From 691abdb3998137ff445aa2fcdc8cae5ed4960c33 Mon Sep 17 00:00:00 2001 From: Morten Amundsen Date: Mon, 8 Apr 2024 13:46:32 +0200 Subject: [PATCH] ci: workflow to configure CTFd (#61) * ci(chore): pass all env vars * feat: add command to get cluster credentials * ci(feat): workflow for configuring CTFd --- .github/workflows/configure-ctfd.yaml | 79 +++++++++++++++++++++++++++ .github/workflows/deploy-ctf.yaml | 44 +++------------ manage-azure-deployment.sh | 4 ++ 3 files changed, 90 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/configure-ctfd.yaml diff --git a/.github/workflows/configure-ctfd.yaml b/.github/workflows/configure-ctfd.yaml new file mode 100644 index 0000000..b2023ca --- /dev/null +++ b/.github/workflows/configure-ctfd.yaml @@ -0,0 +1,79 @@ +name: Deploy CTF services on Azure Kubernetes Service +on: + workflow_dispatch: + inputs: + ENVIRONMENT: + default: ctf + description: The name of the GitHub environment to use (https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#about-environments) + type: environment + workflow_call: + inputs: + ENVIRONMENT: + default: ctf + description: The name of the GitHub environment to use (https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#about-environments) + type: string + secrets: + AZURE_CLIENT_ID: + required: true + AZURE_TENANT_ID: + required: true + AZURE_SUBSCRIPTION_ID: + required: true + +permissions: + id-token: write # Required for requesting the JWT + contents: read + +jobs: + configure-ctfd: + name: Configure CTFd + runs-on: ubuntu-latest + environment: ${{ inputs.ENVIRONMENT }} + steps: + - name: Run az login + uses: azure/login@v1 + with: + client-id: ${{ vars.AZURE_CLIENT_ID }} + tenant-id: ${{ vars.AZURE_TENANT_ID }} + subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} + + - name: Checkout + uses: actions/checkout@v4 + + - name: Install kubectl + uses: azure/setup-kubectl@v3 + with: + version: 'v1.29.1' + + - name: Install node + uses: actions/setup-node@v4 + with: + node-version: 20 + + - name: Install juice-shop-ctf-cli + run: npm install -g juice-shop-ctf-cli + + - name: Get AKS cluster credentials + run: | + ./manage-azure-deployment.sh cluster-auth + + - name: Configure the CTFd instance + env: + CTF_KEY: ${{ secrets.CTF_KEY }} + JUICE_FQDN: ${{ vars.JUICE_FQDN }} + CTFD_ADMIN_PASSWORD: ${{ secrets.CTFD_ADMIN_PASSWORD }} + CTF_NAME: ${{ vars.CTF_NAME }} + CTF_DESC: ${{ vars.CTF_DESC }} + CTFD_REGISTRATION_CODE: ${{ vars.CTFD_REGISTRATION_CODE }} + CTF_TEAM_SIZE: ${{ vars.CTF_TEAM_SIZE }} + CTF_START_DATETIME: ${{ vars.CTF_START_DATETIME }} + CTF_END_DATETIME: ${{ vars.CTF_END_DATETIME }} + run: | + ./manage-ctfd.sh run + + - name: Upload CTFd challenges file as an artifact + uses: actions/upload-artifact@v4 + with: + name: ctfd-challenges.csv + path: ctfd-challenges-*.csv + retention-days: 7 diff --git a/.github/workflows/deploy-ctf.yaml b/.github/workflows/deploy-ctf.yaml index ee4daec..c3fa676 100644 --- a/.github/workflows/deploy-ctf.yaml +++ b/.github/workflows/deploy-ctf.yaml @@ -21,8 +21,8 @@ on: required: true permissions: - id-token: write # Required for requesting the JWT - contents: read + id-token: write # Required for requesting the JWT + contents: read jobs: deploy: @@ -70,6 +70,9 @@ jobs: go install github.com/a8m/envsubst/cmd/envsubst@v1.4.2 - name: Create the Kubernetes cluster in AKS + env: + AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }} + AZURE_DNS_NAME: ${{ vars.AZURE_DNS_NAME }} run: | ./manage-azure-deployment.sh new @@ -79,8 +82,10 @@ jobs: COOKIE_SECRET: ${{ secrets.COOKIE_SECRET }} CTFD_SECRET_KEY: ${{ secrets.CTFD_SECRET_KEY }} JUICE_FQDN: ${{ vars.JUICE_FQDN }} + TLS_CERT_EMAIL: ${{ vars.TLS_CERT_EMAIL }} BALANCER_REPLICAS: ${{ vars.BALANCER_REPLICAS }} MAX_INSTANCES: ${{ vars.MAX_INSTANCES }} + METRICS_USER: ${{ vars.METRICS_USER }} GRACE_PERIOD: ${{ vars.GRACE_PERIOD }} MANAGE_MONITORING: ${{ vars.MANAGE_MONITORING }} MANAGE_CTFD: ${{ vars.MANAGE_CTFD }} @@ -92,38 +97,3 @@ jobs: CTFD_MYSQL_REPL_PASS: ${{ secrets.CTFD_MYSQL_REPL_PASS }} run: | ./manage-multijuicer.sh up - - # import-challenges: - # name: Import challenges to CTFd - # runs-on: ubuntu-latest - # environment: ${{ inputs.ENVIRONMENT }} - # needs: [deploy] - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - - # - name: Install kubectl - # uses: azure/setup-kubectl@v3 - # with: - # version: 'v1.29.1' - - # - name: Install node - # uses: actions/setup-node@v4 - # with: - # node-version: 20 - - # - name: Install juice-shop-ctf-cli - # run: npm install -g juice-shop-ctf-cli - - # - name: Generate challenges - # env: - # CTF_KEY: ${{ secrets.CTF_KEY }} - # run: | - # ./generate-challenges.sh - - # - name: Upload CTFd challenges file as an artifact - # uses: actions/upload-artifact@v4 - # with: - # name: ctfd-challenges.csv - # path: ctfd-challenges-*.csv - # retention-days: 7 diff --git a/manage-azure-deployment.sh b/manage-azure-deployment.sh index e9543f6..2051b2b 100755 --- a/manage-azure-deployment.sh +++ b/manage-azure-deployment.sh @@ -55,6 +55,7 @@ function usage() { wipe-all\tRemoves the cluster, resource group, and key vault. write-secrets\tWrite the secrest to Azure Key Vault. password\tRetrieve the admin password for the multi-juicer instance + cluster-auth\tGet the credentials for the cluster " exit 0 } @@ -278,6 +279,9 @@ case "$COMMAND" in "password") get_admin_password ;; + "cluster-auth") + get_cluster_credentials + ;; *) failure "Invalid argument '$COMMAND'\n" usage