FEAT local Docker setup for running GUI or Jupyter

.devcontainer/Dockerfile

@@ -23,16 +23,17 @@ RUN apt-get update && apt-get install -y \
  && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # Install the Azure CLI, Microsoft ODBC Driver 18 & SQL tools
+# Note: Debian Trixie's sqv rejects SHA1 signatures, so we use gpg directly to import the Microsoft key
 RUN apt-get update && apt-get install -y \
       apt-transport-https \
       ca-certificates \
       gnupg \
       lsb-release \
  && curl -sL https://packages.microsoft.com/keys/microsoft.asc \
- | gpg --dearmor \
- > /usr/share/keyrings/microsoft-archive-keyring.gpg \
+      | gpg --dearmor \
+      > /usr/share/keyrings/microsoft-archive-keyring.gpg \
  && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft-archive-keyring.gpg] https://packages.microsoft.com/debian/12/prod bookworm main" \
- > /etc/apt/sources.list.d/microsoft.list \
+      > /etc/apt/sources.list.d/microsoft.list \
  && apt-get update \
  && ACCEPT_EULA=Y apt-get install -y \
       msodbcsql18 \

.github/workflows/docker_build.yml

@@ -0,0 +1,319 @@
+# Tests Docker image builds for devcontainer and production
+
+name: docker_build
+
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    branches:
+      - "main"
+      - "release/**"
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  # Stage 1: Build devcontainer base image
+  build-devcontainer:
+    name: Build Devcontainer
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build devcontainer image
+        uses: docker/build-push-action@v5
+        with:
+          context: .devcontainer
+          file: .devcontainer/Dockerfile
+          push: false
+          tags: pyrit-devcontainer:latest
+          load: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Save devcontainer image
+        run: docker save pyrit-devcontainer:latest | gzip > devcontainer.tar.gz
+
+      - name: Upload devcontainer artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: devcontainer-image
+          path: devcontainer.tar.gz
+          retention-days: 1
+
+  # Stage 2: Build production images (parallel)
+  build-production-local:
+    name: Build Production (local)
+    runs-on: ubuntu-latest
+    needs: build-devcontainer
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download devcontainer image
+        uses: actions/download-artifact@v4
+        with:
+          name: devcontainer-image
+
+      - name: Load devcontainer image
+        run: gunzip -c devcontainer.tar.gz | docker load
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker
+
+      - name: Build production image (local)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/Dockerfile
+          push: false
+          tags: pyrit:local-test
+          load: true
+          build-args: |
+            BASE_IMAGE=pyrit-devcontainer:latest
+            PYRIT_SOURCE=local
+
+      - name: Save production image
+        run: docker save pyrit:local-test | gzip > local.tar.gz
+
+      - name: Upload production artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: production-local-image
+          path: local.tar.gz
+          retention-days: 1
+
+  build-production-pypi:
+    name: Build Production (PyPI)
+    runs-on: ubuntu-latest
+    needs: build-devcontainer
+    if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get latest PyRIT version from PyPI
+        id: pypi-version
+        run: |
+          VERSION=$(pip index versions pyrit 2>/dev/null | head -1 | grep -oP '\(\K[^)]+' || echo "0.10.0")
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Latest PyRIT version on PyPI: $VERSION"
+
+      - name: Download devcontainer image
+        uses: actions/download-artifact@v4
+        with:
+          name: devcontainer-image
+
+      - name: Load devcontainer image
+        run: gunzip -c devcontainer.tar.gz | docker load
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker
+
+      - name: Build production image (PyPI)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/Dockerfile
+          push: false
+          tags: pyrit:pypi-test
+          load: true
+          build-args: |
+            BASE_IMAGE=pyrit-devcontainer:latest
+            PYRIT_SOURCE=pypi
+            PYRIT_VERSION=${{ steps.pypi-version.outputs.version }}
+
+      - name: Save production image
+        run: docker save pyrit:pypi-test | gzip > pypi.tar.gz
+
+      - name: Upload production artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: production-pypi-image
+          path: pypi.tar.gz
+          retention-days: 1
+
+  # Stage 3: Test production images (parallel)
+  test-local-import:
+    name: Test Import (local)
+    runs-on: ubuntu-latest
+    needs: build-production-local
+    steps:
+      - name: Download production image
+        uses: actions/download-artifact@v4
+        with:
+          name: production-local-image
+
+      - name: Load production image
+        run: gunzip -c local.tar.gz | docker load
+
+      - name: Test PyRIT import
+        run: |
+          docker run --rm --entrypoint /opt/venv/bin/python pyrit:local-test -c "import pyrit; print(f'PyRIT version: {pyrit.__version__}')"
+
+  test-local-gui:
+    name: Test GUI (local)
+    runs-on: ubuntu-latest
+    needs: build-production-local
+    steps:
+      - name: Download production image
+        uses: actions/download-artifact@v4
+        with:
+          name: production-local-image
+
+      - name: Load production image
+        run: gunzip -c local.tar.gz | docker load
+
+      - name: Test GUI mode
+        run: |
+          docker run -d --name pyrit-gui-test -e PYRIT_MODE=gui -p 8000:8000 pyrit:local-test
+
+          echo "Waiting for GUI to start..."
+          sleep 15
+
+          if ! docker ps | grep -q pyrit-gui-test; then
+            echo "Container not running! Logs:"
+            docker logs pyrit-gui-test
+            exit 1
+          fi
+
+          echo "Testing API health endpoint..."
+          curl -sf http://localhost:8000/api/health || (echo "Health endpoint failed" && docker logs pyrit-gui-test && exit 1)
+
+          echo "Testing frontend is served..."
+          RESPONSE=$(curl -s http://localhost:8000/)
+          echo "$RESPONSE" | head -5
+          echo "$RESPONSE" | grep -iq '<!doctype html>' || (echo "Frontend not served" && docker logs pyrit-gui-test && exit 1)
+
+          echo "✅ GUI mode tests passed"
+          docker stop pyrit-gui-test && docker rm pyrit-gui-test
+
+  test-local-jupyter:
+    name: Test Jupyter (local)
+    runs-on: ubuntu-latest
+    needs: build-production-local
+    steps:
+      - name: Download production image
+        uses: actions/download-artifact@v4
+        with:
+          name: production-local-image
+
+      - name: Load production image
+        run: gunzip -c local.tar.gz | docker load
+
+      - name: Test Jupyter mode
+        run: |
+          docker run -d --name pyrit-jupyter-test -e PYRIT_MODE=jupyter -p 8888:8888 pyrit:local-test
+
+          echo "Waiting for Jupyter to start..."
+          sleep 20
+
+          if ! docker ps | grep -q pyrit-jupyter-test; then
+            echo "Container not running! Logs:"
+            docker logs pyrit-jupyter-test
+            exit 1
+          fi
+
+          echo "Testing Jupyter responds..."
+          curl -sf http://localhost:8888/api || (echo "Jupyter API failed" && docker logs pyrit-jupyter-test && exit 1)
+
+          echo "✅ Jupyter mode tests passed"
+          docker stop pyrit-jupyter-test && docker rm pyrit-jupyter-test
+
+  test-pypi-import:
+    name: Test Import (PyPI)
+    runs-on: ubuntu-latest
+    needs: build-production-pypi
+    steps:
+      - name: Download production image
+        uses: actions/download-artifact@v4
+        with:
+          name: production-pypi-image
+
+      - name: Load production image
+        run: gunzip -c pypi.tar.gz | docker load
+
+      - name: Test PyRIT import
+        run: |
+          docker run --rm --entrypoint /opt/venv/bin/python pyrit:pypi-test -c "import pyrit; print(f'PyRIT version: {pyrit.__version__}')"
+
+  test-pypi-gui:
+    name: Test GUI (PyPI)
+    runs-on: ubuntu-latest
+    needs: build-production-pypi
+    steps:
+      - name: Download production image
+        uses: actions/download-artifact@v4
+        with:
+          name: production-pypi-image
+
+      - name: Load production image
+        run: gunzip -c pypi.tar.gz | docker load
+
+      - name: Test GUI mode
+        run: |
+          docker run -d --name pyrit-gui-pypi -e PYRIT_MODE=gui -p 8000:8000 pyrit:pypi-test
+
+          echo "Waiting for GUI to start..."
+          sleep 15
+
+          if ! docker ps | grep -q pyrit-gui-pypi; then
+            echo "Container not running! Logs:"
+            docker logs pyrit-gui-pypi
+            exit 1
+          fi
+
+          curl -sf http://localhost:8000/api/health || (echo "Health endpoint failed" && docker logs pyrit-gui-pypi && exit 1)
+
+          RESPONSE=$(curl -s http://localhost:8000/)
+          echo "$RESPONSE" | head -5
+          echo "$RESPONSE" | grep -iq '<!doctype html>' || (echo "Frontend not served" && docker logs pyrit-gui-pypi && exit 1)
+
+          echo "✅ GUI mode tests passed (PyPI)"
+          docker stop pyrit-gui-pypi && docker rm pyrit-gui-pypi
+
+  test-pypi-jupyter:
+    name: Test Jupyter (PyPI)
+    runs-on: ubuntu-latest
+    needs: build-production-pypi
+    steps:
+      - name: Download production image
+        uses: actions/download-artifact@v4
+        with:
+          name: production-pypi-image
+
+      - name: Load production image
+        run: gunzip -c pypi.tar.gz | docker load
+
+      - name: Test Jupyter mode
+        run: |
+          docker run -d --name pyrit-jupyter-pypi -e PYRIT_MODE=jupyter -p 8888:8888 pyrit:pypi-test
+
+          echo "Waiting for Jupyter to start..."
+          sleep 20
+
+          if ! docker ps | grep -q pyrit-jupyter-pypi; then
+            echo "Container not running! Logs:"
+            docker logs pyrit-jupyter-pypi
+            exit 1
+          fi
+
+          curl -sf http://localhost:8888/api || (echo "Jupyter API failed" && docker logs pyrit-jupyter-pypi && exit 1)
+
+          echo "✅ Jupyter mode tests passed (PyPI)"
+          docker stop pyrit-jupyter-pypi && docker rm pyrit-jupyter-pypi