From 6e60cd17d6b3daaaa9ae59d1977aeb7adeb825ad Mon Sep 17 00:00:00 2001
From: Kamforka <antalszabolcs01@gmail.com>
Date: Wed, 1 May 2024 11:07:13 +0200
Subject: [PATCH] debug

---
 .github/workflows/integrator.yml              | 52 +++++++++++++++++++
 docker/thehive4py-integrator/Dockerfile       | 50 ++++++++++++++++++
 .../configs/elasticsearch.yml                 |  7 +++
 .../configs/thehive.conf                      | 22 ++++++++
 docker/thehive4py-integrator/entrypoint.sh    | 35 +++++++++++++
 5 files changed, 166 insertions(+)
 create mode 100644 .github/workflows/integrator.yml
 create mode 100644 docker/thehive4py-integrator/Dockerfile
 create mode 100644 docker/thehive4py-integrator/configs/elasticsearch.yml
 create mode 100644 docker/thehive4py-integrator/configs/thehive.conf
 create mode 100755 docker/thehive4py-integrator/entrypoint.sh

diff --git a/.github/workflows/integrator.yml b/.github/workflows/integrator.yml
new file mode 100644
index 0000000..0b3db9c
--- /dev/null
+++ b/.github/workflows/integrator.yml
@@ -0,0 +1,52 @@
+name: integrator-image
+on: 
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  changes:
+    name: Change detection
+    runs-on: ubuntu-latest
+    outputs:
+      integrator: ${{ steps.filter.outputs.integrator }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            integrator:
+              - 'docker/thehive4py-integrator/**'
+  build:
+    name: Build and push
+    needs: changes
+    if: ${{ needs.changes.outputs.integrator == 'true' }}
+    runs-on: ubuntu-latest
+    env:
+      THEHIVE_VERSION: 5.3.0
+      IMAGE_NAME: kamforka/thehive4py-integrator
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set variables
+        id: variables
+        run: |
+          echo "IMAGE_FULLNAME=$IMAGE_NAME:thehive-$THEHIVE_VERSION" >> $GITHUB_OUTPUT
+          echo "IMAGE_FULLNAME_WITH_HASH=$IMAGE_FULLNAME-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Build image
+        run: |
+          echo ${{ steps.variables.IMAGE_FULLNAME }}
+          exit 1
+          docker build -t ${{ steps.variables.IMAGE_FULLNAME }} docker/thehive4-py-integrator 
+          docker build -t ${{ needs.variables.IMAGE_FULLNAME_WITH_HASH }} docker/thehive4-py-integrator 
+
+      - name: Push image
+        # if: ${{ github.ref == 'refs/heads/main' }}
+        run: |
+          docker login -u ${DOCKER_USER} -p ${DOCKER_PASS}
+        env:
+          DOCKER_USER: ${{ secrets.DOCKER_USER }}
+          DOCKER_PASS: ${{ secrets.DOCKER_PASS }}
diff --git a/docker/thehive4py-integrator/Dockerfile b/docker/thehive4py-integrator/Dockerfile
new file mode 100644
index 0000000..7bc2afc
--- /dev/null
+++ b/docker/thehive4py-integrator/Dockerfile
@@ -0,0 +1,50 @@
+FROM alpine:3.17 as base
+
+# BUILDER STAGE
+FROM base as builder
+
+ARG ES_VERSION=7.17.19
+ARG THEHIVE_VERSION=5.3.0
+
+RUN apk update && apk upgrade && apk add curl
+
+## ES DOWNLOAD
+ARG ES_DOWNLOAD_URL=https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-${ES_VERSION}-linux-x86_64.tar.gz
+
+RUN curl -Lo /tmp/elasticsearch.tgz ${ES_DOWNLOAD_URL} \
+    && tar -xzf /tmp/elasticsearch.tgz -C /tmp \
+    && mv /tmp/elasticsearch-${ES_VERSION} /tmp/elasticsearch
+
+## THEHIVE DOWNLOAD
+ARG THEHIVE_DOWNLOAD_URL=https://archives.strangebee.com/zip/thehive-${THEHIVE_VERSION}-1.zip 
+
+RUN curl -Lo /tmp/thehive.zip ${THEHIVE_DOWNLOAD_URL}
+RUN unzip -qo /tmp/thehive.zip -d /tmp \
+    && mv /tmp/thehive-${THEHIVE_VERSION}-1 /tmp/thehive
+
+# FINAL STAGE
+FROM base
+RUN apk update && apk upgrade && apk add --no-cache openjdk11-jre-headless bash su-exec curl
+
+## ES SETUP
+COPY --from=builder /tmp/elasticsearch /usr/share/elasticsearch
+COPY configs/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
+
+RUN adduser -u 1000 -g 1000 -Dh /usr/share/elasticsearch elasticsearch \
+    && mkdir -p /usr/share/elasticsearch/data \
+    && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch \
+    && rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64
+
+## THEHIVE SETUP
+COPY --from=builder /tmp/thehive /opt/thehive/
+COPY configs/thehive.conf /opt/thehive/conf/application.conf
+
+RUN adduser -u 1001 -g 1001 -Dh /opt/thehive thehive \
+    && mkdir /var/log/thehive \
+    && chown -R thehive:thehive /opt/thehive /var/log/thehive
+
+## ENTRYPOINT
+COPY entrypoint.sh /
+RUN chmod +x entrypoint.sh
+EXPOSE 9000
+ENTRYPOINT /entrypoint.sh
\ No newline at end of file
diff --git a/docker/thehive4py-integrator/configs/elasticsearch.yml b/docker/thehive4py-integrator/configs/elasticsearch.yml
new file mode 100644
index 0000000..c7f8ebe
--- /dev/null
+++ b/docker/thehive4py-integrator/configs/elasticsearch.yml
@@ -0,0 +1,7 @@
+http.host: 0.0.0.0
+transport.host: 0.0.0.0
+discovery.type: single-node
+cluster.name: thehive4py
+xpack.security.enabled: false
+xpack.ml.enabled: false
+script.allowed_types: "inline,stored"
\ No newline at end of file
diff --git a/docker/thehive4py-integrator/configs/thehive.conf b/docker/thehive4py-integrator/configs/thehive.conf
new file mode 100644
index 0000000..910f353
--- /dev/null
+++ b/docker/thehive4py-integrator/configs/thehive.conf
@@ -0,0 +1,22 @@
+play.http.secret.key="supersecret"
+play.http.parser.maxDiskBuffer: 20MB
+
+db {
+  provider: janusgraph
+  janusgraph {
+    storage {
+      backend: berkeleyje
+      directory: /opt/thehive/db
+    }
+
+    index.search {
+      backend: elasticsearch
+      hostname: ["127.0.0.1"]
+    }
+  }
+}
+
+storage {
+  provider: localfs
+  localfs.location: /opt/thehive/data
+}
diff --git a/docker/thehive4py-integrator/entrypoint.sh b/docker/thehive4py-integrator/entrypoint.sh
new file mode 100755
index 0000000..2d97a73
--- /dev/null
+++ b/docker/thehive4py-integrator/entrypoint.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+wait_for_elastic() {
+    local health_url="http://localhost:9200/_cat/health"
+    local timeout=30
+
+    local start_time=$(date +%s)
+    while true; do
+        local current_time=$(date +%s)
+        local elapsed_time=$((current_time - start_time))
+
+        if [ "$elapsed_time" -ge "$timeout" ]; then
+            echo "error: elastic couldn't start in $timeout seconds"
+            exit 1
+        fi
+
+        local status_code=$(curl -so /dev/null -w %{http_code} ${health_url})
+        if [ "$status_code" -eq 200 ]; then
+            return
+        fi
+
+        sleep 0.25
+    done
+}
+
+
+echo "starting elasticsearch in the background"
+export ES_JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
+su-exec elasticsearch /usr/share/elasticsearch/bin/elasticsearch > /dev/null 2>&1 &
+
+echo "waiting for elastic to start up..."
+wait_for_elastic
+
+echo "starting thehive in the foreground"
+su-exec thehive /opt/thehive/bin/thehive -Dconfig.file=/opt/thehive/conf/application.conf
\ No newline at end of file