[people/ms/suricata.git] / .github / workflows / builds.yml

name: builds

on:
  - push
  - pull_request

env:
  DEFAULT_LIBHTP_REPO: https://github.com/OISF/libhtp
  DEFAULT_LIBHTP_BRANCH: 0.5.x
  DEFAULT_LIBHTP_PR:

  DEFAULT_SU_REPO: https://github.com/OISF/suricata-update
  DEFAULT_SU_BRANCH: master
  DEFAULT_SU_PR:

  DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify
  DEFAULT_SV_BRANCH: master
  DEFAULT_SV_PR:

  DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function"

  # Apt sometimes likes to ask for user input, this will prevent that.
  DEBIAN_FRONTEND: "noninteractive"

jobs:

  prep:
    name: Prepare Build
    runs-on: ubuntu-latest
    steps:
      - run: sudo apt update && sudo apt -y install jq curl
      - name: Parse repo and branch information
        env:
          # We fetch the actual pull request to get the latest body as
          # github.event.pull_request.body has the body from the
          # initial pull request.
          PR_HREF: ${{ github.event.pull_request._links.self.href }}
        run: |
          if test "${PR_HREF}"; then
              body=$(curl -s "${PR_HREF}" | jq -r .body)
              libhtp_repo=$(echo "${body}" | awk '/^libhtp-repo/ { print $2 }')
              libhtp_branch=$(echo "${body}" | awk '/^libhtp-branch/ { print $2 }')
              libhtp_pr=$(echo "${body}" | awk '/^libhtp-pr/ { print $2 }')

              su_repo=$(echo "${body}" | awk '/^suricata-update-repo/ { print $2 }')
              su_branch=$(echo "${body}" | awk '/^suricata-update-branch/ { print $2 }')
              su_pr=$(echo "${body}" | awk '/^suricata-update-pr/ { print $2 }')

              sv_repo=$(echo "${body}" | awk '/^suricata-verify-repo/ { print $2 }')
              sv_branch=$(echo "${body}" | awk '/^suricata-verify-branch/ { print $2 }')
              sv_pr=$(echo "${body}" | awk '/^suricata-verify-pr/ { print $2 }')
          fi
          echo "::set-env name=libhtp_repo::${libhtp_repo:-${DEFAULT_LIBHTP_REPO}}"
          echo "::set-env name=libhtp_branch::${libhtp_branch:-${DEFAULT_LIBHTP_BRANCH}}"
          echo "::set-env name=libhtp_pr::${libhtp_pr:-${DEFAULT_LIBHTP_PR}}"

          echo "::set-env name=su_repo::${su_repo:-${DEFAULT_SU_REPO}}"
          echo "::set-env name=su_branch::${su_branch:-${DEFAULT_SU_BRANCH}}"
          echo "::set-env name=su_pr::${su_pr:-${DEFAULT_SU_PR}}"

          echo "::set-env name=sv_repo::${sv_repo:-${DEFAULT_SV_REPO}}"
          echo "::set-env name=sv_branch::${sv_branch:-${DEFAULT_SV_BRANCH}}"
          echo "::set-env name=sv_pr::${sv_pr:-${DEFAULT_SV_PR}}"
      - name: Fetching libhtp
        run: |
          git clone --depth 1 ${libhtp_repo} -b ${libhtp_branch} libhtp
          if [[ "${libhtp_pr}" != "" ]]; then
              cd libhtp
              git fetch origin pull/${libhtp_pr}/head:prep
              git checkout prep
              cd ..
          fi
          tar zcf libhtp.tar.gz libhtp
      - name: Fetching suricata-update
        run: |
          git clone --depth 1 ${su_repo} -b ${su_branch} suricata-update
          if [[ "${su_pr}" != "" ]]; then
              cd suricata-update
              git fetch origin pull/${su_pr}/head:prep
              git checkout prep
              cd ..
          fi
          tar zcf suricata-update.tar.gz suricata-update
      - name: Fetching suricata-verify
        run: |
          git clone --depth 1 ${sv_repo} -b ${sv_branch} suricata-verify
          if [[ "${sv_pr}" != "" ]]; then
              cd suricata-verify
              git fetch origin pull/${sv_pr}/head:prep
              git checkout prep
              cd ..
          fi
          tar zcf suricata-verify.tar.gz suricata-verify
      - uses: actions/upload-artifact@v2
        name: Uploading prep archive
        with:
          name: prep
          path: .

  centos-8:
    name: CentOS 8
    runs-on: ubuntu-latest
    container: centos:8
    needs: prep
    steps:
      # Cache Rust stuff.
      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry
          key: cargo-registry

      - uses: actions/checkout@v2

      # Download and extract dependency archives created during prep
      # job.
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xvf prep/libhtp.tar.gz
      - run: tar xvf prep/suricata-update.tar.gz
      - run: tar xvf prep/suricata-verify.tar.gz

      - name: Install system packages
        run: |
          yum -y install dnf-plugins-core
          yum config-manager --set-enabled PowerTools
          yum -y install \
                autoconf \
                automake \
                cargo-vendor \
                diffutils \
                file-devel \
                gcc \
                gcc-c++ \
                git \
                jansson-devel \
                jq \
                lua-devel \
                libtool \
                libyaml-devel \
                libnfnetlink-devel \
                libnetfilter_queue-devel \
                libnet-devel \
                libcap-ng-devel \
                libevent-devel \
                libmaxminddb-devel \
                libpcap-devel \
                libtool \
                lz4-devel \
                make \
                nss-devel \
                pcre-devel \
                pkgconfig \
                python3-devel \
                python3-sphinx \
                python3-yaml \
                rust-toolset \
                sudo \
                which \
                zlib-devel
          # These packages required to build the PDF.
          yum -y install \
                texlive-latex \
                texlive-cmap \
                texlive-collection-latexrecommended \
                texlive-fncychap \
                texlive-titlesec \
                texlive-tabulary \
                texlive-framed \
                texlive-wrapfig \
                texlive-upquote \
                texlive-capt-of \
                texlive-needspace \
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - run: echo "::add-path::$HOME/.cargo/bin"
      - name: Configuring
        run: |
          ./autogen.sh
          ./configure
      - run: make -j2 distcheck
        env:
          DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks"
      - run: test -e doc/userguide/suricata.1
      - name: Building Rust documentation
        run: make doc
        working-directory: rust
      - name: Preparing distribution
        run: |
          mkdir dist
          mv suricata-*.tar.gz dist
      - uses: actions/upload-artifact@v1
        name: Uploading distribution
        with:
          name: dist
          path: dist

  centos-7:
    name: CentOS 7
    runs-on: ubuntu-latest
    container: centos:7
    needs: centos-8
    steps:
      - name: Install system dependencies
        run: |
          yum -y install epel-release
          yum -y install \
                autoconf \
                automake \
                cargo \
                diffutils \
                file-devel \
                gcc \
                gcc-c++ \
                jansson-devel \
                jq \
                lua-devel \
                libtool \
                libyaml-devel \
                libnfnetlink-devel \
                libnetfilter_queue-devel \
                libnet-devel \
                libcap-ng-devel \
                libevent-devel \
                libmaxminddb-devel \
                libpcap-devel \
                lz4-devel \
                make \
                nss-devel \
                pcre-devel \
                pkgconfig \
                rust \
                sudo \
                which \
                zlib-devel
      - name: Download suricata.tar.gz
        uses: actions/download-artifact@v2
        with:
          name: dist
      - run: tar zxvf suricata-*.tar.gz --strip-components=1
      # This isn't really needed as we are building from a prepared
      # package, but some package managers like RPM and Debian like to
      # run this command even on prepared packages, so make sure it
      # works.
      - name: Test autoreconf
        run: autoreconf -fv --install
      - run: ./configure
      - run: make -j2
      - run: make install
      - run: make install-conf
      - run: make distcheck
      - run: make clean
      - run: make -j2

  centos-6:
    name: CentOS 6
    runs-on: ubuntu-latest
    container: centos:6
    needs: centos-8
    steps:
      - name: Install Rust
        run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.34.2 -y
      - run: echo "::add-path::$HOME/.cargo/bin"
      - name: Install system dependencies
        run: |
          yum -y install epel-release
          yum -y install \
                file-devel \
                gcc \
                gcc-c++ \
                jq \
                jansson-devel \
                make \
                libyaml-devel \
                libpcap-devel \
                pcre-devel \
                python34-PyYAML \
                nss-devel \
                sudo \
                which \
                zlib-devel
      - name: Download suricata.tar.gz
        # Can't use @v2 here as it uses a binary that requires a newer
        # glibc than provided by CentOS 6.
        uses: actions/download-artifact@v1
        with:
          name: dist
      - run: tar xvf dist/suricata-*.tar.gz --strip-components=1
      - run: ./configure
      - run: make -j2
      - run: make install
      - run: make install-conf
      - name: Building Rust documentation
        run: make doc
        working-directory: rust

  fedora-32:
    name: Fedora 32 (clang, asan, wshadow, rust-strict)
    runs-on: ubuntu-latest
    container: fedora:32
    needs: prep
    steps:

      # Cache Rust stuff.
      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry
          key: cargo-registry

      - run: |
          dnf -y install \
                autoconf \
                automake \
                cargo \
                ccache \
                clang \
                diffutils \
                file-devel \
                gcc \
                gcc-c++ \
                git \
                jansson-devel \
                jq \
                lua-devel \
                libasan \
                libtool \
                libyaml-devel \
                libnfnetlink-devel \
                libnetfilter_queue-devel \
                libnet-devel \
                libcap-ng-devel \
                libevent-devel \
                libmaxminddb-devel \
                libpcap-devel \
                libtool \
                lz4-devel \
                make \
                nspr-devel \
                nss-devel \
                nss-softokn-devel \
                pcre-devel \
                pkgconfig \
                python3-yaml \
                sudo \
                which \
                zlib-devel
      - run: |
          cargo install --debug cbindgen
          echo "::add-path::$HOME/.cargo/bin"
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xf prep/libhtp.tar.gz
      - run: ./autogen.sh
      - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-unittests --disable-shared --enable-rust-strict
        env:
          ac_cv_func_realloc_0_nonnull: "yes"
          ac_cv_func_malloc_0_nonnull: "yes"
      - run: make -j2
      - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
      - name: Extracting suricata-verify
        run: tar xf prep/suricata-verify.tar.gz
      - name: Running suricata-verify
        run: python3 ./suricata-verify/run.py

  fedora-31:
    name: Fedora 31
    runs-on: ubuntu-latest
    container: fedora:31
    needs: prep
    steps:

      # Cache Rust stuff.
      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry
          key: cargo-registry

      - run: |
          dnf -y install \
                autoconf \
                automake \
                cargo \
                ccache \
                diffutils \
                file-devel \
                gcc \
                gcc-c++ \
                git \
                jansson-devel \
                jq \
                lua-devel \
                libtool \
                libyaml-devel \
                libnfnetlink-devel \
                libnetfilter_queue-devel \
                libnet-devel \
                libcap-ng-devel \
                libevent-devel \
                libmaxminddb-devel \
                libpcap-devel \
                libtool \
                lz4-devel \
                make \
                nspr-devel \
                nss-devel \
                nss-softokn-devel \
                pcre-devel \
                pkgconfig \
                python3-yaml \
                sudo \
                which \
                zlib-devel
      - name: Installing packages to build documentation
        run: |
          dnf -y install \
                python3-sphinx \
                texlive-scheme-full
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - run: echo "::add-path::$HOME/.cargo/bin"
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xf prep/libhtp.tar.gz
      - run: ./autogen.sh
      - run: ./configure --enable-unittests
      - run: make -j2
      - run: make check
      - run: make dist
      - run: test -e doc/devguide/devguide.pdf
      - run: test -e doc/userguide/userguide.pdf
      - run: make distcheck
      - name: Extracting suricata-verify
        run: tar xf prep/suricata-verify.tar.gz
      - name: Running suricata-verify
        run: python3 ./suricata-verify/run.py

  ubuntu-20-04:
    name: Ubuntu 20.04 (no nss, no nspr)
    runs-on: ubuntu-latest
    container: ubuntu:20.04
    needs: prep
    steps:
      - name: Install dependencies
        run: |
          apt update
          apt -y install \
                libpcre3 \
                libpcre3-dev \
                build-essential \
                autoconf \
                automake \
                git \
                jq \
                libtool \
                libpcap-dev \
                libnet1-dev \
                libyaml-0-2 \
                libyaml-dev \
                libcap-ng-dev \
                libcap-ng0 \
                libmagic-dev \
                libnetfilter-queue-dev \
                libnetfilter-queue1 \
                libnfnetlink-dev \
                libnfnetlink0 \
                libhiredis-dev \
                libjansson-dev \
                libevent-dev \
                libevent-pthreads-2.1-7 \
                libjansson-dev \
                libpython2.7 \
                make \
                parallel \
                python3-yaml \
                rustc \
                software-properties-common \
                zlib1g \
                zlib1g-dev \
                exuberant-ctags
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - run: echo "::add-path::$HOME/.cargo/bin"
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xf prep/libhtp.tar.gz
      - run: ./autogen.sh
      - run: ./configure --enable-unittests --disable-nss --disable-nspr
      - run: make -j2
      - run: make dist
      - name: Extracting suricata-verify
        run: tar xf prep/suricata-verify.tar.gz
      - name: Running suricata-verify
        run: python3 ./suricata-verify/run.py

  ubuntu-20-04-ndebug:
    name: Ubuntu 20.04 (-DNDEBUG)
    runs-on: ubuntu-latest
    container: ubuntu:20.04
    needs: prep
    steps:

      - name: Install dependencies
        run: |
          apt update
          apt -y install \
                build-essential \
                autoconf \
                automake \
                git \
                jq \
                libtool \
                libpcap-dev \
                libnet1-dev \
                libyaml-0-2 \
                libyaml-dev \
                libcap-ng-dev \
                libcap-ng0 \
                libmagic-dev \
                libnetfilter-queue-dev \
                libnetfilter-queue1 \
                libnfnetlink-dev \
                libnfnetlink0 \
                libhiredis-dev \
                libjansson-dev \
                libevent-dev \
                libevent-pthreads-2.1-7 \
                libjansson-dev \
                libpython2.7 \
                libpcre3 \
                libpcre3-dev \
                make \
                parallel \
                python3-yaml \
                rustc \
                software-properties-common \
                zlib1g \
                zlib1g-dev \
                exuberant-ctags
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - run: echo "::add-path::$HOME/.cargo/bin"
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xf prep/libhtp.tar.gz
      - run: ./autogen.sh
      - run: CFLAGS="$DEFAULT_CFLAGS -DNDEBUG" ./configure --enable-unittests
      - run: make -j2
      - run: make check
      - run: make dist
      - name: Extracting suricata-verify
        run: tar xf prep/suricata-verify.tar.gz
      - name: Running suricata-verify
        run: python3 ./suricata-verify/run.py

  ubuntu-20-04-too-old-rust:
    name: Ubuntu 20.04 (unsupported rust)
    runs-on: ubuntu-latest
    container: ubuntu:20.04
    needs: centos-8
    steps:
      - name: Install dependencies
        run: |
          apt update
          apt -y install \
                build-essential \
                curl \
                libtool \
                libpcap-dev \
                libnet1-dev \
                libyaml-0-2 \
                libyaml-dev \
                libcap-ng-dev \
                libcap-ng0 \
                libmagic-dev \
                libnetfilter-queue-dev \
                libnetfilter-queue1 \
                libnfnetlink-dev \
                libnfnetlink0 \
                libhiredis-dev \
                libjansson-dev \
                libevent-dev \
                libevent-pthreads-2.1-7 \
                libjansson-dev \
                libpython2.7 \
                libpcre3 \
                libpcre3-dev \
                make \
                python3-yaml \
                software-properties-common \
                zlib1g \
                zlib1g-dev \
      - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.33.0 -y
      - run: echo "::add-path::$HOME/.cargo/bin"
      - name: Download suricata.tar.gz
        uses: actions/download-artifact@v2
        with:
          name: dist
      - run: tar zxvf suricata-*.tar.gz --strip-components=1
      - run: |
          if ./configure; then
            echo "error: configure should have failed"
            exit 1
          else
            exit 0
          fi

  ubuntu-18-04-debug-validation:
    name: Ubuntu 18.04 (Debug Validation)
    runs-on: ubuntu-18.04
    container: ubuntu:18.04
    needs: prep
    steps:

      # Cache Rust stuff.
      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry
          key: cargo-registry

      - name: Install dependencies
        run: |
          apt update
          apt -y install \
                libpcre3 \
                libpcre3-dev \
                build-essential \
                autoconf \
                automake \
                git \
                jq \
                libtool \
                libpcap-dev \
                libnet1-dev \
                libyaml-0-2 \
                libyaml-dev \
                libcap-ng-dev \
                libcap-ng0 \
                libmagic-dev \
                libnetfilter-queue-dev \
                libnetfilter-queue1 \
                libnfnetlink-dev \
                libnfnetlink0 \
                libhiredis-dev \
                libjansson-dev \
                libevent-dev \
                libevent-pthreads-2.1.6 \
                libjansson-dev \
                libpython2.7 \
                make \
                parallel \
                python3-yaml \
                rustc \
                software-properties-common \
                zlib1g \
                zlib1g-dev \
                exuberant-ctags
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - run: echo "::add-path::$HOME/.cargo/bin"
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xf prep/libhtp.tar.gz
      - run: ./autogen.sh
      - run: ./configure --enable-debug-validation
      - run: make -j2
      - run: make check
      - name: Extracting suricata-verify
        run: tar xf prep/suricata-verify.tar.gz
      - name: Running suricata-verify
        run: python3 ./suricata-verify/run.py

  ubuntu-18-04:
    name: Ubuntu 18.04 (Cocci)
    runs-on: ubuntu-18.04
    container: ubuntu:18.04
    needs: prep
    steps:

      # Cache Rust stuff.
      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry
          key: cargo-registry

      - name: Install dependencies
        run: |
          apt update
          apt -y install \
                libpcre3 \
                libpcre3-dev \
                build-essential \
                autoconf \
                automake \
                git \
                jq \
                libtool \
                libpcap-dev \
                libnet1-dev \
                libyaml-0-2 \
                libyaml-dev \
                libcap-ng-dev \
                libcap-ng0 \
                libmagic-dev \
                libnetfilter-queue-dev \
                libnetfilter-queue1 \
                libnfnetlink-dev \
                libnfnetlink0 \
                libhiredis-dev \
                libjansson-dev \
                libevent-dev \
                libevent-pthreads-2.1.6 \
                libjansson-dev \
                libpython2.7 \
                make \
                parallel \
                python3-yaml \
                rustc \
                software-properties-common \
                zlib1g \
                zlib1g-dev \
                exuberant-ctags
      - name: Install packages for generating documentation
        run: |
          DEBIAN_FRONTEND=noninteractive apt -y install \
                sphinx-doc \
                sphinx-common \
                texlive-latex-base \
                texlive-fonts-recommended \
                texlive-fonts-extra \
                texlive-latex-extra
      - name: Install Coccinelle
        run: |
          add-apt-repository -y ppa:npalix/coccinelle
          apt -y install coccinelle
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - run: echo "::add-path::$HOME/.cargo/bin"
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xf prep/libhtp.tar.gz
      - run: ./autogen.sh
      - run: ./configure --enable-unittests --enable-coccinelle
      - run: make -j2
      - run: make tags
      - name: Running unit tests and cocci checks
        # Set the concurrency level for cocci.
        run: CONCURRENCY_LEVEL=2 make check
      - run: make dist
      - name: Checking that documentation was built
        run: |
          test -e doc/devguide/devguide.pdf
          test -e doc/userguide/userguide.pdf
          test -e doc/userguide/suricata.1
      - name: Extracting suricata-verify
        run: tar xf prep/suricata-verify.tar.gz
      - name: Running suricata-verify
        run: python3 ./suricata-verify/run.py

  # test build with afl and fuzztargets
  ubuntu-18-04-fuzz:
    name: Ubuntu 18.04 (Fuzz)
    runs-on: ubuntu-18.04
    container: ubuntu:18.04
    needs: prep
    steps:

      # Cache Rust stuff.
      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry
          key: cargo-registry

      - name: Install dependencies
        run: |
          apt update
          apt -y install \
                afl \
                afl-clang \
                libpcre3 \
                libpcre3-dev \
                build-essential \
                autoconf \
                automake \
                git \
                libtool \
                libpcap-dev \
                libnet1-dev \
                libyaml-0-2 \
                libyaml-dev \
                libcap-ng-dev \
                libcap-ng0 \
                libmagic-dev \
                libnetfilter-queue-dev \
                libnetfilter-queue1 \
                libnfnetlink-dev \
                libnfnetlink0 \
                libhiredis-dev \
                libjansson-dev \
                libjansson-dev \
                libpython2.7 \
                make \
                rustc \
                software-properties-common \
                zlib1g \
                zlib1g-dev
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - run: echo "::add-path::$HOME/.cargo/bin"
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xf prep/libhtp.tar.gz
      - run: ./autogen.sh
      - run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ ./configure --enable-fuzztargets --disable-shared
      - run: AFL_HARDEN=1 make -j2

  # An Ubuntu 16.04 build using the tarball generated in the CentOS 8
  # build above.
  ubuntu-16-04:
    name: Ubuntu 16.04
    runs-on: ubuntu-latest
    container: ubuntu:16.04
    needs: centos-8
    steps:
      - name: Install dependencies
        run: |
          apt update
          apt -y install \
                build-essential \
                curl \
                libcap-ng-dev \
                libcap-ng0 \
                libevent-dev \
                libhiredis-dev \
                libjansson-dev \
                libmagic-dev \
                libnet1-dev \
                libnetfilter-queue-dev \
                libnetfilter-queue1 \
                libnfnetlink-dev \
                libnfnetlink0 \
                libnss3-dev \
                libpcre3 \
                libpcre3-dev \
                libpcap-dev \
                libyaml-0-2 \
                libyaml-dev \
                make \
                python3-yaml \
                zlib1g \
                zlib1g-dev
      - name: Install Rust
        run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.34.2 -y
      - run: echo "::add-path::$HOME/.cargo/bin"
      - name: Download suricata.tar.gz
        uses: actions/download-artifact@v2
        with:
          name: dist
      - name: Extract
        run: tar zxvf suricata-*.tar.gz --strip-components=1
      - name: Configure
        run: ./configure
      - name: Build
        run: make -j2
      - name: Testing
        run: make check
      - run: make install
      - run: make install-conf
      - run: make install-rules

  debian-10:
    name: Debian 10
    runs-on: ubuntu-latest
    container: debian:10
    needs: prep
    steps:
      # Cache Rust stuff.
      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry
          key: cargo-registry

      - run: |
          apt update
          apt -y install \
                automake \
                autoconf \
                build-essential \
                ccache \
                curl \
                git \
                gosu \
                jq \
                libpcre3 \
                libpcre3-dbg \
                libpcre3-dev \
                libpcap-dev   \
                libnet1-dev \
                libyaml-0-2 \
                libyaml-dev \
                libcap-ng-dev \
                libcap-ng0 \
                libmagic-dev \
                libjansson-dev \
                libnss3-dev \
                libgeoip-dev \
                liblua5.1-dev \
                libhiredis-dev \
                libevent-dev \
                libtool \
                m4 \
                make \
                python-yaml \
                pkg-config \
                rustc \
                sudo \
                zlib1g \
                zlib1g-dev
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - run: echo "::add-path::$HOME/.cargo/bin"
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xf prep/libhtp.tar.gz
      - run: tar xf prep/suricata-update.tar.gz
      - run: ./autogen.sh
      - run: ./configure --enable-unittests --enable-fuzztargets
      - run: make -j2
      - run: make check
      - run: tar xf prep/suricata-verify.tar.gz
      - name: Running suricata-verify
        run: ./suricata-verify/run.py

  debian-9:
    name: Debian 9
    runs-on: ubuntu-latest
    container: debian:9
    needs: prep
    steps:
      - run: |
          apt update
          apt -y install \
                automake \
                autoconf \
                build-essential \
                ccache \
                curl \
                git-core \
                gosu \
                jq \
                libpcre3 \
                libpcre3-dbg \
                libpcre3-dev \
                libpcap-dev   \
                libnet1-dev \
                libyaml-0-2 \
                libyaml-dev \
                libcap-ng-dev \
                libcap-ng0 \
                libmagic-dev \
                libjansson-dev \
                libnss3-dev \
                libgeoip-dev \
                liblua5.1-dev \
                libhiredis-dev \
                libevent-dev \
                libtool \
                m4 \
                make \
                python-yaml \
                pkg-config \
                sudo \
                zlib1g \
                zlib1g-dev
      - name: Install Rust
        run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.34.2 -y
      - run: echo "::add-path::$HOME/.cargo/bin"
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xf prep/libhtp.tar.gz
      - run: tar xf prep/suricata-update.tar.gz
      - run: ./autogen.sh
      - run: ./configure --enable-unittests
      - run: make -j2
      - run: make check
      - run: tar xf prep/suricata-verify.tar.gz
      - name: Running suricata-verify
        run: ./suricata-verify/run.py

  macos-latest:
    name: MacOS Latest
    runs-on: macos-latest
    needs: prep
    steps:
      # Cache Rust stuff.
      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry
          key: cargo-registry
      - run: |
         brew install \
          autoconf \
          automake \
          curl \
          hiredis \
          jansson \
          jq \
          libmagic \
          libnet \
          libtool \
          libyaml \
          lua \
          nss \
          nspr \
          pcre \
          pkg-config \
          rust \
          xz
      - name: Install cbindgen
        run: cargo install --force --debug --version 0.14.1 cbindgen
      - run: echo "::add-path::$HOME/.cargo/bin"
      - run: pip install PyYAML
      - uses: actions/checkout@v2
      - name: Downloading prep archive
        uses: actions/download-artifact@v2
        with:
          name: prep
          path: prep
      - run: tar xvf prep/libhtp.tar.gz
      - run: ./autogen.sh
      - run: ./configure --enable-unittests
      - run: make -j2
      - run: make check
      - run: tar xf prep/suricata-verify.tar.gz
      - name: Running suricata-verify
        run: ./suricata-verify/run.py