Deploy containers to Hosted CTFd #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy containers to Hosted CTFd | |
| on: | |
| push: | |
| branches: | |
| - main | |
| # TODO match on regex instead | |
| paths: | |
| - pwn/** | |
| - web/** | |
| workflow_dispatch: | |
| jobs: | |
| main: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: 3.x | |
| cache: pip | |
| - name: Setup ctfcli | |
| run: | | |
| pip install -r requirements.txt | |
| mkdir .ctf | |
| cat <<EOF > .ctf/config | |
| [config] | |
| url = https://${{ vars.CTFD_DOMAIN }} | |
| access_token = ${{ secrets.CTFD_TOKEN }} | |
| [cookies] | |
| site_password = ${{ secrets.CTFD_SITE_PASSWORD }} | |
| [challenges] | |
| EOF | |
| shopt -s extglob | |
| for chal in ?(pwn|web)/*/; do | |
| echo "$chal = $chal" >> .ctf/config | |
| done | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Get auth params for buildx cache | |
| uses: crazy-max/ghaction-github-runtime@v3 | |
| # TODO raise issue, throws error even if target challenge isn't deployable. ignore all errors for now | |
| - name: Deploy containers | |
| run: | | |
| docker() { | |
| if [ "$1" = "build" ]; then | |
| command docker buildx build --cache-from type=gha --cache-to type=gha,mode=max "${@:2}" | |
| else | |
| command docker "$@" | |
| fi | |
| } | |
| ctf challenge deploy || true | |
| - name: Setup GitHub container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - name: Push container images to GitHub | |
| run: |- | |
| images=$(docker images $REGISTRY/*:latest --format "{{.Repository}}") | |
| for image in $images; do | |
| lowercase=${GITHUB_REPOSITORY_OWNER,,} | |
| newtag=${image//$REGISTRY/ghcr\.io\/$lowercase}:latest | |
| docker tag $image:latest $newtag | |
| docker push $newtag | |
| done | |
| env: | |
| REGISTRY: ${{ vars.REGISTRY }} |