Update README.md

docker-compose.production.yml

@@ -1,6 +0,0 @@
-version: "3.9"
-services:
-  well-known:
-    build:
-      context: docker/vault
-    image: git.nixc.us/colin/vault:production

.woodpecker.yml

@@ -0,0 +1,143 @@
+labels:
+  hostname: "macmini7"
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      partial: false
+      depth: 1
+steps:
+  # Build Step for staging Branch
+  build-staging:
+    name: build-staging
+    image: woodpeckerci/plugin-docker-buildx
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - echo "Building application for staging branch"
+      - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
+      - echo compose build
+      - docker compose -f docker-compose.staging.yml build
+    when:
+      - branch: main
+      - event: push
+      - path:
+          include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ]
+
+  deploy-new:
+    name: deploy-new
+    when:
+      - branch: main
+      - path:
+          include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ]
+    image: woodpeckerci/plugin-docker-buildx
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
+      - echo compose push
+      - docker compose -f docker-compose.staging.yml push
+      # - docker stack deploy --with-registry-auth -c ./stack.staging.yml $${CI_REPO_NAME}-staging
+
+  # # Wait for Deploy to Complete
+  # wait-for-deploy-staging:
+  #   name: wait-for-deploy-staging
+  #   image: woodpeckerci/plugin-git
+  #   commands:
+  #     - echo "Waiting for staging deploy step to complete rollout."
+  #     - sleep 60
+  #   when:
+  #     - branch: main
+  #     - event: push
+
+  # # Run Automated Tests on staging Branch
+  # test-staging:
+  #   name: run-tests-staging
+  #   image: git.nixc.us/colin/playwright:latest
+  #   secrets: [ base_url ]
+  #   when:
+  #     - branch: main
+  #     - event: push
+  #     - path:
+  #         include: [ 'tests/', 'src/','docker-compose.staging.yml', 'docker-compose.production.yml', '*.tests.ts' ] # Specify paths relevant to tests
+  #   volumes:
+  #     - /var/run/docker.sock:/var/run/docker.sock:ro
+
+  cleanup-staging:
+    name: cleanup-staging
+    when:
+      - branch: main
+      - path:
+          include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ]
+    image: woodpeckerci/plugin-docker-buildx
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      # - docker stack rm $${CI_REPO_NAME}-staging 
+      ## added fault tolerance for docker stack rm
+      # - for i in {1..5}; do docker stack rm ${CI_REPO_NAME}-staging && break || sleep 10; done
+      - docker compose -f docker-compose.staging.yml down
+      - docker compose -f docker-compose.staging.yml rm -f
+
+  # Build Step for staging Branch
+  build-build-push-production:
+    name: build-build-push-production
+    image: woodpeckerci/plugin-docker-buildx
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - echo "Building application for staging branch"
+      - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
+      - echo compose build
+      - docker compose -f docker-compose.production.yml build
+      - docker compose -f docker-compose.production.yml push
+    when:
+      - branch: production
+      - event: push
+      - path:
+          include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ]
+
+  # Deploy to Production Branch
+  deploy-production:
+    name: deploy-production
+    image: woodpeckerci/plugin-docker-buildx
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
+      # - docker stack deploy --with-registry-auth -c ./stack.production.yml $${CI_REPO_NAME}
+    when:
+      - branch: production
+      - event: push
+      # - path:
+      #     include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ]
+
+
+  # # Wait for Deploy to Complete
+  # wait-for-deploy-production:
+  #   name: wait-for-deploy-production
+  #   image: woodpeckerci/plugin-git
+  #   commands:
+  #     - echo "Waiting for deploy step to complete rollout."
+  #     - sleep 60
+  #   when:
+  #     - branch: production
+  #     - event: push
+
+  # # Run Post-Deployment Smoke Tests
+  # post-deploy-smoke-tests-git-nixc-us:
+  #   name: run-post-deploy-smoke-tests-git-nixc-us
+  #   image: git.nixc.us/colin/playwright:latest
+  #   # secrets: [TEST_USER, TEST_PASSWORD]
+  #   environment:
+  #     - BASE_URL=https://git.nixc.us
+  #   when:
+  #     - branch: production
+  #     - event: push
+  #     # - path:
+  #     #     include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ]

README.md

@@ -0,0 +1,14 @@
+<!-- #build2 -->
+## Nikto Web Vulnerability Scanner
+[Nikto](https://github.com/sullo/nikto) from Sullo is a web server assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server.
+
+Call it without arguments to display the full help:
+
+`docker run --rm git.nixc.us/colin/nikto`
+
+Basic usage
+`docker run --rm git.nixc.us/colin/nikto -h https://www.example.com`
+
+To save the report in a specific format, mount /tmp as a volume:
+
+`docker run --rm -v $(pwd):/tmp git.nixc.us/colin/nikto -h http://www.example.com -o /tmp/out.json`

docker-compose.production.yml

@@ -0,0 +1,6 @@
+version: "3.9"
+services:
+  nikto:
+    build:
+      context: docker/nikto
+    image: git.nixc.us/colin/nikto:production

docker-compose.staging.yml

@@ -0,0 +1,6 @@
+version: "3.9"
+services:
+  nikto:
+    build:
+      context: docker/nikto
+    image: git.nixc.us/colin/nikto:staging

docker/nikto/Dockerfile

@@ -0,0 +1,36 @@
+FROM alpine:latest
+
+RUN apk add --update git
+
+#force fresh git clone each build.
+ADD https://api.github.com/repos/sullo/nikto/git/refs/heads/master version.json
+RUN mkdir /source /nikto && cd /source && git clone https://github.com/sullo/nikto.git
+
+RUN mv /source/nikto/program/* /nikto/
+
+ENV PATH="/nikto:${PATH}"
+
+RUN echo 'Selecting packages to Nikto.' \
+  && apk update \
+  && apk add --no-cache --virtual .build-deps \
+     perl \
+     perl-net-ssleay \
+  && echo 'Cleaning cache from APK.' \
+  && rm -rf /var/cache/apk/* \
+  && echo 'Creating the nikto group.' \
+  && addgroup nikto \
+  && echo 'Creating the user nikto.' \
+  && adduser -G nikto -g "Nikto user" -s /bin/sh -D nikto \
+  && echo 'Changing the ownership.' \
+  && chown -R nikto.nikto /nikto \
+  && echo 'Creating a random password for root.' \
+  && export RANDOM_PASSWORD=`tr -dc A-Za-z0-9 < /dev/urandom | head -c44` \
+  && echo "root:$RANDOM_PASSWORD" | chpasswd \
+  && unset RANDOM_PASSWORD \
+  && echo 'Locking root account.' \
+  && passwd -l root \
+  && echo 'Finishing image.'
+
+USER nikto
+
+ENTRYPOINT ["nikto.pl"]