Merge branch 'staging' of https://github.com/idaholab/Malcolm

Author: mmguero

.envrc.example

@@ -124,6 +124,8 @@ export NETBOX_TOKEN=
 export ARKIME_AUTO_ANALYZE_PCAP_THREADS=2
 export ARKIME_ROTATE_INDEX=daily
 export ARKIME_SPI_DATA_MAX_INDICES=7
+export ARKIME_EXPOSE_WISE_GUI=true
+export ARKIME_ALLOW_WISE_GUI_CONFIG=true
 export CAPA_MAX_REQUESTS=2
 export CLAMD_MAX_REQUESTS=4
 export CSRF_TRUSTED_ORIGINS=https://*

.github/workflows/api-build-and-push-ghcr.yml

@@ -26,107 +26,7 @@ on:
 
 jobs:
   docker:
-    runs-on: ${{ matrix.os }}
-    permissions:
-      actions: write
-      packages: write
-      contents: read
-      security-events: write
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-24.04
-            arch: amd64
-            platform: linux/amd64
-          - os: ubuntu-24.04-arm
-            arch: arm64
-            platform: linux/arm64
-    steps:
-      -
-        name: Cancel previous run in progress
-        uses: styfle/cancel-workflow-action@0.12.1
-        with:
-          ignore_sha: true
-          all_but_latest: true
-          access_token: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Generate build timestamp
-        shell: bash
-        run: echo "btimestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
-        id: generate_build_timestamp
-      -
-        name: Extract branch name
-        shell: bash
-        run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
-        id: extract_branch
-      -
-        name: Generate arch tag suffix
-        shell: bash
-        run: echo "archtag=$([[ "${{ matrix.platform }}" == 'linux/amd64' ]] && echo '' || ( echo -n '-' ; echo "${{ matrix.platform }}" | cut -d '/' -f 2) )" >> $GITHUB_OUTPUT
-        id: arch_tag_suffix
-      -
-        name: Extract commit SHA
-        shell: bash
-        run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-        id: extract_commit_sha
-      -
-        name: Extract Malcolm version
-        shell: bash
-        run: echo "mversion=$(grep -P "^\s+image:.*/malcolm/" docker-compose-dev.yml | awk '{print $2}' | cut -d':' -f2 | uniq -c | sort -nr | awk '{print $2}' | head -n 1)" >> $GITHUB_OUTPUT
-        id: extract_malcolm_version
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: |
-            image=moby/buildkit:master
-      -
-        name: Log in to registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./Dockerfiles/api.Dockerfile
-          build-args: |
-            TARGETPLATFORM=${{ matrix.platform }}
-            MALCOLM_VERSION=${{ steps.extract_malcolm_version.outputs.mversion }}
-            BUILD_DATE=${{ steps.generate_build_timestamp.outputs.btimestamp }}
-            VCS_REVISION=${{ steps.extract_commit_sha.outputs.sha }}
-          push: true
-          provenance: false
-          platforms: ${{ matrix.platform }}
-          tags: ghcr.io/${{ github.repository_owner }}/malcolm/api:${{ steps.extract_branch.outputs.branch }}${{ steps.arch_tag_suffix.outputs.archtag }}
-      -
-        name: Run Trivy vulnerability scanner
-        if: ${{ matrix.platform == 'linux/amd64' }}
-        id: trivy-scan
-        uses: aquasecurity/trivy-action@0.29.0
-        env:
-          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
-        with:
-          scan-type: 'image'
-          scanners: 'vuln'
-          image-ref: ghcr.io/${{ github.repository_owner }}/malcolm/api:${{ steps.extract_branch.outputs.branch }}${{ steps.arch_tag_suffix.outputs.archtag }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-          severity: 'HIGH,CRITICAL'
-          vuln-type: 'os,library'
-          hide-progress: true
-          ignore-unfixed: true
-          exit-code: '0'
-      -
-        name: Upload Trivy scan results to GitHub Security tab
-        if: ${{ matrix.platform == 'linux/amd64' }}
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'
+    uses: ./.github/workflows/docker-build-push-scan.yml
+    with:
+      service: api
+      dockerfile: ./Dockerfiles/api.Dockerfile

.github/workflows/arkime-build-and-push-ghcr.yml

@@ -25,109 +25,10 @@ on:
 
 jobs:
   docker:
-    runs-on: ${{ matrix.os }}
-    permissions:
-      actions: write
-      packages: write
-      contents: read
-      security-events: write
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-24.04
-            arch: amd64
-            platform: linux/amd64
-          - os: ubuntu-24.04-arm
-            arch: arm64
-            platform: linux/arm64
-    steps:
-      -
-        name: Cancel previous run in progress
-        uses: styfle/cancel-workflow-action@0.12.1
-        with:
-          ignore_sha: true
-          all_but_latest: true
-          access_token: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Generate build timestamp
-        shell: bash
-        run: echo "btimestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
-        id: generate_build_timestamp
-      -
-        name: Extract branch name
-        shell: bash
-        run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
-        id: extract_branch
-      -
-        name: Generate arch tag suffix
-        shell: bash
-        run: echo "archtag=$([[ "${{ matrix.platform }}" == 'linux/amd64' ]] && echo '' || ( echo -n '-' ; echo "${{ matrix.platform }}" | cut -d '/' -f 2) )" >> $GITHUB_OUTPUT
-        id: arch_tag_suffix
-      -
-        name: Extract commit SHA
-        shell: bash
-        run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-        id: extract_commit_sha
-      -
-        name: Extract Malcolm version
-        shell: bash
-        run: echo "mversion=$(grep -P "^\s+image:.*/malcolm/" docker-compose-dev.yml | awk '{print $2}' | cut -d':' -f2 | uniq -c | sort -nr | awk '{print $2}' | head -n 1)" >> $GITHUB_OUTPUT
-        id: extract_malcolm_version
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: |
-            image=moby/buildkit:master
-      -
-        name: Log in to registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./Dockerfiles/arkime.Dockerfile
-          build-args: |
-            TARGETPLATFORM=${{ matrix.platform }}
-            MALCOLM_VERSION=${{ steps.extract_malcolm_version.outputs.mversion }}
-            BUILD_DATE=${{ steps.generate_build_timestamp.outputs.btimestamp }}
-            VCS_REVISION=${{ steps.extract_commit_sha.outputs.sha }}
-            MAXMIND_GEOIP_DB_LICENSE_KEY=${{ secrets.MAXMIND_GEOIP_DB_LICENSE_KEY }}
-            MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL=${{ secrets.MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL }}
-          push: true
-          provenance: false
-          platforms: ${{ matrix.platform }}
-          tags: ghcr.io/${{ github.repository_owner }}/malcolm/arkime:${{ steps.extract_branch.outputs.branch }}${{ steps.arch_tag_suffix.outputs.archtag }}
-      -
-        name: Run Trivy vulnerability scanner
-        if: ${{ matrix.platform == 'linux/amd64' }}
-        id: trivy-scan
-        uses: aquasecurity/trivy-action@0.29.0
-        env:
-          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
-        with:
-          scan-type: 'image'
-          scanners: 'vuln'
-          image-ref: ghcr.io/${{ github.repository_owner }}/malcolm/arkime:${{ steps.extract_branch.outputs.branch }}${{ steps.arch_tag_suffix.outputs.archtag }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-          severity: 'HIGH,CRITICAL'
-          vuln-type: 'os,library'
-          hide-progress: true
-          ignore-unfixed: true
-          exit-code: '0'
-      -
-        name: Upload Trivy scan results to GitHub Security tab
-        if: ${{ matrix.platform == 'linux/amd64' }}
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'
+    uses: ./.github/workflows/docker-build-push-scan.yml
+    with:
+      service: arkime
+      dockerfile: ./Dockerfiles/arkime.Dockerfile
+    secrets:
+      maxmind_license_key: ${{ secrets.MAXMIND_GEOIP_DB_LICENSE_KEY }}
+      maxmind_alternate_url: ${{ secrets.MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL }}

.github/workflows/dashboards-build-and-push-ghcr.yml

@@ -26,107 +26,7 @@ on:
 
 jobs:
   docker:
-    runs-on: ${{ matrix.os }}
-    permissions:
-      actions: write
-      packages: write
-      contents: read
-      security-events: write
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-24.04
-            arch: amd64
-            platform: linux/amd64
-          - os: ubuntu-24.04-arm
-            arch: arm64
-            platform: linux/arm64
-    steps:
-      -
-        name: Cancel previous run in progress
-        uses: styfle/cancel-workflow-action@0.12.1
-        with:
-          ignore_sha: true
-          all_but_latest: true
-          access_token: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Generate build timestamp
-        shell: bash
-        run: echo "btimestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
-        id: generate_build_timestamp
-      -
-        name: Extract branch name
-        shell: bash
-        run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
-        id: extract_branch
-      -
-        name: Generate arch tag suffix
-        shell: bash
-        run: echo "archtag=$([[ "${{ matrix.platform }}" == 'linux/amd64' ]] && echo '' || ( echo -n '-' ; echo "${{ matrix.platform }}" | cut -d '/' -f 2) )" >> $GITHUB_OUTPUT
-        id: arch_tag_suffix
-      -
-        name: Extract commit SHA
-        shell: bash
-        run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-        id: extract_commit_sha
-      -
-        name: Extract Malcolm version
-        shell: bash
-        run: echo "mversion=$(grep -P "^\s+image:.*/malcolm/" docker-compose-dev.yml | awk '{print $2}' | cut -d':' -f2 | uniq -c | sort -nr | awk '{print $2}' | head -n 1)" >> $GITHUB_OUTPUT
-        id: extract_malcolm_version
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: |
-            image=moby/buildkit:master
-      -
-        name: Log in to registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./Dockerfiles/dashboards.Dockerfile
-          build-args: |
-            TARGETPLATFORM=${{ matrix.platform }}
-            MALCOLM_VERSION=${{ steps.extract_malcolm_version.outputs.mversion }}
-            BUILD_DATE=${{ steps.generate_build_timestamp.outputs.btimestamp }}
-            VCS_REVISION=${{ steps.extract_commit_sha.outputs.sha }}
-          push: true
-          provenance: false
-          platforms: ${{ matrix.platform }}
-          tags: ghcr.io/${{ github.repository_owner }}/malcolm/dashboards:${{ steps.extract_branch.outputs.branch }}${{ steps.arch_tag_suffix.outputs.archtag }}
-      -
-        name: Run Trivy vulnerability scanner
-        if: ${{ matrix.platform == 'linux/amd64' }}
-        id: trivy-scan
-        uses: aquasecurity/trivy-action@0.29.0
-        env:
-          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
-        with:
-          scan-type: 'image'
-          scanners: 'vuln'
-          image-ref: ghcr.io/${{ github.repository_owner }}/malcolm/dashboards:${{ steps.extract_branch.outputs.branch }}${{ steps.arch_tag_suffix.outputs.archtag }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-          severity: 'HIGH,CRITICAL'
-          vuln-type: 'os,library'
-          hide-progress: true
-          ignore-unfixed: true
-          exit-code: '0'
-      -
-        name: Upload Trivy scan results to GitHub Security tab
-        if: ${{ matrix.platform == 'linux/amd64' }}
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'
+    uses: ./.github/workflows/docker-build-push-scan.yml
+    with:
+      service: dashboards
+      dockerfile: ./Dockerfiles/dashboards.Dockerfile