Add unzip to WSL additional-packages #7
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration Tests | |
| # Runs entirely on a single GitHub-hosted windows-latest runner. | |
| # AdaptixC2 and adaptix-testing run inside WSL2 (Ubuntu). | |
| # The beacon runs on the Windows host. | |
| # SSH delivery goes from WSL → Windows via the Hyper-V bridge IP. | |
| # Beacon callbacks go from Windows → WSL via the WSL veth IP. | |
| # All IPs are detected at runtime — no static config needed. | |
| # | |
| # Hardcoded CI credentials are intentional: these containers are | |
| # ephemeral, hold no real secrets, and only exist for testing. | |
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| ADAPTIXC2_REPO: Adaptix-Framework/AdaptixC2 | |
| ADAPTIXC2_VERSION: v1.2 | |
| CI_USER: ci_runner | |
| CI_PASS: Ci_Test_Pass1! | |
| CI_AGENT_DIR: 'C:\ci' | |
| CI_AGENT_PATH: 'C:\ci\agent.exe' | |
| jobs: | |
| integration-test: | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # ── Windows: CI user, OpenSSH, agent directory ────────────────────────── | |
| - name: Create CI user | |
| shell: powershell | |
| run: | | |
| $pass = ConvertTo-SecureString $env:CI_PASS -AsPlainText -Force | |
| if (-not (Get-LocalUser $env:CI_USER -ErrorAction SilentlyContinue)) { | |
| New-LocalUser $env:CI_USER -Password $pass -PasswordNeverExpires | |
| Add-LocalGroupMember -Group Administrators -Member $env:CI_USER | |
| } else { | |
| Set-LocalUser $env:CI_USER -Password $pass | |
| } | |
| - name: Start OpenSSH Server with password auth | |
| shell: powershell | |
| run: | | |
| $cap = Get-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
| if ($cap.State -ne 'Installed') { | |
| Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
| } | |
| Set-Service sshd -StartupType Automatic | |
| Start-Service sshd | |
| $cfg = "$env:ProgramData\ssh\sshd_config" | |
| (Get-Content $cfg) ` | |
| -replace '^#?PasswordAuthentication\s+\w+', 'PasswordAuthentication yes' | | |
| Set-Content $cfg | |
| Restart-Service sshd | |
| - name: Create agent drop directory | |
| shell: powershell | |
| run: New-Item -ItemType Directory -Force -Path $env:CI_AGENT_DIR | Out-Null | |
| # ── Download AdaptixC2 release to Windows filesystem ──────────────────── | |
| # (WSL extracts it from /mnt/c — avoids installing gh in WSL) | |
| - name: Download AdaptixC2 release | |
| shell: powershell | |
| run: | | |
| New-Item -ItemType Directory -Force -Path C:\tmp\adaptixc2 | Out-Null | |
| $url = "https://github.com/$env:ADAPTIXC2_REPO/archive/refs/tags/$env:ADAPTIXC2_VERSION.zip" | |
| Invoke-WebRequest -Uri $url -OutFile C:\tmp\adaptixc2\adaptixc2.zip | |
| # ── WSL: Ubuntu with required packages ────────────────────────────────── | |
| - uses: Vampire/setup-wsl@v3 | |
| with: | |
| distribution: Ubuntu-22.04 | |
| additional-packages: sshpass python3-pip openssl unzip | |
| - name: Install uv | |
| shell: wsl-bash {0} | |
| run: pip3 install -q uv | |
| # ── WSL: extract release, generate cert, write profile, start server ──── | |
| - name: Extract AdaptixC2 | |
| shell: wsl-bash {0} | |
| run: | | |
| mkdir -p /tmp/adaptixc2 | |
| unzip -o /mnt/c/tmp/adaptixc2/adaptixc2.zip -d /tmp/adaptixc2 | |
| # move contents out of the top-level directory the zip creates | |
| shopt -s dotglob; top=$(ls -d /tmp/adaptixc2/*/); mv "$top"* /tmp/adaptixc2/; rmdir "$top" | |
| - name: Generate TLS certificate | |
| shell: wsl-bash {0} | |
| run: | | |
| openssl req -x509 -nodes -newkey rsa:2048 \ | |
| -keyout /tmp/adaptixc2/server.rsa.key \ | |
| -out /tmp/adaptixc2/server.rsa.crt \ | |
| -days 1 -subj "/CN=ci" | |
| - name: Write server profile | |
| shell: wsl-bash {0} | |
| run: | | |
| cat > /tmp/adaptixc2/profile.yaml << 'EOF' | |
| Teamserver: | |
| interface: "0.0.0.0" | |
| port: 4321 | |
| endpoint: "/endpoint" | |
| password: "cipass" | |
| only_password: true | |
| operators: | |
| ci: "cipass" | |
| cert: "server.rsa.crt" | |
| key: "server.rsa.key" | |
| extenders: | |
| - extenders/listener_http/config.yaml | |
| - extenders/beacon/config.yaml | |
| access_token_live_hours: 1 | |
| refresh_token_live_hours: 2 | |
| httpserver: | |
| error: | |
| status: 404 | |
| headers: | |
| content-type: "text/html; charset=utf-8" | |
| server: "adaptixc2" | |
| page: "" | |
| http: | |
| max_header_bytes: 8192 | |
| read_header_timeout_sec: 0 | |
| read_timeout_sec: 0 | |
| write_timeout_sec: 0 | |
| idle_timeout_sec: 0 | |
| request_timeout_sec: 300 | |
| request_timeout_message: "504 gateway timeout" | |
| disable_keep_alives: false | |
| enable_http2: true | |
| tls: | |
| min_version: "tls1.2" | |
| max_version: "tls1.3" | |
| prefer_server_cipher_suites: false | |
| cipher_suites: | |
| - "tls_ecdhe_rsa_with_aes_128_gcm_sha256" | |
| - "tls_ecdhe_rsa_with_aes_256_gcm_sha384" | |
| - "tls_ecdhe_ecdsa_with_aes_128_gcm_sha256" | |
| - "tls_ecdhe_ecdsa_with_aes_256_gcm_sha384" | |
| - "tls_rsa_with_aes_128_gcm_sha256" | |
| - "tls_rsa_with_aes_256_gcm_sha384" | |
| EOF | |
| - name: Start AdaptixC2 server | |
| shell: wsl-bash {0} | |
| run: | | |
| cd /tmp/adaptixc2 | |
| ./adaptixserver -profile profile.yaml & | |
| echo $! > /tmp/adaptixc2.pid | |
| sleep 2 | |
| # ── WSL: install testing kit ───────────────────────────────────────────── | |
| - name: Install adaptix-testing | |
| shell: wsl-bash {0} | |
| run: | | |
| cp -r "$(wslpath "$GITHUB_WORKSPACE")" /tmp/testing-kit | |
| cd /tmp/testing-kit | |
| uv sync | |
| # ── WSL: SSH setup + config + run ──────────────────────────────────────── | |
| - name: Generate SSH keypair and install on Windows | |
| shell: wsl-bash {0} | |
| run: | | |
| ssh-keygen -t ed25519 -N "" -f ~/.ssh/ci_key | |
| # Windows host is reachable at the Hyper-V bridge (WSL default gateway) | |
| WINDOWS_IP=$(ip route show | grep -m1 default | awk '{print $3}') | |
| sshpass -p "$CI_PASS" ssh-copy-id \ | |
| -i ~/.ssh/ci_key.pub \ | |
| -o StrictHostKeyChecking=no \ | |
| "$CI_USER@$WINDOWS_IP" | |
| - name: Write CI config | |
| shell: wsl-bash {0} | |
| run: | | |
| # Windows → WSL: use the WSL veth IP so the beacon can call home | |
| WSL_IP=$(hostname -I | awk '{print $1}') | |
| # WSL → Windows: Hyper-V bridge default gateway | |
| WINDOWS_IP=$(ip route show | grep -m1 default | awk '{print $3}') | |
| cat > /tmp/ci_config.yaml << EOF | |
| server: | |
| url: https://127.0.0.1:4321 | |
| endpoint: /endpoint | |
| operator: | |
| name: ci | |
| password: cipass | |
| setup: | |
| project: ci | |
| agent_output: /tmp/ci_agent.exe | |
| listener: | |
| name: ci_http | |
| type: HTTP | |
| config: | |
| host: "$WSL_IP" | |
| path: /beacon | |
| port: 8080 | |
| use_tls: false | |
| agent: | |
| agent: beacon | |
| listener: ci_http | |
| listener_type: HTTP | |
| config: | |
| debug: false | |
| format: EXE | |
| jitter: 5 | |
| sleep: 5 | |
| ssh: | |
| host: "$WINDOWS_IP" | |
| username: "$CI_USER" | |
| key_path: ~/.ssh/ci_key | |
| source_path: /tmp/ci_agent.exe | |
| agent_path: '$CI_AGENT_PATH' | |
| terminate: true | |
| EOF | |
| - name: Run integration tests | |
| shell: wsl-bash {0} | |
| run: | | |
| cd /tmp/testing-kit | |
| uv run adaptix-testing -c /tmp/ci_config.yaml -t tasks.yaml | |
| # ── Cleanup ────────────────────────────────────────────────────────────── | |
| - name: Stop AdaptixC2 server | |
| if: always() | |
| shell: wsl-bash {0} | |
| run: | | |
| [ -f /tmp/adaptixc2.pid ] && kill "$(cat /tmp/adaptixc2.pid)" 2>/dev/null || true | |
| - name: Remove SSH key | |
| if: always() | |
| shell: wsl-bash {0} | |
| run: rm -f ~/.ssh/ci_key ~/.ssh/ci_key.pub |