Add GitHub Actions CI: build and integration test workflows

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: TGJLS

.github/ci/adaptixc2_profile.yaml

@@ -0,0 +1,51 @@
+Teamserver:
+  interface: "0.0.0.0"
+  port: 4321
+  endpoint: "/endpoint"
+  password: "cipass"
+  only_password: true
+  operators:
+    ci: "cipass"
+  cert: "server.rsa.crt"
+  key: "server.rsa.key"
+  extenders:
+    - "extenders/beacon_listener_http/config.yaml"
+    - "extenders/beacon_listener_smb/config.yaml"
+    - "extenders/beacon_listener_tcp/config.yaml"
+    - "extenders/beacon_listener_dns/config.yaml"
+    - "extenders/beacon_agent/config.yaml"
+    - "extenders/gopher_listener_tcp/config.yaml"
+    - "extenders/gopher_agent/config.yaml"
+  axscripts:
+  access_token_live_hours: 1
+  refresh_token_live_hours: 2
+
+HttpServer:
+  error:
+    status: 404
+    headers:
+      Content-Type: "text/html; charset=UTF-8"
+      Server: "AdaptixC2"
+      Adaptix-Version: "v1.2"
+    page: "404page.html"
+  http:
+    max_header_bytes: 8192
+    read_header_timeout_sec: 0
+    read_timeout_sec: 0
+    write_timeout_sec: 0
+    idle_timeout_sec: 0
+    request_timeout_sec: 300
+    request_timeout_message: "504 Gateway Timeout"
+    disable_keep_alives: false
+    enable_http2: true
+  tls:
+    min_version: "TLS1.2"
+    max_version: "TLS1.3"
+    prefer_server_cipher_suites: false
+    cipher_suites:
+      - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+      - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+      - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+      - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+      - "TLS_RSA_WITH_AES_128_GCM_SHA256"
+      - "TLS_RSA_WITH_AES_256_GCM_SHA384"

.github/workflows/build.yaml

@@ -0,0 +1,27 @@
+name: Build
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: astral-sh/setup-uv@v5
+        with:
+          python-version: "3.14"
+
+      - name: Install dependencies
+        run: uv sync
+
+      - name: Build wheel
+        run: uv build
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/

.github/workflows/test.yaml

@@ -0,0 +1,206 @@
+name: Integration Tests
+
+# Runs entirely on a single GitHub-hosted windows-latest runner.
+# AdaptixC2 and adaptix-testing run inside WSL2 (Ubuntu).
+# The beacon runs on the Windows host.
+# SSH delivery goes from WSL → Windows via the Hyper-V bridge IP.
+# Beacon callbacks go from Windows → WSL via the WSL veth IP.
+# All IPs are detected at runtime — no static config needed.
+#
+# Hardcoded CI credentials are intentional: these containers are
+# ephemeral, hold no real secrets, and only exist for testing.
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+env:
+  ADAPTIXC2_REPO: Adaptix-Framework/AdaptixC2
+  ADAPTIXC2_VERSION: v1.2
+  CI_USER: ci_runner
+  CI_PASS: Ci_Test_Pass1!
+  CI_AGENT_DIR: 'C:\ci'
+  CI_AGENT_PATH: 'C:\ci\agent.exe'
+
+jobs:
+  integration-test:
+    runs-on: windows-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Pass CI variables into WSL
+        shell: powershell
+        run: echo "WSLENV=CI_USER/u:CI_PASS/u:CI_AGENT_PATH/u:ADAPTIXC2_REPO/u:ADAPTIXC2_VERSION/u" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+
+      # ── Windows: CI user, OpenSSH, agent directory ──────────────────────────
+
+      - name: Create CI user
+        shell: powershell
+        run: |
+          $pass = ConvertTo-SecureString $env:CI_PASS -AsPlainText -Force
+          if (-not (Get-LocalUser $env:CI_USER -ErrorAction SilentlyContinue)) {
+            New-LocalUser $env:CI_USER -Password $pass -PasswordNeverExpires
+            Add-LocalGroupMember -Group Administrators -Member $env:CI_USER
+          } else {
+            Set-LocalUser $env:CI_USER -Password $pass
+          }
+
+      - name: Start OpenSSH Server with password auth
+        shell: powershell
+        run: |
+          $cap = Get-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
+          if ($cap.State -ne 'Installed') {
+            Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
+          }
+          Set-Service sshd -StartupType Automatic
+          Start-Service sshd
+          $cfg = "$env:ProgramData\ssh\sshd_config"
+          (Get-Content $cfg) `
+            -replace '^#?PasswordAuthentication\s+\w+', 'PasswordAuthentication yes' |
+            Set-Content $cfg
+          Restart-Service sshd
+
+      - name: Create agent drop directory
+        shell: powershell
+        run: |
+          New-Item -ItemType Directory -Force -Path $env:CI_AGENT_DIR | Out-Null
+          New-Item -ItemType Directory -Force -Path C:\tmp | Out-Null
+
+      # ── WSL: Ubuntu with required packages ──────────────────────────────────
+
+      - uses: Vampire/setup-wsl@v3
+        with:
+          distribution: Ubuntu-22.04
+          additional-packages: sshpass python3-pip openssl mingw-w64 make gcc g++ g++-mingw-w64
+
+      - name: Install Go 1.25.4
+        shell: wsl-bash {0}
+        run: |
+          wget -q https://go.dev/dl/go1.25.4.linux-amd64.tar.gz -O /tmp/go1.25.4.linux-amd64.tar.gz
+          sudo rm -rf /usr/local/go /usr/local/bin/go
+          sudo tar -C /usr/local -xzf /tmp/go1.25.4.linux-amd64.tar.gz
+          sudo ln -s /usr/local/go/bin/go /usr/local/bin/go
+
+      - name: Install uv
+        shell: wsl-bash {0}
+        run: pip3 install -q uv
+
+      # ── WSL: clone, build, generate cert, write profile, start server ────────
+
+      - name: Clone and build AdaptixC2
+        shell: wsl-bash {0}
+        run: |
+          git clone --depth 1 --branch "$ADAPTIXC2_VERSION" "https://github.com/$ADAPTIXC2_REPO" /tmp/adaptixc2
+          cd /tmp/adaptixc2
+          make server-ext
+
+      - name: Generate TLS certificate
+        shell: wsl-bash {0}
+        run: |
+          openssl req -x509 -nodes -newkey rsa:2048 \
+            -keyout /tmp/adaptixc2/dist/server.rsa.key \
+            -out /tmp/adaptixc2/dist/server.rsa.crt \
+            -days 1 -subj "/CN=ci"
+
+      - name: Write server profile
+        shell: wsl-bash {0}
+        run: |
+          WIN_WS=$(cmd.exe /c "echo %GITHUB_WORKSPACE%" 2>/dev/null | tr -d '\r')
+          cp "$(wslpath "$WIN_WS")/.github/ci/adaptixc2_profile.yaml" /tmp/adaptixc2/dist/profile.yaml
+
+      - name: Start AdaptixC2 server
+        shell: wsl-bash {0}
+        run: |
+          cd /tmp/adaptixc2/dist
+          ./adaptixserver -profile profile.yaml &
+          echo $! > /tmp/adaptixc2.pid
+          sleep 2
+
+      # ── WSL: install testing kit ─────────────────────────────────────────────
+
+      - name: Install adaptix-testing
+        shell: wsl-bash {0}
+        run: |
+          WIN_WS=$(cmd.exe /c "echo %GITHUB_WORKSPACE%" 2>/dev/null | tr -d '\r')
+          cp -r "$(wslpath "$WIN_WS")" /tmp/testing-kit
+          cd /tmp/testing-kit
+          uv sync
+
+      # ── WSL: SSH setup + config + run ────────────────────────────────────────
+
+      - name: Generate SSH keypair
+        shell: wsl-bash {0}
+        run: |
+          ssh-keygen -t ed25519 -N "" -f ~/.ssh/ci_key
+          cp ~/.ssh/ci_key.pub /mnt/c/tmp/ci_key.pub
+
+      - name: Install SSH public key on Windows
+        shell: powershell
+        run: |
+          $authFile = "$env:ProgramData\ssh\administrators_authorized_keys"
+          New-Item -Force -ItemType File -Path $authFile | Out-Null
+          Get-Content C:\tmp\ci_key.pub | Add-Content $authFile
+          icacls $authFile /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
+
+      - name: Write CI config
+        shell: wsl-bash {0}
+        run: |
+          # Windows → WSL: use the WSL veth IP so the beacon can call home
+          WSL_IP=$(hostname -I | awk '{print $1}')
+          WINDOWS_IP=$(cmd.exe /c ipconfig 2>/dev/null | tr -d '\r' | awk '/vEthernet/{f=1} f && /IPv4 Address/{print $NF; exit}')
+
+          cat > /tmp/ci_config.yaml << EOF
+          server:
+            url: https://127.0.0.1:4321
+            endpoint: /endpoint
+          operator:
+            name: ci
+            password: cipass
+          setup:
+            project: ci
+            agent_output: /tmp/ci_agent.exe
+            listener:
+              name: ci_http
+              type: BeaconHTTP
+              config:
+                host: "$WSL_IP"
+                path: /beacon
+                port: 8080
+                use_tls: false
+            agent:
+              agent: beacon
+              listener: ci_http
+              listener_type: BeaconHTTP
+              config:
+                format: EXE
+                jitter: 0
+                sleep: "0s"
+          ssh:
+            host: "$WINDOWS_IP"
+            username: "$CI_USER"
+            key_path: ~/.ssh/ci_key
+            source_path: /tmp/ci_agent.exe
+            agent_path: '$CI_AGENT_PATH'
+            terminate: true
+          EOF
+
+      - name: Run integration tests
+        shell: wsl-bash {0}
+        run: |
+          cd /tmp/testing-kit
+          uv run adaptix-testing -c /tmp/ci_config.yaml -t tasks.yaml
+
+      # ── Cleanup ──────────────────────────────────────────────────────────────
+
+      - name: Stop AdaptixC2 server
+        if: always()
+        shell: wsl-bash {0}
+        run: |
+          [ -f /tmp/adaptixc2.pid ] && kill "$(cat /tmp/adaptixc2.pid)" 2>/dev/null || true
+
+      - name: Remove SSH key
+        if: always()
+        shell: wsl-bash {0}
+        run: rm -f ~/.ssh/ci_key ~/.ssh/ci_key.pub

pyproject.toml

@@ -11,3 +11,10 @@ dependencies = [
 
 [project.scripts]
 adaptix-testing = "run:main"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+include = ["run.py"]