fix: goreleaser ci permissions (#1105)

.github/workflows/goreleaser.yml

@@ -7,6 +7,8 @@ on:
 
 permissions:
   contents: write
+  id-token: write
+  packages: write
 
 jobs:
   goreleaser:

.goreleaser.yaml

@@ -11,6 +11,15 @@ builds:
       - linux
       - darwin
 
+dockers:
+  - ids: [ catalyst ]
+    dockerfile: docker/goreleaser.Dockerfile
+    image_templates:
+      - "ghcr.io/securitybrewery/catalyst:latest"
+      - "ghcr.io/securitybrewery/catalyst:{{.Tag}}"
+      - "ghcr.io/securitybrewery/catalyst:v{{.Major}}"
+      - "ghcr.io/securitybrewery/catalyst:v{{.Major}}.{{.Minor}}"
+
 archives:
   - format: tar.gz
     # this name template makes the OS and Arch compatible with the results of `uname`.

Makefile

@@ -57,6 +57,6 @@ dev-10000:
 	go run . fake-data --users 100 --tickets 10000
 	go run . serve
 
-.PHONY: dev-ui
+.PHONY: serve-ui
 serve-ui:
 	cd ui && bun dev --port 3000

docker/Dockerfile

@@ -0,0 +1,24 @@
+FROM oven/bun:debian
+RUN apt-get update && apt-get install -y make
+COPY .. /tmp/catalyst
+
+WORKDIR /tmp/catalyst
+
+RUN make build-ui
+
+FROM golang:1.23
+COPY --from=0 /tmp/catalyst /tmp/catalyst
+
+WORKDIR /tmp/catalyst
+
+RUN go build -o /usr/local/bin/catalyst
+
+FROM ubuntu:24.04
+
+COPY --from=1 /usr/local/bin/catalyst /usr/local/bin/catalyst
+
+EXPOSE 8080
+
+VOLUME /usr/local/bin/catalyst_data
+
+CMD ["/usr/local/bin/catalyst", "serve", "--http", "0.0.0.0:8080"]

docker/goreleaser.Dockerfile

@@ -0,0 +1,9 @@
+FROM ubuntu:24.04
+
+COPY catalyst /usr/local/bin/catalyst
+
+EXPOSE 8080
+
+VOLUME /usr/local/bin/catalyst_data
+
+CMD ["/usr/local/bin/catalyst", "serve", "--http", "0.0.0.0:8080"]

fakedata/records.go

@@ -316,7 +316,7 @@ func reactionRecords(dao *daos.Dao) []*models.Record {
 
 	record := models.NewRecord(collection)
 	record.SetId("w_" + security.PseudorandomString(10))
-	record.Set("name", "Test Reaction")
+	record.Set("name", "Alert Ingest Webhook")
 	record.Set("trigger", "webhook")
 	record.Set("triggerdata", triggerWebhook)
 	record.Set("action", "python")
@@ -334,7 +334,7 @@ func reactionRecords(dao *daos.Dao) []*models.Record {
 
 	record = models.NewRecord(collection)
 	record.SetId("w_" + security.PseudorandomString(10))
-	record.Set("name", "Test Reaction 2")
+	record.Set("name", "Assign new Tickets")
 	record.Set("trigger", "hook")
 	record.Set("triggerdata", triggerHook)
 	record.Set("action", "python")

go.mod

@@ -11,6 +11,7 @@ require (
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
 	github.com/tidwall/sjson v1.2.5
+	go.uber.org/multierr v1.11.0
 )
 
 require (

go.sum

@@ -229,6 +229,8 @@ go.opentelemetry.io/otel/metric v1.25.0 h1:LUKbS7ArpFL/I2jJHdJcqMGxkRdxpPHE0VU/D
 go.opentelemetry.io/otel/metric v1.25.0/go.mod h1:rkDLUSd2lC5lq2dFNrX9LGAbINP5B7WBkC78RXCpH5s=
 go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1Dq6RM=
 go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 gocloud.dev v0.37.0 h1:XF1rN6R0qZI/9DYjN16Uy0durAmSlf58DHOcb28GPro=
 gocloud.dev v0.37.0/go.mod h1:7/O4kqdInCNsc6LqgmuFnS0GRew4XNNYWpA44yQnwco=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=

reaction/trigger/hook/hook.go

@@ -14,6 +14,7 @@ import (
 	"github.com/pocketbase/pocketbase/core"
 	"github.com/pocketbase/pocketbase/daos"
 	"github.com/pocketbase/pocketbase/models"
+	"go.uber.org/multierr"
 
 	"github.com/SecurityBrewery/catalyst/migrations"
 	"github.com/SecurityBrewery/catalyst/reaction/action"
@@ -70,43 +71,49 @@ func runHook(ctx context.Context, app core.App, collection, event string, record
 		return fmt.Errorf("failed to marshal webhook payload: %w", err)
 	}
 
-	hook, found, err := findByHookTrigger(app.Dao(), collection, event)
+	hooks, err := findByHookTrigger(app.Dao(), collection, event)
 	if err != nil {
 		return fmt.Errorf("failed to find hook by trigger: %w", err)
 	}
 
-	if !found {
+	if len(hooks) == 0 {
 		return nil
 	}
 
-	_, err = action.Run(ctx, app, hook.GetString("action"), hook.GetString("actiondata"), string(payload))
+	var errs error
-	if err != nil {
+
-		return fmt.Errorf("failed to run hook reaction: %w", err)
+	for _, hook := range hooks {
+		_, err = action.Run(ctx, app, hook.GetString("action"), hook.GetString("actiondata"), string(payload))
+		if err != nil {
+			errs = multierr.Append(errs, fmt.Errorf("failed to run hook reaction: %w", err))
+		}
 	}
 
-	return nil
+	return errs
 }
 
-func findByHookTrigger(dao *daos.Dao, collection, event string) (*models.Record, bool, error) {
+func findByHookTrigger(dao *daos.Dao, collection, event string) ([]*models.Record, error) {
 	records, err := dao.FindRecordsByExpr(migrations.ReactionCollectionName, dbx.HashExp{"trigger": "hook"})
 	if err != nil {
-		return nil, false, fmt.Errorf("failed to find hook reaction: %w", err)
+		return nil, fmt.Errorf("failed to find hook reaction: %w", err)
 	}
 
 	if len(records) == 0 {
-		return nil, false, nil
+		return nil, nil
 	}
 
+	var matchedRecords []*models.Record
+
 	for _, record := range records {
 		var hook Hook
 		if err := json.Unmarshal([]byte(record.GetString("triggerdata")), &hook); err != nil {
-			return nil, false, err
+			return nil, err
 		}
 
 		if slices.Contains(hook.Collections, collection) && slices.Contains(hook.Events, event) {
-			return record, true, nil
+			matchedRecords = append(matchedRecords, record)
 		}
 	}
 
-	return nil, false, nil
+	return matchedRecords, nil
 }

ui/package.json

@@ -28,6 +28,7 @@
     "date-fns": "^3.6.0",
     "easymde": "^2.18.0",
     "lodash.debounce": "^4.0.8",
+    "lodash.isequal": "^4.5.0",
     "lucide-vue-next": "^0.365.0",
     "marked": "^12.0.2",
     "pinia": "^2.1.7",
@@ -48,6 +49,7 @@
     "@trivago/prettier-plugin-sort-imports": "^4.3.0",
     "@tsconfig/node20": "^20.1.2",
     "@types/lodash.debounce": "^4.0.9",
+    "@types/lodash.isequal": "^4.5.8",
     "@types/node": "^20.11.28",
     "@vitejs/plugin-vue": "^5.0.4",
     "@vue/eslint-config-prettier": "^8.0.0",

ui/src/components/form/JSONSchemaFormFields.vue

@@ -11,6 +11,7 @@ import {
   SelectValue
 } from '@/components/ui/select'
 
+import isEqual from 'lodash.isequal'
 import { onMounted, ref, watch } from 'vue'
 
 import type { JSONSchema } from '@/lib/types'
@@ -34,6 +35,11 @@ onMounted(() => {
 watch(
   () => formdata.value,
   () => {
+    const normFormdata = JSON.parse(JSON.stringify(formdata.value))
+    const normModel = JSON.parse(JSON.stringify(model.value))
+
+    if (isEqual(normFormdata, normModel)) return
+
     model.value = { ...formdata.value }
   },
   { deep: true }

ui/src/components/reaction/ReactionForm.vue

@@ -227,7 +227,7 @@ const curlExample = computed(() => {
   let cmd = `curl`
 
   if (values.triggerdata.token) {
-    cmd += ` -H "Auth: Bearer ${values.triggerdata.token}"`
+    cmd += ` -H "Authorization: Bearer ${values.triggerdata.token}"`
   }
 
   if (values.triggerdata.path) {