Skip to content

Commit 7b43c8f

Browse files
authored
Merge pull request #44 from Hamstring-NDR/dev
Dev
2 parents 9135eee + a08cc13 commit 7b43c8f

13 files changed

Lines changed: 80 additions & 88 deletions

.github/workflows/publish_dev.yml

Lines changed: 32 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
name: Publish Docker Images (dev)
22

3-
# Triggers on direct pushes to the 'dev' branch, which includes PR merges.
43
on:
5-
push:
4+
pull_request_target:
5+
types: [ closed ]
66
branches: [ "dev" ]
77

88
env:
@@ -11,41 +11,48 @@ env:
1111
jobs:
1212
bump-version:
1313
name: Bump VERSION file
14+
if: github.event.pull_request.merged == true
1415
runs-on: ubuntu-latest
1516
permissions:
1617
contents: write # needed to push the updated VERSION file back
1718
outputs:
1819
new_version: ${{ steps.bump.outputs.version }}
20+
version_changed: ${{ steps.bump.outputs.changed }}
1921

2022
steps:
2123
- name: Checkout repository
2224
uses: actions/checkout@v4
2325
with:
2426
token: ${{ secrets.PIPELINE_PAT }}
27+
ref: ${{ github.event.pull_request.base.ref }}
2528
fetch-depth: 0
2629

2730
- name: Detect source branch and bump version
2831
id: bump
2932
run: |
30-
# ── Detect source branch from merge commit subject ──────────────────
31-
# Standard merge commit message: "Merge branch 'feature/foo' into dev"
32-
MERGE_SUBJECT="$(git log --merges -1 --pretty=%s HEAD)"
33-
echo "Merge subject: ${MERGE_SUBJECT}"
34-
35-
SOURCE=$(echo "$MERGE_SUBJECT" | sed -n "s/Merge branch '\([^']*\)'.*/\1/p")
36-
SOURCE="${SOURCE#origin/}" # strip remote prefix if present
33+
SOURCE="${{ github.event.pull_request.head.ref }}"
3734
3835
if [[ -z "$SOURCE" ]]; then
3936
SOURCE="unknown"
40-
echo "::warning::Could not detect source branch; defaulting to 'unknown' (no bump)."
37+
echo "::warning::Could not detect source branch from pull request metadata; defaulting to 'unknown' (no bump)."
4138
fi
4239
echo "Detected source branch: ${SOURCE}"
4340
4441
# ── Read and parse current VERSION ──────────────────────────────────
4542
RAW="$(cat VERSION | tr -d '[:space:]')"
46-
CLEAN="${RAW#v}" # strip leading v
47-
CLEAN="${CLEAN%-dev}" # strip any existing -dev suffix
48-
IFS='.' read -r MAJOR MINOR PATCH <<< "$CLEAN"
43+
CLEAN="${RAW#v}" # strip leading v
44+
while [[ "$CLEAN" == *-dev ]]; do
45+
CLEAN="${CLEAN%-dev}"
46+
done
47+
48+
if [[ ! "$CLEAN" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
49+
echo "::error::VERSION must be in the form v<major>.<minor>.<patch>[-dev], got '${RAW}'"
50+
exit 1
51+
fi
52+
53+
MAJOR="${BASH_REMATCH[1]}"
54+
MINOR="${BASH_REMATCH[2]}"
55+
PATCH="${BASH_REMATCH[3]}"
4956
5057
# ── Apply bump based on branch prefix ────────────────────────────────
5158
PREFIX="${SOURCE%%/*}"
@@ -69,18 +76,29 @@ jobs:
6976
echo "${NEW_VERSION}" > VERSION
7077
7178
echo "version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
79+
if [[ "$RAW" != "$NEW_VERSION" ]]; then
80+
echo "changed=true" >> "$GITHUB_OUTPUT"
81+
else
82+
echo "changed=false" >> "$GITHUB_OUTPUT"
83+
fi
7284
echo "New version: ${NEW_VERSION}"
7385
7486
- name: Commit and push updated VERSION
87+
if: steps.bump.outputs.changed == 'true'
7588
run: |
7689
git config user.name "github-actions[bot]"
7790
git config user.email "github-actions[bot]@users.noreply.github.com"
7891
git add VERSION
92+
if git diff --cached --quiet; then
93+
echo "No VERSION changes to commit."
94+
exit 0
95+
fi
7996
git commit -m "chore: bump version to ${{ steps.bump.outputs.version }} [skip ci]"
8097
git push
8198
8299
build-and-push:
83100
name: Build & Push ${{ matrix.container }}
101+
if: github.event.pull_request.merged == true
84102
needs: bump-version
85103
runs-on: ubuntu-latest
86104
strategy:
@@ -103,7 +121,7 @@ jobs:
103121
- name: Checkout repository
104122
uses: actions/checkout@v4
105123
with:
106-
ref: dev # pick up the commit that includes the updated VERSION
124+
ref: ${{ github.event.pull_request.base.ref }}
107125

108126
- name: Setup Docker buildx
109127
uses: docker/setup-buildx-action@v3

.github/workflows/publish_main.yml

Lines changed: 36 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
name: Publish Docker Images (main)
22

3-
# Triggers on direct pushes to 'main', which includes PR/merge-commit merges.
43
on:
5-
push:
4+
pull_request_target:
5+
types: [ closed ]
66
branches: [ "main" ]
77

88
env:
@@ -11,41 +11,48 @@ env:
1111
jobs:
1212
bump-version:
1313
name: Bump VERSION file
14+
if: github.event.pull_request.merged == true
1415
runs-on: ubuntu-latest
1516
permissions:
1617
contents: write # needed to push back VERSION + Git tag
1718
outputs:
1819
new_version: ${{ steps.bump.outputs.version }}
20+
version_changed: ${{ steps.bump.outputs.changed }}
1921

2022
steps:
2123
- name: Checkout repository
2224
uses: actions/checkout@v4
2325
with:
2426
token: ${{ secrets.PIPELINE_PAT }}
27+
ref: ${{ github.event.pull_request.base.ref }}
2528
fetch-depth: 0
2629

2730
- name: Detect source branch and bump version
2831
id: bump
2932
run: |
30-
# ── Detect source branch from merge commit subject ──────────────────
31-
# Standard merge commit message: "Merge branch 'feature/foo' into main"
32-
MERGE_SUBJECT="$(git log --merges -1 --pretty=%s HEAD)"
33-
echo "Merge subject: ${MERGE_SUBJECT}"
34-
35-
SOURCE=$(echo "$MERGE_SUBJECT" | sed -n "s/Merge branch '\([^']*\)'.*/\1/p")
36-
SOURCE="${SOURCE#origin/}" # strip remote prefix if present
33+
SOURCE="${{ github.event.pull_request.head.ref }}"
3734
3835
if [[ -z "$SOURCE" ]]; then
3936
SOURCE="unknown"
40-
echo "::warning::Could not detect source branch; defaulting to 'unknown' (no bump)."
37+
echo "::warning::Could not detect source branch from pull request metadata; defaulting to 'unknown' (no bump)."
4138
fi
4239
echo "Detected source branch: ${SOURCE}"
4340
4441
# ── Read and parse current VERSION ──────────────────────────────────
4542
RAW="$(cat VERSION | tr -d '[:space:]')"
46-
CLEAN="${RAW#v}" # strip leading v
47-
CLEAN="${CLEAN%-dev}" # strip any existing -dev suffix
48-
IFS='.' read -r MAJOR MINOR PATCH <<< "$CLEAN"
43+
CLEAN="${RAW#v}" # strip leading v
44+
while [[ "$CLEAN" == *-dev ]]; do
45+
CLEAN="${CLEAN%-dev}"
46+
done
47+
48+
if [[ ! "$CLEAN" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
49+
echo "::error::VERSION must be in the form v<major>.<minor>.<patch>[-dev], got '${RAW}'"
50+
exit 1
51+
fi
52+
53+
MAJOR="${BASH_REMATCH[1]}"
54+
MINOR="${BASH_REMATCH[2]}"
55+
PATCH="${BASH_REMATCH[3]}"
4956
5057
# ── Decide bump strategy ─────────────────────────────────────────────
5158
# When the source branch is 'dev', the version was already incremented
@@ -74,23 +81,38 @@ jobs:
7481
echo "${NEW_VERSION}" > VERSION
7582
7683
echo "version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
84+
if [[ "$RAW" != "$NEW_VERSION" ]]; then
85+
echo "changed=true" >> "$GITHUB_OUTPUT"
86+
else
87+
echo "changed=false" >> "$GITHUB_OUTPUT"
88+
fi
7789
echo "New version: ${NEW_VERSION}"
7890
7991
- name: Commit and push updated VERSION
92+
if: steps.bump.outputs.changed == 'true'
8093
run: |
8194
git config user.name "github-actions[bot]"
8295
git config user.email "github-actions[bot]@users.noreply.github.com"
8396
git add VERSION
97+
if git diff --cached --quiet; then
98+
echo "No VERSION changes to commit."
99+
exit 0
100+
fi
84101
git commit -m "chore: release ${{ steps.bump.outputs.version }} [skip ci]"
85102
git push
86103
87104
- name: Create and push Git release tag
88105
run: |
106+
if git rev-parse -q --verify "refs/tags/${{ steps.bump.outputs.version }}" >/dev/null 2>&1; then
107+
echo "Tag '${{ steps.bump.outputs.version }}' already exists; skipping."
108+
exit 0
109+
fi
89110
git tag "${{ steps.bump.outputs.version }}"
90111
git push origin "${{ steps.bump.outputs.version }}"
91112
92113
build-and-push:
93114
name: Build & Push ${{ matrix.container }}
115+
if: github.event.pull_request.merged == true
94116
needs: bump-version
95117
runs-on: ubuntu-latest
96118
strategy:
@@ -113,7 +135,7 @@ jobs:
113135
- name: Checkout repository
114136
uses: actions/checkout@v4
115137
with:
116-
ref: main # pick up the commit that includes the updated VERSION
138+
ref: ${{ github.event.pull_request.base.ref }}
117139

118140
- name: Derive partial version tags
119141
id: version

README.md

Lines changed: 7 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -43,33 +43,29 @@
4343
<a href="https://github.com/hamstring-ndr/hamstring/actions/workflows/build_test_macos.yml">
4444
<img src="https://img.shields.io/github/actions/workflow/status/hamstring-ndr/hamstring/build_test_macos.yml?branch=main&logo=apple&style=for-the-badge&label=macos" alt="MacOS WorkFlows" />
4545
</a>
46-
<a href="https://github.com/hamstring-ndr/hamstring/actions/workflows/build_test_windows.yml">
47-
<img src="https://img.shields.io/github/actions/workflow/status/hamstring-ndr/hamstring/build_test_windows.yml?branch=main&logo=windows&style=for-the-badge&label=windows" alt="Windows WorkFlows" />
48-
</a>
4946
</td>
5047
</tr>
5148
</table>
5249

5350
## About the Project
5451

55-
![Pipeline overview](./assets/heidgaf_architecture.svg)
52+
![Pipeline overview](./assets/hamstring_architecture.svg)
5653

5754
## Getting Started
5855

5956
#### Run **HAMSTRING** using Docker Compose:
6057
```sh
6158
HOST_IP=127.0.0.1 docker compose -f docker/docker-compose.yml --profile prod up
6259
```
63-
<p align="center">
64-
<img src="https://raw.githubusercontent.com/hamstring-ndr/hamstring/main/assets/terminal_example.gif?raw=true" alt="Terminal example"/>
65-
</p>
66-
6760
#### Use the dev profile for testing out changes in docker containers:
6861
```sh
6962
HOST_IP=127.0.0.1 docker compose -f docker/docker-compose.yml --profile dev up
7063
```
64+
<p align="center">
65+
<img src="./assets/hamstring_terminal.gif" alt="Terminal example"/>
66+
</p>
67+
7168

72-
<p align="right">(<a href="#readme-top">back to top</a>)</p>
7369

7470

7571

@@ -85,7 +81,7 @@ possibly infrastructure.
8581

8682
The section `pipeline.log_collection.collector.logline_format` has to be adjusted to reflect your specific input log
8783
line format. Using our adjustable and flexible log line configuration, you can rename, reorder and fully configure each
88-
field of a valid log line. Freely define timestamps, RegEx patterns, lists, and IP addresses. For example, your
84+
field of a valid log line. You can freely define timestamps, RegEx patterns, lists, and IP addresses. For example, your
8985
configuration might look as follows:
9086

9187
```yml
@@ -187,24 +183,11 @@ Have a look at the following pictures showing examples of how these dashboards m
187183

188184
</details>
189185

190-
<p align="right">(<a href="#readme-top">back to top</a>)</p>
191-
192-
193186
## Models and Training
194187

195-
To train and test our and possibly your own models, we currently rely on the following datasets:
196-
197-
- [DGTA Benchmark](https://data.mendeley.com/datasets/2wzf9bz7xr/1)
198-
- [DNS Tunneling Queries for Binary Classification](https://data.mendeley.com/datasets/mzn9hvdcxg/1)
199-
- [UMUDGA - University of Murcia Domain Generation Algorithm Dataset](https://data.mendeley.com/datasets/y8ph45msv8/1)
200-
- [DGArchive](https://dgarchive.caad.fkie.fraunhofer.de/)
201-
- [DNS Exfiltration](https://data.mendeley.com/datasets/c4n7fckkz3/3)
202-
203-
We compute all features separately and only rely on the `domain` and `class` for binary classification.
204-
205188
### Inserting Data for Testing
206189

207-
For testing purposes, you can ingest PCAPs or tap on network interfaces using the zeek-based sensor in its `1.0.0` release. For more information on it, please refer to [the documentation](https://github.com/Hamstring-NDR/hamstring-zeek).
190+
For testing purposes, you can ingest PCAPs or tap on network interfaces using the zeek-based sensor that is integrated into the docker-compose file. For more information on the sensor, please refer to [the documentation](https://github.com/Hamstring-NDR/hamstring-zeek).
208191

209192
### Training Your Own Models
210193

@@ -260,33 +243,6 @@ The results will be saved per default to `./results`, if not configured otherwis
260243
```
261244
This will create a `rules.txt` file containing the innards of the model, explaining the rules it created.
262245

263-
<p align="right">(<a href="#readme-top">back to top</a>)</p>
264-
265-
266-
### Data
267-
268-
> [!IMPORTANT]
269-
> We support custom schemes.
270-
271-
Depending on your data and usecase, you can customize the data scheme to fit your needs.
272-
The below configuration is part of the [main configuration file](./config.yaml) which is detailed in our [documentation](https://HAMSTRING.readthedocs.io/en/latest/usage.html#id2)
273-
274-
```yml
275-
loglines:
276-
fields:
277-
- [ "timestamp", RegEx, '^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z$' ]
278-
- [ "status_code", ListItem, [ "NOERROR", "NXDOMAIN" ], [ "NXDOMAIN" ] ]
279-
- [ "src_ip", IpAddress ]
280-
- [ "dns_server_ip", IpAddress ]
281-
- [ "domain_name", RegEx, '^(?=.{1,253}$)((?!-)[A-Za-z0-9-]{1,63}(?<!-)\.)+[A-Za-z]{2,63}$' ]
282-
- [ "record_type", ListItem, [ "A", "AAAA" ] ]
283-
- [ "response_ip", IpAddress ]
284-
- [ "size", RegEx, '^\d+b$' ]
285-
```
286-
287-
288-
289-
<p align="right">(<a href="#readme-top">back to top</a>)</p>
290246

291247
<!-- CONTRIBUTING -->
292248
## Contributing
@@ -305,16 +261,12 @@ Don't forget to give the project a star! Thanks again!
305261
</a>
306262

307263

308-
<p align="right">(<a href="#readme-top">back to top</a>)</p>
309-
310264
<!-- LICENSE -->
311265

312266
## License
313267

314268
Distributed under the EUPL License. See `LICENSE.txt` for more information.
315269

316-
<p align="right">(<a href="#readme-top">back to top</a>)</p>
317-
318270

319271
<!-- MARKDOWN LINKS & IMAGES -->
320272
<!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->

assets/hamstring_terminal.gif

2.75 MB
Loading

assets/terminal_example.gif

-312 KB
Binary file not shown.

docker/docker-compose/prod/docker-compose.monitoring.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
services:
22
monitoring_agent:
3-
image: ghcr.io/hamstring-ndr/hamstring-monitoring:v1.0.0
3+
image: ghcr.io/hamstring-ndr/hamstring-monitoring:v2.0.0
44
restart: "unless-stopped"
55
volumes:
66
- ../../../config.yaml:/app/config.yaml
71.9 KB
Loading

docs/media/hamstring_architecture.svg

Lines changed: 4 additions & 0 deletions
Loading

docs/media/heidgaf_architecture.svg

Lines changed: 0 additions & 4 deletions
This file was deleted.

0 commit comments

Comments
 (0)