HXSecurity
diff --git a/‎.github/actions/setup-python/action.yml‎
Lines changed: 26 additions & 0 deletions b/‎.github/actions/setup-python/action.yml‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎.github/workflows/deploy-dev.yaml‎
Lines changed: 15 additions & 24 deletions b/‎.github/workflows/deploy-dev.yaml‎
Lines changed: 15 additions & 24 deletions
diff --git a/‎.github/workflows/nightly.yaml‎
Lines changed: 5 additions & 18 deletions b/‎.github/workflows/nightly.yaml‎
Lines changed: 5 additions & 18 deletions
diff --git a/‎.github/workflows/release_dongtai.yml‎
Lines changed: 44 additions & 28 deletions b/‎.github/workflows/release_dongtai.yml‎
Lines changed: 44 additions & 28 deletions
diff --git a/‎.github/workflows/teststate.yml‎
Lines changed: 12 additions & 52 deletions b/‎.github/workflows/teststate.yml‎
Lines changed: 12 additions & 52 deletions
diff --git a/‎Dockerfile‎
Lines changed: 12 additions & 8 deletions b/‎Dockerfile‎
Lines changed: 12 additions & 8 deletions
@@ -0,0 +1,26 @@
+name: Setup Python
+description: Setup Python
+
+inputs:
+  python-version:
+    description: Python version
+    required: false
+    default: "3.10"
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/setup-python@v4
+      with:
+        python-version: ${{ inputs.python-version }}
+        cache: "pip"
+
+    - name: Install dependencies
+      shell: bash
+      run: |
+        sudo apt-get install build-essential cmake ninja-build python3-dev cython3 pybind11-dev libre2-dev libsasl2-dev python3-dev libldap2-dev libssl-dev -y
+        python -m pip install --upgrade pip
+        pip install wheel maturin
+        pip install -r requirements.txt
+        curl -L https://github.com/HXSecurity/tantivy-py/releases/download/0.21.0/tantivy-0.20.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl -o /tmp/tantivy-0.20.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
+        pip install /tmp/tantivy-0.20.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
@@ -37,33 +37,24 @@ jobs:
       - name: Login to Aliyun Registry
         uses: docker/login-action@v1
         with:
-          registry: ${{ secrets.ALIYUN_REGISTRY_HONGKONG }}
-          username: ${{ secrets.ALIYUN_DOCKERHUB_USER }}
-          password: ${{ secrets.ALIYUN_DOCKERHUB_PASSWORD }}
+          registry: ${{ secrets.TEN_REGISTRY }}
+          username: ${{ secrets.TEN_DOCKERHUB_USER }}
+          password: ${{ secrets.TEN_DOCKERHUB_PASSWORD }}
 
       - name: Generate version file
         run: |
           #bash .github/workflows/config_update.sh
           #bash .github/workflows/config_update.sh "${{ steps.release.outputs.VERSION }}"
 
-      - name: Setup Ossutil
-        uses: manyuanrong/[email protected]
+      - name: Upload COS
+        if: ${{ steps.version.outputs.GITHUB_REF }} == develop
+        uses: zkqiang/[email protected]
         with:
-          endpoint: ${{ secrets.CHART_OSS_ENDPOINT }}
-          access-key-id: ${{ secrets.CHART_OSS_ACCESS_KEY_ID }}
-          access-key-secret: ${{ secrets.CHART_OSS_ACCESS_KEY_SECRET }}
-          
-      - name: Download Agent dev
-#        if: ${{ steps.version.outputs.GITHUB_REF }} == develop || ${{ steps.version.outputs.GITHUB_REF }} == beta || ${{ steps.version.outputs.GITHUB_REF }} == main
-        run: |
-          if [ ${{ steps.version.outputs.GITHUB_REF }} = develop ] ; then ossutil cp oss://dongtai-helm-charts/agent_test/java/latest/ ./ --include "*.jar" -r
-          else  ossutil cp oss://dongtai-helm-charts/agent_${{ steps.version.outputs.GITHUB_REF }}/java/latest/ ./ --include "*.jar" -r
-          fi
-
-      - name: Download Agent  ${{ inputs.agent_version }}
-        if: ${{ inputs.agent_version }}
-        run: |
-          ossutil cp oss://dongtai/agent/java/${{ inputs.agent_version }}/ ./ --include "*.jar" -r
+          args: download -rs /agent_test/java/latest/ ./ --include "*.jar"
+          secret_id: ${{ secrets.TENSECRET_ID }}
+          secret_key: ${{ secrets.TENSECRET_KEY }}
+          bucket: dongtai-helm-charts-1251882848
+          region: ap-hongkong
 
       - name: Generate version file
         run: |
@@ -76,12 +67,12 @@ jobs:
           context: .
           push: true
           platforms: linux/amd64
-          tags: | 
-            registry.cn-hongkong.aliyuncs.com/secnium/dongtai-server:${{ steps.version.outputs.GITHUB_REF }}-latest
-            registry.cn-hongkong.aliyuncs.com/secnium/dongtai-server:${{ steps.version.outputs.GITHUB_REF }}-1.0.${{github.run_number}}
+          tags: |
+            wukong.tencentcloudcr.com/dongtai/dongtai-server:${{ steps.version.outputs.GITHUB_REF }}-latest
+            wukong.tencentcloudcr.com/dongtai/dongtai-server:${{ steps.version.outputs.GITHUB_REF }}-1.0.${{github.run_number}}
 
       - name: deploy to cluster
-        uses: tscuite/kubectl-helm-action@main
+        uses: HXSecurity/kubectl-helm-action@main
         env:
           MAX: false
           PROJECT: server
 
@@ -37,18 +37,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.10"
-          cache: "pip"
+      - name: Setup Python
+        uses: ./.github/actions/setup-python
 
       - name: Install dependencies
-        run: |
-          sudo apt-get install build-essential cmake ninja-build python3-dev cython3 pybind11-dev libre2-dev -y
-          python -m pip install --upgrade pip
-          pip install wheel
-          pip install coverage
-          pip install -r requirements.txt
+        run: pip install coverage
 
       - name: Django Unit Testing
         run: |
@@ -92,17 +85,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.10"
-          cache: "pip"
+      - name: Setup Python
+        uses: ./.github/actions/setup-python
 
       - name: Install dependencies
         run: |
-          sudo apt-get install build-essential cmake ninja-build python3-dev cython3 pybind11-dev libre2-dev -y
-          python -m pip install --upgrade pip
-          pip install wheel
-          pip install -r requirements.txt
           pip install schemathesis
           pip install httpx
           
 
@@ -60,29 +60,37 @@ jobs:
       - name: Login to Aliyun Registry
         uses: docker/login-action@v1
         with:
-          registry: ${{ secrets.ALIYUN_REGISTRY }}
+          registry: ${{ secrets.ALIYUN_REGISTRY_HONGKONG }}
           username: ${{ secrets.ALIYUN_DOCKERHUB_USER }}
           password: ${{ secrets.ALIYUN_DOCKERHUB_PASSWORD }}
 
-      - name: Setup Ossutil
-        uses: manyuanrong/[email protected]
-        with:
-          endpoint: ${{ secrets.ALIYUN_OSS_ENDPOINT }}
-          access-key-id: ${{ secrets.ALIYUN_OSS_KEY_ID }}
-          access-key-secret: ${{ secrets.ALIYUN_OSS_KEY_SECRET }}
       - run: |
-          echo "${{ github.event.repository.name }},version,${{ env.iast_version }}" >> version.txt && \
-          echo "${{ github.event.repository.name }},commit_hash,${GITHUB_SHA}" >> version.txt && \
-          cat version.txt
-          ossutil cp -rf version.txt oss://huoqi-public/iast/release-version/${{ github.event.repository.name }}/${{ env.iast_version }}/version.txt
-          ossutil cp oss://dongtai/agent/java/${{ inputs.agent_version }}/ ./ --include "*.jar" -r
-          [ ! -f ./dongtai-agent.jar ] && echo "$FILE does not exist."
-          [ ! -f ./dongtai-agent.jar ] && ossutil cp oss://dongtai/agent/java/latest/ ./ --include "*.jar" -r
-          [ ! -f ./dongtai-agent.jar ] && echo "$FILE does not exist."
-          ossutil cp oss://dongtai/agent/python/ ./  --include "*.tar.gz" -r
-          ossutil cp oss://dongtai/agent/php/ ./  --include "*.tar.gz" -r
           echo "REPLACE INTO project_version_control (version, component_name, component_version_hash) VALUES('${{ env.iast_version }}', '${{ github.event.repository.name }}', '${GITHUB_SHA}');" >> ./deploy/docker/version.sql
 
+      - name: Upload COS java
+        uses: zkqiang/[email protected]
+        with:
+          args: download -rs /agent/java/latest/ ./ --include "*.jar"
+          secret_id: ${{ secrets.TENSECRET_ID }}
+          secret_key: ${{ secrets.TENSECRET_KEY }}
+          bucket: dongtai-helm-charts-1251882848
+          region: ap-hongkong
+      - name: Upload COS python
+        uses: zkqiang/[email protected]
+        with:
+          args: download -rs /agent/python/ ./ --include "*.tar.gz"
+          secret_id: ${{ secrets.TENSECRET_ID }}
+          secret_key: ${{ secrets.TENSECRET_KEY }}
+          bucket: dongtai-helm-charts-1251882848
+          region: ap-hongkong
+      - name: Upload COS php
+        uses: zkqiang/[email protected]
+        with:
+          args: download -rs /agent/php/ ./ --include "*.tar.gz"
+          secret_id: ${{ secrets.TENSECRET_ID }}
+          secret_key: ${{ secrets.TENSECRET_KEY }}
+          bucket: dongtai-helm-charts-1251882848
+          region: ap-hongkong
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v2
       - name: Setup Docker Buildx
@@ -136,24 +144,32 @@ jobs:
         id: get_version
         run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
 
-      - name: Setup ossutil
-        uses: manyuanrong/[email protected]
-        with:
-          endpoint: ${{ secrets.CHART_OSS_ENDPOINT }}
-          access-key-id: ${{ secrets.CHART_OSS_ACCESS_KEY_ID }}
-          access-key-secret: ${{ secrets.CHART_OSS_ACCESS_KEY_SECRET }}
 
       - name: Download existed repo files
         run: |
           sed -i "s#tag: latest#tag: ${{ env.iast_version }}#g" deploy/kubernetes/helm/values.yaml
-          ossutil cp -rf  oss://dongtai-helm-charts/iast/ ~/helm/repo/  --include dongtai-iast-*.tgz --exclude "index.yaml"
+      - name: Upload COS php
+        uses: zkqiang/[email protected]
+        with:
+          args: download -rs /iast/ ~/helm/repo/ --include dongtai-iast-*.tgz --ignore "index.yaml"
+          secret_id: ${{ secrets.TENSECRET_ID }} 
+          secret_key: ${{ secrets.TENSECRET_KEY }}
+          bucket: dongtai-helm-charts-1251882848
+          region: ap-hongkong
 
       - name: Create helm package
         run: |
           helm package deploy/kubernetes/helm  -d ~/helm/repo --app-version ${{ env.iast_version }} --version ${{ env.iast_version }}
           helm repo index ~/helm/repo/ --url ${{ secrets.DONGTAI_IAST_CHART_REPO_URL }}
 
-      - name: Push helm chart to repo
-        run: |
-          ossutil cp -rf ~/helm/repo/dongtai-iast-${{ env.iast_version }}.tgz  oss://dongtai-helm-charts/iast/
-          ossutil cp -rf ~/helm/repo/index.yaml  oss://dongtai-helm-charts/iast/
+
+      - name: Upload COS 2
+        uses: zkqiang/[email protected]
+        with:
+          args: upload -rs ~/helm/repo/dongtai-iast-${{ env.iast_version }}.tgz /iast/ && upload -rs ~/helm/repo/index.yaml /iast/
+          secret_id: ${{ secrets.TENSECRET_ID }}
+          secret_key: ${{ secrets.TENSECRET_KEY }}
+          bucket: dongtai-helm-charts-1251882848
+          region: ap-hongkong
+
+          
@@ -55,17 +55,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.10"
-          cache: "pip"
+      - name: Setup Python
+        uses: ./.github/actions/setup-python
 
       - name: Install dependencies
         run: |
-          sudo apt-get install build-essential cmake ninja-build python3-dev cython3 pybind11-dev libre2-dev -y
-          python -m pip install --upgrade pip
-          pip install wheel
-          pip install -r requirements.txt
           pip install schemathesis
           pip install httpx
           
@@ -124,18 +118,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.10"
-          cache: "pip"
-      
-      - name: Install dependencies
-        run: |
-          sudo apt-get install build-essential cmake ninja-build python3-dev cython3 pybind11-dev libre2-dev -y
-          python -m pip install --upgrade pip
-          pip install wheel
-          pip install -r requirements.txt
-          
+      - name: Setup Python
+        uses: ./.github/actions/setup-python
       - name: Django Unit Testing
         run: |
           mypy --show-error-codes --ignore-missing-imports  --no-incremental --show-error-codes --check-untyped-defs --disable-error-code var-annotated  --disable-error-code  list-item  --disable-error-code attr-defined --disable-error-code assignment --disable-error-code misc --disable-error-code union-attr --disable-error-code index --disable-error-code call-overload  --disable-error-code dict-item  --disable-error-code truthy-function --disable-error-code operator --disable-error-code name-defined .
@@ -168,18 +152,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.10"
-          cache: "pip"
+      - name: Setup Python
+        uses: ./.github/actions/setup-python
 
       - name: Install dependencies
-        run: |
-          sudo apt-get install build-essential cmake ninja-build python3-dev cython3 pybind11-dev libre2-dev -y
-          python -m pip install --upgrade pip
-          pip install wheel
-          pip install -r requirements.txt
-          pip install bandit
+        run: pip install bandit
       - name: Django Unit Testing
         run: |
           bandit -iii -lll -r .
@@ -215,18 +192,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.10"
-          cache: "pip"
+      - name: Setup Python
+        uses: ./.github/actions/setup-python
 
       - name: Install dependencies
-        run: |
-          sudo apt-get install build-essential cmake ninja-build python3-dev cython3 pybind11-dev libre2-dev -y
-          python -m pip install --upgrade pip
-          pip install wheel
-          pip install coverage
-          pip install -r requirements.txt
+        run: pip install coverage
 
       - name: Django Unit Testing
         run: |
@@ -246,18 +216,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.10"
-          cache: "pip"
-
-      - name: Install dependencies
-        run: |
-          sudo apt-get install build-essential cmake ninja-build python3-dev cython3 pybind11-dev libre2-dev -y
-          python -m pip install --upgrade pip
-          pip install wheel
-          pip install coverage
-          pip install -r requirements.txt
+      - name: Setup Python
+        uses: ./.github/actions/setup-python
 
       - name: Check Schema
         run: python3 manage.py check_schema
 
@@ -7,21 +7,25 @@ ENV LANGUAGE=en_US.UTF-8
 ENV TZ=Asia/Shanghai
 
 RUN apt-get update -y \
-    && apt install -y gettext gcc make cmake libmariadb-dev curl libc6-dev libxrender1 libxtst6 libxi6 unzip cron \
-    fonts-wqy-microhei vim build-essential ninja-build cython3 pybind11-dev libre2-dev locales \
-#   htop sysstat net-tools iproute2 procps lsof \
-    zip libjpeg62 \
-    && sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen \
-    && ALIMARCH=`arch` && curl -L https://charts.dongtai.io/apk/${ALIMARCH}/wkhtmltopdf -o /usr/bin/wkhtmltopdf \
-    && chmod +x /usr/bin/wkhtmltopdf
+  && apt install -y gettext gcc make cmake libmariadb-dev curl libc6-dev libxrender1 libxtst6 libxi6 unzip cron \
+  fonts-wqy-microhei vim build-essential ninja-build cython3 pybind11-dev libre2-dev locales \
+  libsasl2-dev python3-dev libldap2-dev libssl-dev \
+  # htop sysstat net-tools iproute2 procps lsof \
+  zip libjpeg62 \
+  && sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen \
+  && ALIMARCH=`arch` && curl -L https://charts.dongtai.io/apk/${ALIMARCH}/wkhtmltopdf -o /usr/bin/wkhtmltopdf \
+  && chmod +x /usr/bin/wkhtmltopdf \
+  && if [ "aarch64" = "$ALIMARCH" ] ; then curl -L https://github.com/HXSecurity/tantivy-py/releases/download/0.21.0/tantivy-0.20.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl -o /tmp/tantivy-0.20.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl; \
+  else curl -L https://github.com/HXSecurity/tantivy-py/releases/download/0.21.0/tantivy-0.20.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl -o /tmp/tantivy-0.20.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl; fi
 
 COPY Pipfile .
 COPY Pipfile.lock .
 RUN pip install -U pip && pip install pipenv wheel && python3 -m pipenv sync --system -v
+RUN ALIMARCH=`arch` && if [ "aarch64" = "$ALIMARCH" ] ; then pip install /tmp/tantivy-0.20.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl; else pip install /tmp/tantivy-0.20.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl; fi
 
 COPY . /opt/dongtai
 WORKDIR /opt/dongtai
 
 RUN /bin/bash -c 'mkdir -p /tmp/{logstash/{batchagent,report/{img,word,pdf,excel,html}},iast_cache/package}' \
-    && mv /opt/dongtai/*.jar /tmp/iast_cache/package/ || true && mv /opt/dongtai/*.tar.gz /tmp/ || true 
+  && mv /opt/dongtai/*.jar /tmp/iast_cache/package/ || true && mv /opt/dongtai/*.tar.gz /tmp/ || true 
 ENTRYPOINT ["/bin/bash","/opt/dongtai/deploy/docker/entrypoint.sh"]