From b491b021acd84abe6c45d1be00f345f574080b7e Mon Sep 17 00:00:00 2001 From: Michael Sprengel Date: Mon, 18 Dec 2023 15:45:07 +0100 Subject: [PATCH] Add data ingestion mechanism --- .github/workflows/data_ingestion.yml | 39 +++++++++++++++++++++++----- src/data_ingestion.sh | 15 +++++++++++ src/prepare_ingestion.sh | 15 +++++++++++ 3 files changed, 63 insertions(+), 6 deletions(-) create mode 100755 src/data_ingestion.sh create mode 100755 src/prepare_ingestion.sh diff --git a/.github/workflows/data_ingestion.yml b/.github/workflows/data_ingestion.yml index 12ef536..f12c274 100644 --- a/.github/workflows/data_ingestion.yml +++ b/.github/workflows/data_ingestion.yml @@ -1,13 +1,40 @@ name: Data ingestion on: ["push", "workflow_dispatch"] jobs: - test: + data_ingestion: environment: glvd-data-ingestion name: data ingestion runs-on: ubuntu-latest + env: + PGHOST: "${{ vars.PGHOST }}" + PGPORT: ${{ vars.PGPORT }} + PGUSER: ${{ vars.PGUSER }} + PGPASSWORD: ${{ secrets.PGPASSWORD }} + PGDATABASE: ${{ vars.PGDATABASE }} steps: - - run: | - echo "${{ vars.PGDATABASE }}" - echo "${{ vars.PGHOST }}" - echo "${{ vars.PGPORT }}" - echo "${{ vars.PGUSER }}" \ No newline at end of file + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Prepare ingestion data + run: ./src/prepare_ingestion.sh + + - name: Run glvd for data ingestion + run: > + docker run + --network host + --rm + --mount="type=bind,src=$PWD/$GITHUB_ACTION_PATH/src,dst=/mnt/src,ro" + --mount="type=bind,src=$PWD/$GITHUB_ACTION_PATH/ingest-debsec/,dst=/mnt/ingest-debsec,ro" + --mount="type=bind,src=$PWD/$GITHUB_ACTION_PATH/ingest-debsrc/,dst=/mnt/ingest-debsrc,ro" + --workdir=/mnt/src + --entrypoint=/bin/bash + --env PGHOST="$PGHOST" + --env PGPORT="$PGPORT" + --env PGUSER="$PGUSER" + --env PGPASSWORD="$PGPASSWORD" + --env PGDATABASE="$PGDATABASE" + ghcr.io/gardenlinux/glvd:edge + data_ingestion.sh \ No newline at end of file diff --git a/src/data_ingestion.sh b/src/data_ingestion.sh new file mode 100755 index 0000000..b7af670 --- /dev/null +++ b/src/data_ingestion.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# --------- +# Ingest NVD data +#glvd-data ingest-nvd + +# --------- +# Ingest CVE lists +glvd-data ingest-debsec debian /mnt/ingest-debsec/debian +glvd-data ingest-debsec debian /mnt/ingest-debsec/gardenlinux + +# --------- +# Ingest Debian sources +#glvd-data ingest-debsrc debian trixie /mnt/ingest-debsrc/debian_sources +#glvd-data ingest-debsrc debian trixie /mnt/ingest-debsrc/gardenlinux_sources \ No newline at end of file diff --git a/src/prepare_ingestion.sh b/src/prepare_ingestion.sh new file mode 100755 index 0000000..c39dbc3 --- /dev/null +++ b/src/prepare_ingestion.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# Preparation +apt update +apt install -y wget + +mkdir ingest-debsec/ +mkdir ingest-debsrc/ + +# Data Ingestion: Deb Sec +wget https://salsa.debian.org/security-tracker-team/security-tracker/-/raw/master/data/CVE/list?ref_type=heads -O ingest-debsec/debian +cp -a data/CVE/list ingest-debsec/gardenlinux + +# Data Ingestion: Deb Src +#wget http://ftp.debian.org/debian/dists/testing/main/source/ \ No newline at end of file