Merge branch 'development' into 'master'

Upgrade to Heimdall 2.4.8, container cleanup See merge request !20

Merge branch 'development' into 'master'
Upgrade to Heimdall 2.4.8, container cleanup See merge request !20
05cb00f8 · Al Fontaine · 5864302d · 465fe2ae · 05cb00f8 · 05cb00f8
Commit 05cb00f8 authored Jun 08, 2021 by Al Fontaine
8 changed files
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -4,3 +4,6 @@

 [Gitlab Configuration Files]
 .gitlab/* @ironbank-notifications/cht
+
+[ClamAV Whitelist File]
+clamav-whitelist @ironbank-security-team
--- a/Dockerfile
+++ b/Dockerfile
+ARG BASE_REGISTRY=registry1.dso.mil
+ARG BASE_IMAGE=ironbank/opensource/nodejs/nodejs14
+ARG BASE_TAG=14.17.0
+
+FROM mitre/heimdall2:2.4.8 AS source
+
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+
+COPY yarn.tar.gz /
+
+WORKDIR /
+
+USER root
+
+RUN NO_UPDATE_NOTIFIER=true npm install -g yarn.tar.gz --force
+
+WORKDIR /heimdall
+
+COPY --from=source /app .
+
+COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+
+# Not necessary for normal operation and the trigger scan warnings on IronBank.
+RUN rm -rf /heimdall/apps/backend/node_modules/webfinger/test
+
+USER node
+
+HEALTHCHECK --interval=5m --timeout=30s --start-period=1m --retries=3 \
+  CMD curl -f http://locahost:3000/server || exit 1
+
+EXPOSE 3000
+
+CMD ["docker-entrypoint.sh"]
--- a/LICENSE
+++ b/LICENSE
+Licensed under the Apache-2.0 license.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+- Redistributions of source code must retain the above copyright/ digital rights legend, this list of conditions and the following Notice.
+
+- Redistributions in binary form must reproduce the above copyright copyright/ digital rights legend, this list of conditions and the following Notice in the documentation and/or other materials provided with the distribution.
+
+- Neither the name of The MITRE Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
--- a/README.md
+++ b/README.md
-# <application name>
+# MITRE Heimdall2

-Project template for all Iron Bank container repositories.
\ No newline at end of file
+Given that Heimdall requires at least a database service, we use Docker and Docker Compose to provide a simple deployment experience.
+
+#### Setup Docker Container (Clean Install)
+
+1. Install Docker
+
+2. Download and extract the most recent `docker-compose.yml` and `setup-docker-secrets.sh` from our [releases page](https://github.com/mitre/heimdall2/releases).
+
+3. Navigate to the base folder where `docker-compose.yml` is located
+
+4. Run the following commands in a terminal window from the Heimdall source directory. For more information on the .env file, visit [Environment Variables Configuration.](https://github.com/mitre/heimdall2/wiki/Environment-Variables-Configuration)
+   - ```bash
+     ./setup-docker-secrets.sh
+     # If you would like to further configure your Heimdall instance, edit the .env file generated after running the previous line
+     docker-compose up -d
+     ```
+
+6. Navigate to  [`http://127.0.0.1:3000`](http://127.0.0.1:3000).
+
+#### Running Docker Container
+
+Make sure you have run the setup steps at least once before following these steps!
+
+1. Run the following command in a terminal window: ``docker-compose up -d``
+
+2. Go to [`http://127.0.0.1:3000`](http://127.0.0.1:3000) in a web browser.
+
+#### Updating Docker Container
+
+A new version of the docker container can be retrieved by running:
+
+```bash
+docker-compose pull
+docker-compose up -d
+```
+
+This will fetch the latest version of the container, redeploy if a newer version exists, and then apply any database migrations if applicable. No data should be lost by this operation.
+
+#### Stopping the Container
+
+From the source directory you started from run:
+
+```bash
+docker-compose down
+```
--- a/clamav-whitelist
+++ b/clamav-whitelist
+Multios.Trojan.ElectroRAT-9823393-0
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "mitre/saf/heimdall2"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dso.mil
+tags:
+- "2.4.8"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "opensource/nodejs/nodejs14"
+  BASE_TAG: "14.17.0"
+
+# Docker image labels
+labels:
+  # Name of the image
+  org.opencontainers.image.title: "heimdall2"
+  # Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "MITRE Heimdall2 Enterprise Server"
+  # License(s) under which contained software is distributed
+  org.opencontainers.image.licenses: "Apache 2"
+  # URL to find more information on the image
+  org.opencontainers.image.url: "https://github.com/mitre/heimdall2"
+  # Name of the distributing entity, organization or individual
+  org.opencontainers.image.vendor: "MITRE"
+  # Authoritative version of the software
+  org.opencontainers.image.version: "2.4.8"
+  # Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "saf"
+  # This value can be "opensource" or "commercial"
+  mil.dso.ironbank.image.type: "opensource"
+  # Product the image belongs to for grouping multiple images
+  mil.dso.ironbank.product.name: "Heimdall2"
+
+# List of resources to make available to the offline build context
+resources:
+  # Official source of Yarn
+  - filename: yarn.tar.gz
+    url: https://github.com/yarnpkg/yarn/releases/download/v1.22.10/yarn-v1.22.10.tar.gz
+    validation:
+      type: sha256
+      value: 7e433d4a77e2c79e6a7ae4866782608a8e8bcad3ec6783580577c59538381a6e
+
+  # This is the official upstream docker image of Heimdall2
+  - tag: mitre/heimdall2:2.4.8
+    url: docker://docker.io/mitre/heimdall2@sha256:fe28f450161935947b219d81aa04cd1cdb1aac02b139f6e139d085a7dee6ef2c
+
+# List of project maintainers
+maintainers:
+- email: "rbclark@mitre.org"
+  # The name of the current container owner
+  name: "Robert Clark"
+  # The gitlab username of the current container owner
+  username: "rbclark"
--- a/renovate.json
+++ b/renovate.json
+{
+  "assignees": [
+    "@rbclark"
+  ],
+  "baseBranches": [
+    "development"
+  ],
+  "regexManagers": [{
+      "fileMatch": [
+        "^Dockerfile$"
+      ],
+      "matchStrings": [
+        "version=\"(?<currentValue>.*?)\""
+      ],
+      "depNameTemplate": "mitre/heimdall2",
+      "datasourceTemplate": "docker"
+    },
+    {
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
+      "matchStrings": [
+        "org\\.opencontainers\\.image\\.version:\\s+\"(?<currentValue>.+?)\""
+      ],
+      "depNameTemplate": "mitre/heimdall2",
+      "datasourceTemplate": "docker"
+    },
+    {
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
+      "matchStrings": [
+        "tags:\\s+-\\s+\"(?<currentValue>.+?)\""
+      ],
+      "depNameTemplate": "mitre/heimdall2",
+      "datasourceTemplate": "docker"
+    }
+  ]
+}
--- a/scripts/docker-entrypoint.sh
+++ b/scripts/docker-entrypoint.sh
+#!/bin/sh
+set -e
+yarn backend sequelize-cli db:migrate
+yarn backend sequelize-cli db:seed:all
+yarn backend start