Skip to content

Add Slack webhook exposed key handling #748

Add Slack webhook exposed key handling

Add Slack webhook exposed key handling #748

Workflow file for this run

name: TestSuite
on:
push:
branches:
- "master"
- "dev"
workflow_dispatch:
inputs:
canarytokens-branch:
description: "Branch of the canarytokens repo to pull for build. Defaults to master"
required: false
jobs:
tests:
runs-on: ubuntu-latest
env:
AWS_REGION: 'eu-west-1'
permissions:
id-token: write
contents: read
services:
redis:
# TODO: ensure this is identical to whatever is in the compose files. Simple linter should suffice.
image: redis@sha256:03f00cd789243846888e2f834c762f53b224b9970b434a192b0f6b533d7e219c
#
ports:
# Opens tcp port 6379 on the host and service container
- 6379:6379
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
mysql:
image: mysql@sha256:940fdfa3dc408fb792a8cceb21cafda4b7cd56ce4fbc32833766bdd2a57d6a4f
env:
MYSQL_ALLOW_EMPTY_PASSWORD: 1
ports:
- 3307:3306
options: >-
--health-cmd="mysqladmin ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
strategy:
matrix:
python-version: ["3.10"]
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::211125554061:role/Canarytokens-staging-github-action
role-session-name: GitHubActions-${{ github.actor }}-${{ github.workflow }}-${{ github.run_id }}-${{ github.run_number }}
aws-region: ${{ env.AWS_REGION }}
- uses: actions/checkout@v3
with:
ref: '${{ github.event.inputs.canarytokens-branch }}'
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}
- name: Get full python version
id: full-python-version
run: |
echo ::set-output name=version::$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info[:3]))")
- name: Install deps
run: |
sudo apt update -y
sudo apt install libzbar0 -y
sudo apt install wireguard
sudo apt install mysql-client
sudo apt-get install subversion
sudo apt-get install openssh-server
curl -sSL https://install.python-poetry.org | python -
poetry config virtualenvs.in-project true
sudo apt-get update -y
sudo apt-get install -y apt-transport-https ca-certificates curl
sudo apt-get update -y
sudo apt-get install -y osslsigncode
sudo apt install redis-tools
- name: Set up cache
uses: actions/cache@v1
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('**/poetry.lock') }}
- name: Install python dependencies
run: |
poetry install -E 'twisted web'
- name: Run unit tests
env:
CANARY_MAILGUN_DOMAIN_NAME: syruppdfs.com
CANARY_MAILGUN_BASE_URL: https://api.eu.mailgun.net
CANARY_ALERT_EMAIL_FROM_ADDRESS: [email protected]
CANARY_ALERT_EMAIL_FROM_DISPLAY: Canarytoken Mail
CANARY_ALERT_EMAIL_SUBJECT: Your Canarytoken was Triggered
# Here we gather coverage info on all tests.
run: |
mv frontend/frontend.env.dist frontend/frontend.env
mv switchboard/switchboard.env.dist switchboard/switchboard.env
export CANARY_AWSID_URL=$(aws ssm get-parameter --name "/staging/awsid_url" --with-decryption --region eu-west-1 | jq -r '.Parameter.Value')
export CANARY_TESTING_AWS_ACCESS_KEY_ID=${{ secrets.TESTING_AWS_ACCESS_KEY_ID }}
export CANARY_TESTING_AWS_SECRET_ACCESS_KEY=${{ secrets.TESTING_AWS_SECRET_ACCESS_KEY }}
export CANARY_SENDGRID_API_KEY=${{ secrets.TESTING_SENDGRID_API_KEY }}
export CANARY_MAILGUN_API_KEY=${{ secrets.TESTING_MAILGUN_API_KEY }}
export CANARY_SENTRY_ENVIRONMENT=ci
export CANARY_WEB_IMAGE_UPLOAD_PATH=../uploads
cd tests
poetry run coverage run --source=../canarytokens --omit="integration/test_custom_binary.py,integration/test_sql_server_token.py" -m pytest units --runv3 -v
- name: Check coverage is over threshold percentage for unit tests
# Here we check coverage info on all tests
run: |
cd tests
poetry run coverage report --omit="integration/test_custom_binary.py,integration/test_sql_server_token.py" --fail-under 85
- name: Run integration tests (against local V3)
run: |
redis-cli flushall
mkdir uploads
make switchboard &
make frontend &
cd tests
sleep 10
export TEST_NETWORK=`docker network ls | grep git | python -c "from sys import stdin; print(stdin.read().split()[1])"`
export TEST_HOST=`docker network inspect $TEST_NETWORK | jq '.[0].IPAM.Config[0].Gateway' | sed 's/"//g'`
LIVE=False poetry run coverage run --source=../canarytokens --omit=integration/test_custom_binary.py -m pytest integration --runv3 -v
windows-tests:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
- name: Install deps
run: |
python -m pip install --user pipx
python -m pipx ensurepath
python -m pipx install poetry==1.3.2
- name: Install python dependencies
# poetry cache clear --all pypi ref: https://stackoverflow.com/questions/72551057/poetry-gives-toomanyindirects-error-suddenly
# Remove when this is resolved.
run: |
poetry config virtualenvs.in-project true
poetry cache clear --all pypi
poetry install -E 'twisted web'
- name: Integration Tests
run: |
$env:LIVE = 'True'
copy .\frontend\frontend.env.dist .\frontend\frontend.env
copy .\switchboard\switchboard.env.dist .\switchboard\switchboard.env
cd tests
$env:PSModulePath = ''; poetry run pytest .\integration\test_custom_binary.py --runv3 -v