ci: workflow to configure CTFd (#61)

* ci(chore): pass all env vars * feat: add command to get cluster credentials * ci(feat): workflow for configuring CTFd
bouvet · Apr 8, 2024 · 691abdb · 691abdb
1 parent 4905f89
commit 691abdb
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 37 deletions.
diff --git a/.github/workflows/configure-ctfd.yaml b/.github/workflows/configure-ctfd.yaml
@@ -0,0 +1,79 @@
+name: Deploy CTF services on Azure Kubernetes Service
+on:
+  workflow_dispatch:
+    inputs:
+      ENVIRONMENT:
+        default: ctf
+        description: The name of the GitHub environment to use (https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#about-environments)
+        type: environment
+  workflow_call:
+    inputs:
+      ENVIRONMENT:
+        default: ctf
+        description: The name of the GitHub environment to use (https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#about-environments)
+        type: string
+    secrets:
+      AZURE_CLIENT_ID:
+        required: true
+      AZURE_TENANT_ID:
+        required: true
+      AZURE_SUBSCRIPTION_ID:
+        required: true
+
+permissions:
+  id-token: write # Required for requesting the JWT
+  contents: read
+
+jobs:
+  configure-ctfd:
+    name: Configure CTFd
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.ENVIRONMENT }}
+    steps:
+      - name: Run az login
+        uses: azure/login@v1
+        with:
+          client-id: ${{ vars.AZURE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v3
+        with:
+          version: 'v1.29.1'
+
+      - name: Install node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install juice-shop-ctf-cli
+        run: npm install -g juice-shop-ctf-cli
+
+      - name: Get AKS cluster credentials
+        run: |
+          ./manage-azure-deployment.sh cluster-auth
+
+      - name: Configure the CTFd instance
+        env:
+          CTF_KEY: ${{ secrets.CTF_KEY }}
+          JUICE_FQDN: ${{ vars.JUICE_FQDN }}
+          CTFD_ADMIN_PASSWORD: ${{ secrets.CTFD_ADMIN_PASSWORD }}
+          CTF_NAME: ${{ vars.CTF_NAME }}
+          CTF_DESC: ${{ vars.CTF_DESC }}
+          CTFD_REGISTRATION_CODE: ${{ vars.CTFD_REGISTRATION_CODE }}
+          CTF_TEAM_SIZE: ${{ vars.CTF_TEAM_SIZE }}
+          CTF_START_DATETIME: ${{ vars.CTF_START_DATETIME }}
+          CTF_END_DATETIME: ${{ vars.CTF_END_DATETIME }}
+        run: |
+          ./manage-ctfd.sh run
+
+      - name: Upload CTFd challenges file as an artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ctfd-challenges.csv
+          path: ctfd-challenges-*.csv
+          retention-days: 7
diff --git a/.github/workflows/deploy-ctf.yaml b/.github/workflows/deploy-ctf.yaml
@@ -21,8 +21,8 @@ on:
         required: true
 
 permissions:
-      id-token: write # Required for requesting the JWT
-      contents: read
+  id-token: write # Required for requesting the JWT
+  contents: read
 
 jobs:
   deploy:
@@ -70,6 +70,9 @@ jobs:
           go install github.com/a8m/envsubst/cmd/[email protected]
 
       - name: Create the Kubernetes cluster in AKS
+        env:
+          AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
+          AZURE_DNS_NAME: ${{ vars.AZURE_DNS_NAME }}
         run: |
           ./manage-azure-deployment.sh new
 
@@ -79,8 +82,10 @@ jobs:
           COOKIE_SECRET: ${{ secrets.COOKIE_SECRET }}
           CTFD_SECRET_KEY: ${{ secrets.CTFD_SECRET_KEY }}
           JUICE_FQDN: ${{ vars.JUICE_FQDN }}
+          TLS_CERT_EMAIL: ${{ vars.TLS_CERT_EMAIL }}
           BALANCER_REPLICAS: ${{ vars.BALANCER_REPLICAS }}
           MAX_INSTANCES: ${{ vars.MAX_INSTANCES }}
+          METRICS_USER: ${{ vars.METRICS_USER }}
           GRACE_PERIOD: ${{ vars.GRACE_PERIOD }}
           MANAGE_MONITORING: ${{ vars.MANAGE_MONITORING }}
           MANAGE_CTFD: ${{ vars.MANAGE_CTFD }}
@@ -92,38 +97,3 @@ jobs:
           CTFD_MYSQL_REPL_PASS: ${{ secrets.CTFD_MYSQL_REPL_PASS }}
         run: |
           ./manage-multijuicer.sh up
-
-  # import-challenges:
-  #   name: Import challenges to CTFd
-  #   runs-on: ubuntu-latest
-  #   environment: ${{ inputs.ENVIRONMENT }}
-  #   needs: [deploy]
-  #   steps:
-  #     - name: Checkout
-  #       uses: actions/checkout@v4
-
-  #     - name: Install kubectl
-  #       uses: azure/setup-kubectl@v3
-  #       with:
-  #         version: 'v1.29.1'
-
-  #     - name: Install node
-  #       uses: actions/setup-node@v4
-  #       with:
-  #         node-version: 20
-
-  #     - name: Install juice-shop-ctf-cli
-  #       run: npm install -g juice-shop-ctf-cli
-
-  #     - name: Generate challenges
-  #       env:
-  #         CTF_KEY: ${{ secrets.CTF_KEY }}
-  #       run: |
-  #         ./generate-challenges.sh
-
-  #     - name: Upload CTFd challenges file as an artifact
-  #       uses: actions/upload-artifact@v4
-  #       with:
-  #         name: ctfd-challenges.csv
-  #         path: ctfd-challenges-*.csv
-  #         retention-days: 7
diff --git a/manage-azure-deployment.sh b/manage-azure-deployment.sh
@@ -55,6 +55,7 @@ function usage() {
         wipe-all\tRemoves the cluster, resource group, and key vault.
         write-secrets\tWrite the secrest to Azure Key Vault.
         password\tRetrieve the admin password for the multi-juicer instance
+        cluster-auth\tGet the credentials for the cluster
     "
     exit 0
 }
@@ -278,6 +279,9 @@ case "$COMMAND" in
     "password")
         get_admin_password
         ;;
+    "cluster-auth")
+        get_cluster_credentials
+        ;;
     *)
         failure "Invalid argument '$COMMAND'\n"
         usage