happyDomain/checker-xmpp
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: happyDomain:master
Branches Tags
happyDomain:master
happyDomain:v0.2.0
happyDomain:v0.1.0
..
compare: happyDomain:v0.2.0
Branches Tags
happyDomain:master
happyDomain:v0.2.0
happyDomain:v0.1.0

No commits in common. "master" and "v0.2.0" have entirely different histories.
master ... v0.2.0

3 changed files with 0 additions and 224 deletions
Download patch file Download diff file Expand all files Collapse all files

22
.drone-manifest.yml
View file

@ -1,22 +0,0 @@
image: happydomain/checker-xmpp:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
{{#if build.tags}}
tags:
{{#each build.tags}}
- {{this}}
{{/each}}
{{/if}}
manifests:
- image: happydomain/checker-xmpp:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
platform:
architecture: amd64
os: linux
- image: happydomain/checker-xmpp:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
platform:
architecture: arm64
os: linux
variant: v8
- image: happydomain/checker-xmpp:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
platform:
architecture: arm
os: linux
variant: v7

187
.drone.yml
View file

@ -1,187 +0,0 @@
---
kind: pipeline
type: docker
name: build-amd64
platform:
os: linux
arch: amd64
steps:
- name: checker build
image: golang:1-alpine
commands:
- apk add --no-cache git make
- make
environment:
CHECKER_VERSION: "${DRONE_BRANCH}-${DRONE_COMMIT}"
CGO_ENABLED: 0
when:
event:
exclude:
- tag
- name: checker build tag
image: golang:1-alpine
commands:
- apk add --no-cache git make
- make
environment:
CHECKER_VERSION: "${DRONE_SEMVER}"
CGO_ENABLED: 0
when:
event:
- tag
- name: publish on Docker Hub
image: plugins/docker
settings:
repo: happydomain/checker-xmpp
auto_tag: true
auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
dockerfile: Dockerfile
build_args:
- CHECKER_VERSION=${DRONE_BRANCH}-${DRONE_COMMIT}
username:
from_secret: docker_username
password:
from_secret: docker_password
when:
event:
exclude:
- tag
- name: publish on Docker Hub (tag)
image: plugins/docker
settings:
repo: happydomain/checker-xmpp
auto_tag: true
auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
dockerfile: Dockerfile
build_args:
- CHECKER_VERSION=${DRONE_SEMVER}
username:
from_secret: docker_username
password:
from_secret: docker_password
when:
event:
- tag
trigger:
branch:
exclude:
- renovate/*
event:
- cron
- push
- tag
---
kind: pipeline
type: docker
name: build-arm64
platform:
os: linux
arch: arm64
steps:
- name: checker build
image: golang:1-alpine
commands:
- apk add --no-cache git make
- make
environment:
CHECKER_VERSION: "${DRONE_BRANCH}-${DRONE_COMMIT}"
CGO_ENABLED: 0
when:
event:
exclude:
- tag
- name: checker build tag
image: golang:1-alpine
commands:
- apk add --no-cache git make
- make
environment:
CHECKER_VERSION: "${DRONE_SEMVER}"
CGO_ENABLED: 0
when:
event:
- tag
- name: publish on Docker Hub
image: plugins/docker
settings:
repo: happydomain/checker-xmpp
auto_tag: true
auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
dockerfile: Dockerfile
build_args:
- CHECKER_VERSION=${DRONE_BRANCH}-${DRONE_COMMIT}
username:
from_secret: docker_username
password:
from_secret: docker_password
when:
event:
exclude:
- tag
- name: publish on Docker Hub (tag)
image: plugins/docker
settings:
repo: happydomain/checker-xmpp
auto_tag: true
auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
dockerfile: Dockerfile
build_args:
- CHECKER_VERSION=${DRONE_SEMVER}
username:
from_secret: docker_username
password:
from_secret: docker_password
when:
event:
- tag
trigger:
event:
- cron
- push
- tag
---
kind: pipeline
name: docker-manifest
platform:
os: linux
arch: arm64
steps:
- name: publish on Docker Hub
image: plugins/manifest
settings:
auto_tag: true
ignore_missing: true
spec: .drone-manifest.yml
username:
from_secret: docker_username
password:
from_secret: docker_password
trigger:
branch:
exclude:
- renovate/*
event:
- cron
- push
- tag
depends_on:
- build-amd64
- build-arm64

15
README.md
View file

@ -82,21 +82,6 @@ make plugin
Applies to services of type `abstract.XMPP`. Applies to services of type `abstract.XMPP`.
## Rules
| Code | Description | Severity |
|----------------------------|-------------------------------------------------------------------------------------------------------------------|---------------------|
| `xmpp.srv_c2s` | Verifies that client-to-server SRV records (_xmpp-client / _xmpps-client / _jabber) are published and resolvable. | CRITICAL |
| `xmpp.srv_s2s` | Verifies that server-to-server SRV records (_xmpp-server / _xmpps-server) are published and resolvable. | CRITICAL |
| `xmpp.c2s_reachable` | Verifies that at least one client-to-server endpoint accepts TCP and completes TLS. | CRITICAL |
| `xmpp.s2s_reachable` | Verifies that at least one server-to-server endpoint accepts TCP and completes TLS. | CRITICAL |
| `xmpp.starttls_required` | Verifies that STARTTLS is advertised and required on every reachable c2s/s2s endpoint. | CRITICAL |
| `xmpp.sasl_mechanisms` | Reviews the c2s SASL mechanisms offer (presence of SCRAM, absence of password-equivalent PLAIN-only). | CRITICAL |
| `xmpp.s2s_dialback` | Verifies that s2s endpoints advertise dialback or SASL EXTERNAL after TLS (federation auth). | CRITICAL |
| `xmpp.ipv6_reachable` | Flags deployments that are only reachable over IPv4. | INFO |
| `xmpp.direct_tls` | Flags c2s deployments that do not publish XEP-0368 direct-TLS SRV records. | INFO |
| `xmpp.tls_quality` | Folds the downstream TLS checker findings (certificate chain, hostname match, expiry) onto the XMPP service. | CRITICAL |
## License ## License
MIT (see `LICENSE`). Third-party attributions in `NOTICE`. MIT (see `LICENSE`). Third-party attributions in `NOTICE`.