-
-
Notifications
You must be signed in to change notification settings - Fork 546
Expand file tree
/
Copy pathDockerfile.web
More file actions
54 lines (54 loc) · 3.29 KB
/
Dockerfile.web
File metadata and controls
54 lines (54 loc) · 3.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
FROM jeroenwillemsen/wrongsecrets:1.13.2-no-vault
ARG argBasedVersion="1.13.2-no-vault"
ARG spring_profile="without-vault"
ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
ARG CTF_ENABLED=false
ARG HINTS_ENABLED=true
ARG CHALLENGE_ACHT_CTF_HOST_VALUE="not_set"
ARG CHALLENGE_THIRTY_HOST_VALUE="not_set"
ARG challenge59_webhook_url="YUhSMGNITTZMeTlvYjI5cmN5NXpiR0ZqYXk1amIyMHZjMlZ5ZG1salpYTXZWREEwVkRRd1RraFlMMEl3T1VSQlRrb3lUamRMTDJNeWFqYzFSVEUzVjFrd2NFeE5SRXRvU0RsbGQzZzBhdz09"
ENV CHALLENGE59_SLACK_WEBHOOK_URL=$challenge59_webhook_url
ARG CHALLENGE_RANDO_KEY_CTF_TO_PROVIDE_TO_HOST="not_set"
#ONLY OVERRIDE THE ARGS BELOW WHEN YOU ARE SETTING UP A CTF!
ARG CTF_KEY=TRwzkRJnHOTckssAeyJbysWgP!Qc2T
ARG CHALLENGE_5_VALUE=if_you_see_this_please_use_k8s
ARG CHALLENGE_6_VALUE=if_you_see_this_please_use_k8s
ARG CHALLENGE_7_VALUE=if_you_see_this_please_use_K8S_and_Vault
ARG CHALLENGE_9_VALUE=if_you_see_this_please_use_AWS_Setup
ARG CHALLENGE_10_VALUE=if_you_see_this_please_use
ARG CHALLENGE_11_VALUE=if_you_see_this_please_use
ENV APP_VERSION=$argBasedVersion
ENV K8S_ENV=Heroku(Docker)
ENV canarytokenURLs=$CANARY_URLS
ENV ctf_enabled=$CTF_ENABLED
ENV ctf_key=$CTF_KEY
ENV SPRING_PROFILES_ACTIVE=$spring_profile
ENV hints_enabled=$HINTS_ENABLED
ENV challengedockermtpath="/var/helpers"
ENV keepasspath="/var/helpers/alibabacreds.kdbx"
ENV SPECIAL_K8S_SECRET=$CHALLENGE_5_VALUE
ENV SPECIAL_SPECIAL_K8S_SECRET=$CHALLENGE_6_VALUE
ENV vaultpassword=$CHALLENGE_7_VALUE
ENV challenge_acht_ctf_host_value=$CHALLENGE_ACHT_CTF_HOST_VALUE
ENV challenge_thirty_ctf_to_provide_to_host_value=$CHALLENGE_THIRTY_HOST_VALUE
ENV challenge_rando_key_ctf_to_provide_to_host_value=$CHALLENGE_RANDO_KEY_CTF_TO_PROVIDE_TO_HOST
ENV CHALLENGE59_SLACK_WEBHOOK_URL=$CHALLENGE59_SLACK_WEBHOOK_URL
ENV default_aws_value_challenge_9=$CHALLENGE_9_VALUE
ENV default_aws_value_challenge_10=$CHALLENGE_10_VALUE
ENV default_aws_value_challenge_11=$CHALLENGE_11_VALUE
ENV BASTIONHOSTPATH="/home/wrongsecrets/.ssh"
ENV PROJECTSPECPATH="/var/helpers/project-specification.mdc"
ENV funnybunny="This is a funny bunny"
ARG GOOGLE_SERVICE_ACCOUNT_KEY="if_you_see_this_configure_the_google_service_account_properly"
ARG GOOGLE_DRIVE_DOCUMENT_ID="1PlZkwEd7GouyY4cdOxBuczm6XumQeuZN31LR2BXRgPs"
ENV GOOGLE_SERVICE_ACCOUNT_KEY=$GOOGLE_SERVICE_ACCOUNT_KEY
ENV GOOGLE_DRIVE_DOCUMENT_ID=$GOOGLE_DRIVE_DOCUMENT_ID
# Keep memory usage within Heroku dyno limits (512MB dyno).
# Hard cap heap to 250M, metaspace to 60M, disable expensive GC, exit on OOM immediately.
ENV JAVA_TOOL_OPTIONS="-Xmx250M -Xms128M -XX:MetaspaceSize=40M -XX:MaxMetaspaceSize=60M -XX:CompressedClassSpaceSize=32M -XX:+UseG1GC -XX:MaxGCPauseMillis=50 -XX:+ExitOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp/heapdump.hprof"
# Deploy WrongSecrets to Heroku
COPY .github/scripts/ /var/helpers
COPY src/test/resources/alibabacreds.kdbx /var/helpers
COPY src/test/resources/RSAprivatekey.pem /var/helpers
COPY .ssh/ /home/wrongsecrets/.ssh/
CMD ["/bin/sh", "-c", "java ${JAVA_TOOL_OPTIONS} -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=${SPRING_PROFILES_ACTIVE} -Dserver.port=${PORT} -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -jar application.jar"]