Over in my Discord we’ve got a cool bot referred to as ✨The Ultimate Hacking Bot✨
Really it is a bot that has a set of pentesting instruments one could discover helpful.
With many instruments come many points… Dependency points…
If one among our many dependencies up to date, our course of was:
- Update the dependency in Rust
- Build the Docker picture
- Push it to a registry
Docker pull
on the serviceDocker compose up -d
to run it.
Every. Single. Time.
Here’s a fast information on how we mounted this!
The first step is updating the dependency.
We use Dependabot to robotically detect when packages replace and create pull requests for them.
BUT we needed to click on “merge” each time. We needed to automate that away too, so we constructed a GitHub motion to do that:
title: Dependabot auto-approve
on: pull_request
permissions:
pull-requests: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- title: Dependabot metadata
id: metadata
makes use of: dependabot/fetch-metadata@v1
with:
github-token: "${{ secrets and techniques.PERSONAL_TOKEN }}"
- title: Approve a PR
run: gh pr assessment --approve "$PR_URL"
env:
PR_URL: ${{github.occasion.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets and techniques.PERSONAL_TOKEN}}
This auto-approves and merges all Dependabot pull requests.
Second, we wish to robotically construct and publish the Docker picture.
Again, we used GitHub actions right here:
title: Publish Docker picture
on:
push:
branches:
- 'fundamental'
jobs:
push_to_registry:
title: Push Docker picture to Docker Hub
runs-on: ubuntu-latest
steps:
- title: Check out the repo
makes use of: actions/checkout@v3
- title: Log in to Docker Hub
makes use of: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
with:
username: ${{ secrets and techniques.DOCKER_USERNAME }}
password: ${{ secrets and techniques.DOCKER_PASSWORD }}
- title: Extract metadata (tags, labels) for Docker
id: meta
makes use of: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
photographs: my-docker-hub-namespace/my-docker-hub-repository
- title: Build and push Docker picture
makes use of: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
with:
context: .
file: ./Dockerfile
push: true
tags: autumnskerritt/discord-bot:newest
Now we’ve got the most recent picture pushed to Docker everytime a commit is merged to fundamental
department!
Now we have to replace and redeploy the picture on our server.
I created a script which pulls the picture down and runs Docker Rollout on it:
cd ~/discord-bot
docker pull autumnskerritt/ultimate-hacking-bot:newest
docker rollout -f docker-compose.yml discord_bot
I turned this right into a service:
[Unit]
Description=Discord Bot Updater
After=community.goal
StartLimitIntervalSec=0
[Service]
Type=easy
Restart=on-failure
RestartSec=1
User=autumn
ExecStart=/usr/bin/env sh /house/autumn/discord-bot/daily_script.sh
[Install]
WantedBy=multi-user.goal
Which runs at 4am on daily basis:
[Unit]
Description=Ensures the execution of the Discord bot updater on daily basis at 4:00 AM
[Timer]
OnCalendar=*-*-* 4:00:00
Unit=discord_bot_updater.service
[Install]
WantedBy=primary.goal
🥳 And now our bot is robotically updated with the most recent and best hacking instruments.
Hope you loved this and might use elements of it in your personal automated adventures 🙂
Fancy utilizing the bot your self? Come strive it at: