Redis Mo Demo #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Redis Mo Demo | |
| on: | |
| schedule: | |
| - cron: '0 5 * * *' | |
| workflow_dispatch: | |
| permissions: read-all | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| environment: mo-cicd | |
| steps: | |
| - name: install the RapidFort CLI tools | |
| run: | | |
| mkdir -p rapidfort_cli | |
| cd rapidfort_cli | |
| curl https://mo.rapidfort.com/cli/rapidfort_cli-$(curl https://mo.rapidfort.com/cli/VERSION).tar.gz -o rapidfort_cli-$(curl https://mo.rapidfort.com/cli/VERSION).tar.gz | |
| tar -xzpvf rapidfort_cli-$(curl https://mo.rapidfort.com/cli/VERSION).tar.gz | |
| ls -al .rapidfort_RtmF | |
| echo "PATH=$PATH:$(pwd)" >> $GITHUB_ENV | |
| cd - | |
| - name: authenticate | |
| env: | |
| RF_ROOT_URL: https://mo.rapidfort.com | |
| RF_ACCESS_ID: ${{ secrets.RF_ACCESS_ID }} | |
| RF_SECRET_ACCESS_KEY: ${{ secrets.RF_SECRET_ACCESS_KEY }} | |
| run: rflogin | |
| - name: pull the latest Redis image | |
| run: docker pull redis:latest | |
| - name: run rfstub to generate the stub. this creates a new image, redis:latest-rfstub | |
| run: rfstub redis:latest | |
| - name: run the stub. add the SYS_PTRACE capability so that RapidFort can trace the runtime behavior | |
| run: | | |
| docker run --rm -i -p 6379:6379 --cap-add=SYS_PTRACE --name my-rf-test redis:latest-rfstub | |
| sleep 15 | |
| - name: run some tests to exercise the application. | |
| run: | | |
| curl https://raw.githubusercontent.com/rapidfort/community-images/main/community_images/common/tests/test.redis > test.redis | |
| docker cp test.redis my-rf-test:/tmp/test.redis | |
| docker exec -i my-rf-test /bin/bash -c "cat /tmp/test.redis | redis-cli --pipe" | |
| - name: stop the container | |
| run: docker stop my-rf-test | |
| - name: run rfharden to optimize and secure the image. this creates a new image, redis:latest-rfhardened | |
| run: rfharden redis:latest-rfstub | |
| - name: check out the various images we created | |
| run: docker images | grep redis | |
| - name: run the hardened image and test it again | |
| run: | | |
| docker run --rm -d -p 6379:6379 --name redis-hardened redis:latest-rfhardened | |
| sleep 15 | |
| docker cp test.redis redis-hardened:/tmp/test.redis | |
| docker exec -i redis-hardened /bin/bash -c "cat /tmp/test.redis | redis-cli --pipe" | |
| - name: for more information, please view the Getting Started documentation | |
| run: echo "https://docs.rapidfort.com/getting-started/docker" |