Gh0st
/
Nettacker
mirror of https://github.com/OWASP/Nettacker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dockerfile change to multi-stage with 'nettacker' as entrypoint + related CI/CD changes (#1115) 

* Update Dockerfile

multi-stage Dockerfile

* Update ci_cd.yml

modifications to support Dockerfile entrypoint changes

* Update Dockerfile

added --no-deps --no-cache-dir

* Update Dockerfile

added OCI Label and remove the whl file after installation following the CodeRabbit review

* Update Dockerfile

moved OCI label as copy-pasted in the wrong place

* Update Dockerfile

as per suggestion

Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
This commit is contained in:
Sam Stepanyan 2025-08-09 16:30:45 +01:00 committed by GitHub
parent c77246f700
commit c42460ce2f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 53 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
.github/workflows/ci_cd.yml vendored
View File

@ -161,46 +161,42 @@ jobs:
- name: Test help menu - name: Test help menu
run: | run: |
docker run -e github_ci=true --rm nettacker \ docker run -e github_ci=true --rm nettacker --help
poetry run python nettacker.py --help
- name: Test help menu in Persian - name: Test help menu in Persian
run: | run: |
docker run -e github_ci=true --rm nettacker \ docker run -e github_ci=true --rm nettacker --help -L fa
poetry run python nettacker.py --help -L fa
- name: Show all modules - name: Show all modules
run: | run: |
docker run -e github_ci=true --rm nettacker \ docker run -e github_ci=true --rm nettacker --show-all-modules
poetry run python nettacker.py --show-all-modules
- name: Show all profiles - name: Show all profiles
run: | run: |
docker run -e github_ci=true --rm nettacker \ docker run -e github_ci=true --rm nettacker --show-all-profiles
poetry run python nettacker.py --show-all-profiles
- name: Test all modules command + check if it's finish successfully + csv - name: Test all modules command + check if it's finish successfully + csv
run: | run: |
docker run -e github_ci=true --rm -i nettacker \ docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \
poetry run python nettacker.py -i 127.0.0.1 -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \
-t 1000 -T 3 -o out.csv -t 1000 -T 3 -o out.csv
- name: Test all modules command + check if it's finish successfully + csv - name: Test all modules command + check if it's finish successfully + csv
run: | run: |
docker run -e github_ci=true --rm -i nettacker \ docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \
poetry run python nettacker.py -i 127.0.0.1 -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \ -i host.docker.internal -u user1,user2 -p pass1,pass2 -m all -g 21,25,80,443 \
-t 1000 -T 3 -o out.csv --skip-service-discovery -t 1000 -T 3 -o out.csv --skip-service-discovery
- name: Test all modules command + check if it's finish successfully + with graph + Persian - name: Test all modules command + check if it's finish successfully + with graph + Persian
run: | run: |
docker run -e github_ci=true --rm -i nettacker \ docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \
poetry run python nettacker.py -i 127.0.0.1 -L fa -u user1,user2 -p pass1,pass2 --profile all \ -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \
-g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v
- name: Test all modules command + check if it's finish successfully + with graph + Persian - name: Test all modules command + check if it's finish successfully + with graph + Persian
run: | run: |
docker run -e github_ci=true --rm -i nettacker \ docker run -e github_ci=true --rm -i --add-host=host.docker.internal:host-gateway nettacker \
poetry run python nettacker.py -i 127.0.0.1 -L fa -u user1,user2 -p pass1,pass2 --profile all \ -i host.docker.internal -L fa -u user1,user2 -p pass1,pass2 --profile all \
-g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v --skip-service-discovery -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v --skip-service-discovery
test-docker-image-build: test-docker-image-build:
@ -243,9 +239,6 @@ jobs:
- name: Build Nettacker image - name: Build Nettacker image
run: docker build . -t nettacker run: docker build . -t nettacker
- name: Run pip install
run: docker run nettacker pip install .
publish-nettacker-dev-to-docker-registry: publish-nettacker-dev-to-docker-registry:
name: Publish nettacker:dev Docker image name: Publish nettacker:dev Docker image
if: | if: |

45
Dockerfile
View File

@ -1,5 +1,10 @@
FROM python:3.11.13-slim ### Multi-stage Dockerfile
# Define the base image only once as a build argument
ARG PYTHON_IMAGE=python:3.11.13-slim
### Build stage
FROM ${PYTHON_IMAGE} AS builder
### Install OS dependencies and poetry package manager
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y gcc libssl-dev && \ apt-get install -y gcc libssl-dev && \
apt-get clean && \ apt-get clean && \
@ -8,11 +13,41 @@ RUN apt-get update && \
WORKDIR /usr/src/owaspnettacker WORKDIR /usr/src/owaspnettacker
# Copy dependency files first to maximize Docker cache usage for installing dependencies
COPY poetry.lock pyproject.toml ./
# Install dependencies
RUN poetry config virtualenvs.in-project true && \
poetry install --no-cache --no-root --without dev --without test
# Now copy the rest of the required source code
COPY nettacker nettacker COPY nettacker nettacker
COPY nettacker.py poetry.lock pyproject.toml README.md ./ COPY nettacker.py README.md ./
RUN poetry install --no-cache --no-root --without dev --without test # Build the project only after all code is present
RUN poetry build
### Runtime stage - start from a clean Python image
FROM ${PYTHON_IMAGE} AS runtime
WORKDIR /usr/src/owaspnettacker
# OCI Labels (attach to final image)
LABEL org.opencontainers.image.title="OWASP Nettacker" \
org.opencontainers.image.description="Automated Penetration Testing Framework" \
org.opencontainers.image.url="https://owasp.org/nettacker" \
org.opencontainers.image.source="https://github.com/OWASP/Nettacker" \
org.opencontainers.image.licenses="Apache-2.0"
### Bring from 'builder' just the virtualenv and the packaged Nettacker as a wheel
COPY --from=builder /usr/src/owaspnettacker/.venv ./.venv
COPY --from=builder /usr/src/owaspnettacker/dist/*.whl .
ENV PATH=/usr/src/owaspnettacker/.venv/bin:$PATH
### Use pip inside the venv to install just the nettacker wheel saving 50%+ space
RUN pip install --no-deps --no-cache-dir nettacker-*.whl && \
rm -f nettacker-*.whl
### We now have Nettacker installed in the virtualenv with 'nettacker' command which is the new entrypoint
ENV docker_env=true ENV docker_env=true
ENTRYPOINT [ "nettacker" ]
CMD [ "poetry", "run", "python", "./nettacker.py" ] CMD ["--help"]