${MERGE_SUBJECT}" + + SOURCE=$(echo "$MERGE_SUBJECT" | sed -n "s/Merge branch '\([^']*\)'.*/\1/p") + SOURCE="${SOURCE#origin/}" # strip remote prefix if present + + if [[ -z "$SOURCE" ]]; then + SOURCE="unknown" + echo "::warning::Could not detect source branch; defaulting to 'unknown' (no bump)." + fi + echo "Detected source branch: ${SOURCE}" + + # ── Read and parse current VERSION ────────────────────────────────── + RAW="$(cat VERSION | tr -d '[:space:]')" + CLEAN="${RAW#v}" # strip leading v + CLEAN="${CLEAN%-dev}" # strip any existing -dev suffix + IFS='.' read -r MAJOR MINOR PATCH <<< "$CLEAN" + + # ── Apply bump based on branch prefix ──────────────────────────────── + PREFIX="${SOURCE%%/*}" + case "$PREFIX" in + feature) + MINOR=$(( MINOR + 1 )); PATCH=0 + ;; + bugfix|hotfix) + PATCH=$(( PATCH + 1 )) + ;; + release) + MAJOR=$(( MAJOR + 1 )); MINOR=0; PATCH=0 + ;; + *) + # unknown / no recognisable prefix → no bump + ;; + esac + + # ── Compose new version with -dev suffix ───────────────────────────── + NEW_VERSION="v${MAJOR}.${MINOR}.${PATCH}-dev" + echo "${NEW_VERSION}" > VERSION + + echo "version=${NEW_VERSION}" >> "$GITHUB_OUTPUT" + echo "New version: ${NEW_VERSION}" + + - name: Commit and push updated VERSION + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add VERSION + git commit -m "chore: bump version to ${{ steps.bump.outputs.version }} [skip ci]" + git push + + build-and-push: + name: Build & Push ${{ matrix.container }} + needs: bump-version + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + container: + - detector + - inspector + - logcollector + - logserver + - prefilter + - monitoring + - alerter + permissions: + contents: read + packages: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: dev # pick up the commit that includes the updated VERSION + + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v3 + + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.container }} + tags: | + type=raw,value=${{ needs.bump-version.outputs.new_version }} + type=raw,value=latest-dev + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + file: ./docker/dockerfiles/Dockerfile.${{ matrix.container }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/publish_main.yml b/.github/workflows/publish_main.yml new file mode 100644 index 00000000..e6831caf --- /dev/null +++ b/.github/workflows/publish_main.yml @@ -0,0 +1,159 @@ +name: Publish Docker Images (main) + +# Triggers on direct pushes to 'main', which includes PR/merge-commit merges. +on: + push: + branches: [ "main" ] + +env: + REGISTRY: ghcr.io + +jobs: + bump-version: + name: Bump VERSION file + runs-on: ubuntu-latest + permissions: + contents: write # needed to push back VERSION + Git tag + outputs: + new_version: ${{ steps.bump.outputs.version }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + token: ${{ secrets.PAT_TOKEN }} + fetch-depth: 0 + + - name: Detect source branch and bump version + id: bump + run: | + # ── Detect source branch from merge commit subject ────────────────── + # Standard merge commit message: "Merge branch 'feature/foo' into main" + MERGE_SUBJECT="$(git log --merges -1 --pretty=%s HEAD)" + echo "Merge subject: ${MERGE_SUBJECT}" + + SOURCE=$(echo "$MERGE_SUBJECT" | sed -n "s/Merge branch '\([^']*\)'.*/\1/p") + SOURCE="${SOURCE#origin/}" # strip remote prefix if present + + if [[ -z "$SOURCE" ]]; then + SOURCE="unknown" + echo "::warning::Could not detect source branch; defaulting to 'unknown' (no bump)." + fi + echo "Detected source branch: ${SOURCE}" + + # ── Read and parse current VERSION ────────────────────────────────── + RAW="$(cat VERSION | tr -d '[:space:]')" + CLEAN="${RAW#v}" # strip leading v + CLEAN="${CLEAN%-dev}" # strip any existing -dev suffix + IFS='.' read -r MAJOR MINOR PATCH <<< "$CLEAN" + + # ── Decide bump strategy ───────────────────────────────────────────── + # When the source branch is 'dev', the version was already incremented + # on the dev side — just promote it by stripping '-dev' (no new bump). + # For any other source branch, apply the normal semver bump. + if [[ "$SOURCE" != "dev" ]]; then + PREFIX="${SOURCE%%/*}" + case "$PREFIX" in + feature) + MINOR=$(( MINOR + 1 )); PATCH=0 + ;; + bugfix|hotfix) + PATCH=$(( PATCH + 1 )) + ;; + release) + MAJOR=$(( MAJOR + 1 )); MINOR=0; PATCH=0 + ;; + *) + # unknown prefix → no bump + ;; + esac + fi + + # ── Compose new version (no -dev suffix on main) ───────────────────── + NEW_VERSION="v${MAJOR}.${MINOR}.${PATCH}" + echo "${NEW_VERSION}" > VERSION + + echo "version=${NEW_VERSION}" >> "$GITHUB_OUTPUT" + echo "New version: ${NEW_VERSION}" + + - name: Commit and push updated VERSION + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add VERSION + git commit -m "chore: release ${{ steps.bump.outputs.version }} [skip ci]" + git push + + - name: Create and push Git release tag + run: | + git tag "${{ steps.bump.outputs.version }}" + git push origin "${{ steps.bump.outputs.version }}" + + build-and-push: + name: Build & Push ${{ matrix.container }} + needs: bump-version + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + container: + - detector + - inspector + - logcollector + - logserver + - prefilter + - monitoring + - alerter + permissions: + contents: read + packages: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: main # pick up the commit that includes the updated VERSION + + - name: Derive partial version tags + id: version + run: | + VERSION="$(cat VERSION | tr -d '[:space:]')" + CLEAN="${VERSION#v}" + MAJOR="${CLEAN%%.*}" + MINOR_PATCH="${CLEAN#*.}" + MINOR="${MINOR_PATCH%%.*}" + echo "major=v${MAJOR}" >> "$GITHUB_OUTPUT" + echo "major_minor=v${MAJOR}.${MINOR}" >> "$GITHUB_OUTPUT" + + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v3 + + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.container }} + tags: | + type=raw,value=${{ needs.bump-version.outputs.new_version }} + type=raw,value=${{ steps.version.outputs.major_minor }} + type=raw,value=${{ steps.version.outputs.major }} + type=raw,value=latest + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + file: ./docker/dockerfiles/Dockerfile.${{ matrix.container }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/VERSION b/VERSION new file mode 100644 index 00000000..0ec25f75 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +v1.0.0 diff --git a/config.yaml b/config.yaml index 617d4a6a..c87b6e18 100644 --- a/config.yaml +++ b/config.yaml @@ -122,7 +122,7 @@ pipeline: zeek: sensors: - zeek-1: + zeek: static_analysis: true protocols: - dns diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index a37d0f19..6b390a19 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -56,27 +56,6 @@ services: condition: service_healthy clickhouse-server: condition: service_healthy - zeek1: - image: ghcr.io/hamstring-ndr/hamstring-zeek:1.0.0 - environment: - - CONTAINER_NAME=zeek1 - volumes: - - ../data/test_pcaps/:/opt/static_files - - ../../../config.yaml:/opt/config.yaml - cap_add: - - NET_ADMIN - depends_on: - kafka1: - condition: service_healthy - kafka2: - condition: service_healthy - kafka3: - condition: service_healthy - clickhouse-server: - condition: service_healthy - grafana: - condition: service_healthy - network_mode: host monitoring_agent-dev: extends: @@ -266,16 +245,27 @@ services: condition: service_healthy profiles: ["prod"] - zeek-1: - image: ghcr.io/hamstring-ndr/hamstring-zeek:1.0.0 + zeek: + image: ghcr.io/hamstring-ndr/hamstring-zeek:2.0.0 cap_add: - NET_ADMIN network_mode: host environment: - - CONTAINER_NAME=zeek-1 + - CONTAINER_NAME=zeek volumes: - - ./config.yaml:/opt/config.yaml - - ./data/test_pcaps/:/opt/static_files + - ../config.yaml:/opt/config.yaml + - ../data/test_pcaps/:/opt/static_files + depends_on: + kafka1: + condition: service_healthy + kafka2: + condition: service_healthy + kafka3: + condition: service_healthy + clickhouse-server: + condition: service_healthy + grafana: + condition: service_healthy networks: hamstring: diff --git a/docker/docker-compose/dev/docker-compose.yml b/docker/docker-compose/dev/docker-compose.yml index 9dc3935c..22c06420 100644 --- a/docker/docker-compose/dev/docker-compose.yml +++ b/docker/docker-compose/dev/docker-compose.yml @@ -133,14 +133,6 @@ services: clickhouse-server: condition: service_healthy - zeek1: - extends: - file: "docker-compose/base/docker-compose.zeek.yml" - service: zeek - environment: - - CONTAINER_NAME=zeek1 - volumes: - - ../data/test_pcaps/:/opt/static_files networks: hamstring: driver: bridge diff --git a/docker/docker-compose/prod/docker-compose.monitoring.yml b/docker/docker-compose/prod/docker-compose.monitoring.yml index ff41e5aa..060b6ec2 100644 --- a/docker/docker-compose/prod/docker-compose.monitoring.yml +++ b/docker/docker-compose/prod/docker-compose.monitoring.yml @@ -1,12 +1,7 @@ services: monitoring_agent: - # build: - # context: ../../.. - # dockerfile: docker/dockerfiles/Dockerfile.monitoring - # network: host - image: stefan96/hamstring-monitoring:v1.0.0 + image: ghcr.io/hamstring-ndr/hamstring-monitoring:v1.0.0 restart: "unless-stopped" - # platform: linux/x86_64 volumes: - ../../../config.yaml:/app/config.yaml depends_on: diff --git a/docker/docker-compose/prod/docker-compose.pipeline.yml b/docker/docker-compose/prod/docker-compose.pipeline.yml index 1b48edbf..662b7433 100644 --- a/docker/docker-compose/prod/docker-compose.pipeline.yml +++ b/docker/docker-compose/prod/docker-compose.pipeline.yml @@ -1,89 +1,44 @@ services: logserver: - # build: - # context: ../../.. - # dockerfile: docker/dockerfiles/Dockerfile.logserver - # network: host - image: stefan96/hamstring-logserver:v1.0.0 + image: ghcr.io/hamstring-ndr/hamstring-logserver:v2.0.0 restart: "unless-stopped" networks: hamstring: - # platform: linux/x86_64 - # memswap_limit: 768m - # deploy: - # resources: - # limits: - # cpus: '2' - # memory: 512m - # reservations: - # cpus: '1' - # memory: 256m volumes: - "${MOUNT_PATH:?MOUNT_PATH not set}:/opt/file.txt" - ../../../config.yaml:/app/config.yaml environment: - GROUP_ID=log_storage logcollector: - # build: - # context: ../../.. - # dockerfile: docker/dockerfiles/Dockerfile.logcollector - # network: host - image: stefan96/hamstring-logcollector:v1.0.0 + image: ghcr.io/hamstring-ndr/hamstring-logcollector:v2.0.0 restart: "unless-stopped" volumes: - ../../../config.yaml:/app/config.yaml networks: hamstring: - # platform: linux/x86_64 - # memswap_limit: 768m - # deploy: - # resources: - # limits: - # cpus: '2' - # memory: 512m - # reservations: - # cpus: '1' - # memory: 256m environment: - GROUP_ID=log_collection prefilter: - # build: - # context: ../../.. - # dockerfile: docker/dockerfiles/Dockerfile.prefilter - # network: host - image: stefan96/hamstring-prefilter:v1.0.0 + image: ghcr.io/hamstring-ndr/hamstring-prefilter:v2.0.0 restart: "unless-stopped" volumes: - ../../../config.yaml:/app/config.yaml networks: hamstring: - # platform: linux/x86_64 deploy: mode: "replicated" replicas: 1 - # resources: - # limits: - # cpus: '2' - # memory: 512m - # reservations: - # cpus: '1' - # memory: 256m environment: - GROUP_ID=log_filtering inspector: - # build: - # context: ../../.. - # dockerfile: docker/dockerfiles/Dockerfile.inspector - # network: host - image: stefan96/hamstring-inspector:v1.0.0 + image: ghcr.io/hamstring-ndr/hamstring-inspector:v2.0.0 restart: "unless-stopped" volumes: - ../../../config.yaml:/app/config.yaml networks: hamstring: - # platform: linux/x86_64 deploy: mode: "replicated" replicas: 1 @@ -99,47 +54,26 @@ services: - NUMBER_OF_INSTANCES=1 detector: - # build: - # context: ../../.. - # dockerfile: docker/dockerfiles/Dockerfile.detector - # network: host - image: stefan96/hamstring-detector:v1.0.0 + image: ghcr.io/hamstring-ndr/hamstring-detector:v2.0.0 restart: "unless-stopped" volumes: - ../../../config.yaml:/app/config.yaml networks: hamstring: - # platform: linux/x86_64 deploy: mode: "replicated" replicas: 1 - # resources: - # limits: - # cpus: '2' - # memory: 512m - # reservations: - # cpus: '1' - # memory: 256m - # devices: - # - driver: nvidia - # count: 1 # alternatively, use `count: all` for all GPUs - # capabilities: [ gpu ] environment: - GROUP_ID=data_analysis alerter: - # build: - # context: ../../.. - # dockerfile: docker/dockerfiles/Dockerfile.alerter - # network: host - image: stefan96/hamstring-alerter:v1.0.0 + image: ghcr.io/hamstring-ndr/hamstring-alerter:v2.0.0 restart: "unless-stopped" volumes: - ../../../config.yaml:/app/config.yaml - /opt/logs:/opt/logs networks: hamstring: - # platform: linux/x86_64 deploy: mode: "replicated" replicas: 1 diff --git a/docker/docker-compose/prod/docker-compose.yml b/docker/docker-compose/prod/docker-compose.yml index 63876889..0b9a0df8 100644 --- a/docker/docker-compose/prod/docker-compose.yml +++ b/docker/docker-compose/prod/docker-compose.yml @@ -132,15 +132,7 @@ services: condition: service_healthy clickhouse-server: condition: service_healthy - - zeek1: - extends: - file: "docker-compose/base/docker-compose.zeek.yml" - service: zeek - environment: - - CONTAINER_NAME=zeek1 - volumes: - - ../data/test_pcaps/:/opt/static_files + networks: hamstring: driver: bridge