8 DEFAULT_LIBHTP_REPO: https://github.com/OISF/libhtp
9 DEFAULT_LIBHTP_BRANCH: 0.5.x
12 DEFAULT_SU_REPO: https://github.com/OISF/suricata-update
13 DEFAULT_SU_BRANCH: master
16 DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify
17 DEFAULT_SV_BRANCH: master
20 DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function"
22 # Apt sometimes likes to ask for user input, this will prevent that.
23 DEBIAN_FRONTEND: "noninteractive"
25 # A recent version of stable Rust that is known to pass build, test and other
26 # verification steps in this workflow. This was added because using "stable"
27 # could cause some steps to fail.
28 RUST_VERSION_KNOWN: "1.49.0"
30 # The minimum version of Rust supported.
31 RUST_VERSION_MIN: "1.41.1"
36 name: Prepare dependencies
37 runs-on: ubuntu-latest
39 - name: Cache ~/.cargo
40 uses: actions/cache@v1
44 - run: sudo apt update && sudo apt -y install jq curl
45 - name: Parse repo and branch information
47 # We fetch the actual pull request to get the latest body as
48 # github.event.pull_request.body has the body from the
49 # initial pull request.
50 PR_HREF: ${{ github.event.pull_request._links.self.href }}
52 if test "${PR_HREF}"; then
53 body=$(curl -s "${PR_HREF}" | jq -r .body | tr -d '\r')
55 libhtp_repo=$(echo "${body}" | awk '/^libhtp-repo/ { print $2 }')
56 libhtp_branch=$(echo "${body}" | awk '/^libhtp-branch/ { print $2 }')
57 libhtp_pr=$(echo "${body}" | awk '/^libhtp-pr/ { print $2 }')
59 su_repo=$(echo "${body}" | awk '/^suricata-update-repo/ { print $2 }')
60 su_branch=$(echo "${body}" | awk '/^suricata-update-branch/ { print $2 }')
61 su_pr=$(echo "${body}" | awk '/^suricata-update-pr/ { print $2 }')
63 sv_repo=$(echo "${body}" | awk '/^suricata-verify-repo/ { print $2 }')
64 sv_branch=$(echo "${body}" | awk '/^suricata-verify-branch/ { print $2 }')
65 sv_pr=$(echo "${body}" | awk '/^suricata-verify-pr/ { print $2 }')
67 echo "libhtp_repo=${libhtp_repo:-${DEFAULT_LIBHTP_REPO}}" >> $GITHUB_ENV
68 echo "libhtp_branch=${libhtp_branch:-${DEFAULT_LIBHTP_BRANCH}}" >> $GITHUB_ENV
69 echo "libhtp_pr=${libhtp_pr:-${DEFAULT_LIBHTP_PR}}" >> $GITHUB_ENV
71 echo "su_repo=${su_repo:-${DEFAULT_SU_REPO}}" >> $GITHUB_ENV
72 echo "su_branch=${su_branch:-${DEFAULT_SU_BRANCH}}" >> $GITHUB_ENV
73 echo "su_pr=${su_pr:-${DEFAULT_SU_PR}}" >> $GITHUB_ENV
75 echo "sv_repo=${sv_repo:-${DEFAULT_SV_REPO}}" >> $GITHUB_ENV
76 echo "sv_branch=${sv_branch:-${DEFAULT_SV_BRANCH}}" >> $GITHUB_ENV
77 echo "sv_pr=${sv_pr:-${DEFAULT_SV_PR}}" >> $GITHUB_ENV
78 - name: Fetching libhtp
80 git clone --depth 1 ${libhtp_repo} -b ${libhtp_branch} libhtp
81 if [[ "${libhtp_pr}" != "" ]]; then
83 git fetch origin pull/${libhtp_pr}/head:prep
87 tar zcf libhtp.tar.gz libhtp
88 - name: Fetching suricata-update
90 git clone --depth 1 ${su_repo} -b ${su_branch} suricata-update
91 if [[ "${su_pr}" != "" ]]; then
93 git fetch origin pull/${su_pr}/head:prep
97 tar zcf suricata-update.tar.gz suricata-update
98 - name: Fetching suricata-verify
100 git clone ${sv_repo} -b ${sv_branch} suricata-verify
101 if [[ "${sv_pr}" != "" ]]; then
103 git fetch origin pull/${sv_pr}/head:prep
105 git config --global user.email you@example.com
106 git config --global user.name You
107 git rebase ${DEFAULT_SV_BRANCH}
110 tar zcf suricata-verify.tar.gz suricata-verify
112 run: rm -rf libhtp suricata-update suricata-verify
113 - name: Uploading prep archive
114 uses: actions/upload-artifact@v2
120 name: Prepare cbindgen
121 runs-on: ubuntu-latest
123 - name: Cache ~/.cargo
124 uses: actions/cache@v1
128 - name: Installing Rust
130 curl https://sh.rustup.rs -sSf | sh -s -- -y
131 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
132 rustup target add x86_64-unknown-linux-musl
133 - name: Buliding static cbindgen for Linux
135 cargo install --target x86_64-unknown-linux-musl --debug cbindgen
136 cp $HOME/.cargo/bin/cbindgen .
137 - name: Uploading prep archive
138 uses: actions/upload-artifact@v2
145 runs-on: ubuntu-latest
147 needs: [prepare-deps, prepare-cbindgen]
150 - name: Cache cargo registry
151 uses: actions/cache@v1
153 path: ~/.cargo/registry
156 - uses: actions/checkout@v2
158 # Prebuild check for duplicat SIDs
159 - name: Check for duplicate SIDs
161 dups=$(sed -n 's/^alert.*sid:\([[:digit:]]*\);.*/\1/p' ./rules/*.rules|sort|uniq -d|tr '\n' ' ')
162 if [[ "${dups}" != "" ]]; then
163 echo "::error::Duplicate SIDs found:${dups}"
167 # Download and extract dependency archives created during prep
169 - uses: actions/download-artifact@v2
173 - run: tar xvf prep/libhtp.tar.gz
174 - run: tar xvf prep/suricata-update.tar.gz
175 - run: tar xvf prep/suricata-verify.tar.gz
176 - name: Setup cbindgen
178 mkdir -p $HOME/.cargo/bin
179 cp prep/cbindgen $HOME/.cargo/bin
180 chmod 755 $HOME/.cargo/bin/cbindgen
181 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
182 - name: Install system packages
184 yum -y install dnf-plugins-core
185 yum config-manager --set-enabled powertools
201 libnetfilter_queue-devel \
220 # These packages required to build the PDF.
224 texlive-collection-latexrecommended \
236 CFLAGS="${DEFAULT_CFLAGS}" ./configure
237 - run: make -j2 distcheck
239 DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks"
240 - run: test -e doc/userguide/suricata.1
241 - name: Building Rust documentation
243 working-directory: rust
244 - name: Preparing distribution
247 mv suricata-*.tar.gz dist
248 - uses: actions/upload-artifact@v1
249 name: Uploading distribution
256 runs-on: ubuntu-latest
258 needs: [prepare-deps, centos-8]
260 - name: Install system dependencies
262 yum -y install epel-release
277 libnetfilter_queue-devel \
293 - name: Download suricata.tar.gz
294 uses: actions/download-artifact@v2
297 - run: tar zxvf suricata-*.tar.gz --strip-components=1
298 # This isn't really needed as we are building from a prepared
299 # package, but some package managers like RPM and Debian like to
300 # run this command even on prepared packages, so make sure it
302 - name: Test autoreconf
303 run: autoreconf -fv --install
304 - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure
307 - run: make install-conf
308 - run: make distcheck
311 - uses: actions/download-artifact@v2
315 - run: tar xf prep/suricata-verify.tar.gz
316 - run: python3 ./suricata-verify/run.py -q
319 name: Fedora 35 (debug, clang, asan, wshadow, rust-strict)
320 runs-on: ubuntu-latest
322 needs: [prepare-deps, prepare-cbindgen]
326 - name: Cache cargo registry
327 uses: actions/cache@v1
329 path: ~/.cargo/registry
352 libnetfilter_queue-devel \
368 - uses: actions/checkout@v2
369 - uses: actions/download-artifact@v2
373 - run: tar xf prep/libhtp.tar.gz
374 - name: Setup cbindgen
376 mkdir -p $HOME/.cargo/bin
377 cp prep/cbindgen $HOME/.cargo/bin
378 chmod 755 $HOME/.cargo/bin/cbindgen
379 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
381 - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis
383 LDFLAGS: "-fsanitize=address"
384 ac_cv_func_realloc_0_nonnull: "yes"
385 ac_cv_func_malloc_0_nonnull: "yes"
387 - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
388 - name: Extracting suricata-verify
389 run: tar xf prep/suricata-verify.tar.gz
390 - name: Running suricata-verify
391 run: python3 ./suricata-verify/run.py -q
392 # Now install and make sure headers and libraries aren't install
395 - run: test ! -e /usr/local/lib/libsuricata_c.a
396 - run: test ! -e /usr/local/include/suricata
397 - run: make install-headers
398 - run: test -e /usr/local/include/suricata/suricata.h
399 - run: make install-library
400 - run: test -e /usr/local/lib/libsuricata_c.a
401 - run: test -e /usr/local/lib/libsuricata_rust.a
402 - run: test -e /usr/local/bin/libsuricata-config
403 - run: test ! -e /usr/local/lib/libsuricata.so
406 name: Fedora 34 (debug, clang, asan, wshadow, rust-strict)
407 runs-on: ubuntu-latest
409 needs: [prepare-deps, prepare-cbindgen]
413 - name: Cache cargo registry
414 uses: actions/cache@v1
416 path: ~/.cargo/registry
439 libnetfilter_queue-devel \
455 - uses: actions/checkout@v2
456 - uses: actions/download-artifact@v2
460 - run: tar xf prep/libhtp.tar.gz
461 - name: Setup cbindgen
463 mkdir -p $HOME/.cargo/bin
464 cp prep/cbindgen $HOME/.cargo/bin
465 chmod 755 $HOME/.cargo/bin/cbindgen
466 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
468 - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer -Wimplicit-int-float-conversion" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis
470 LDFLAGS: "-fsanitize=address"
471 ac_cv_func_realloc_0_nonnull: "yes"
472 ac_cv_func_malloc_0_nonnull: "yes"
474 - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
475 - name: Extracting suricata-verify
476 run: tar xf prep/suricata-verify.tar.gz
477 - name: Running suricata-verify
478 run: python3 ./suricata-verify/run.py -q
479 # Now install and make sure headers and libraries aren't install
482 - run: test ! -e /usr/local/lib/libsuricata_c.a
483 - run: test ! -e /usr/local/include/suricata
484 - run: make install-headers
485 - run: test -e /usr/local/include/suricata/suricata.h
486 - run: make install-library
487 - run: test -e /usr/local/lib/libsuricata_c.a
488 - run: test -e /usr/local/lib/libsuricata_rust.a
489 - run: test -e /usr/local/bin/libsuricata-config
490 - run: test ! -e /usr/local/lib/libsuricata.so
493 name: Fedora 33 (debug, clang, asan, wshadow, rust-strict)
494 runs-on: ubuntu-latest
496 needs: [prepare-deps, prepare-cbindgen]
500 - name: Cache cargo registry
501 uses: actions/cache@v1
503 path: ~/.cargo/registry
525 libnetfilter_queue-devel \
541 - uses: actions/checkout@v2
542 - uses: actions/download-artifact@v2
546 - name: Setup cbindgen
548 mkdir -p $HOME/.cargo/bin
549 cp prep/cbindgen $HOME/.cargo/bin
550 chmod 755 $HOME/.cargo/bin/cbindgen
551 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
552 - run: tar xf prep/libhtp.tar.gz
554 - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict
556 LDFLAGS: "-fsanitize=address"
557 ac_cv_func_realloc_0_nonnull: "yes"
558 ac_cv_func_malloc_0_nonnull: "yes"
560 - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
561 - name: Extracting suricata-verify
562 run: tar xf prep/suricata-verify.tar.gz
563 - name: Running suricata-verify
564 run: python3 ./suricata-verify/run.py -q
566 fedora-34-no-jansson:
567 name: Fedora 34 (no jansson)
568 runs-on: ubuntu-latest
570 needs: [prepare-deps, prepare-cbindgen]
574 - name: Cache cargo registry
575 uses: actions/cache@v1
577 path: ~/.cargo/registry
597 libnetfilter_queue-devel \
613 - uses: actions/checkout@v2
614 - uses: actions/download-artifact@v2
618 - run: tar xf prep/libhtp.tar.gz
619 - name: Setup cbindgen
621 mkdir -p $HOME/.cargo/bin
622 cp prep/cbindgen $HOME/.cargo/bin
623 chmod 755 $HOME/.cargo/bin/cbindgen
624 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
628 echo "error: configure should have failed"
635 name: Ubuntu 20.04 (suricata verify coverage)
636 runs-on: ubuntu-latest
637 container: ubuntu:20.04
638 needs: [prepare-deps, prepare-cbindgen]
640 - name: Install dependencies
660 libnetfilter-queue-dev \
661 libnetfilter-queue1 \
668 libevent-pthreads-2.1-7 \
675 software-properties-common \
680 - uses: actions/checkout@v2
681 - uses: actions/download-artifact@v2
685 - run: tar xf prep/libhtp.tar.gz
686 - name: Setup cbindgen
688 mkdir -p $HOME/.cargo/bin
689 cp prep/cbindgen $HOME/.cargo/bin
690 chmod 755 $HOME/.cargo/bin/cbindgen
691 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
693 - run: CFLAGS="${DEFAULT_CFLAGS} -fprofile-arcs -ftest-coverage -O0 -ggdb" ./configure
695 - name: Extracting suricata-verify
696 run: tar xf prep/suricata-verify.tar.gz
697 - name: Running suricata-verify
698 run: python3 ./suricata-verify/run.py -q
705 - name: Upload coverage to Codecov
706 uses: codecov/codecov-action@v1
708 flags: suricata-verify
711 name: Ubuntu 20.04 (unittests coverage)
712 runs-on: ubuntu-latest
713 container: ubuntu:20.04
714 needs: [prepare-deps, prepare-cbindgen]
716 - name: Install dependencies
735 libnetfilter-queue-dev \
736 libnetfilter-queue1 \
743 libevent-pthreads-2.1-7 \
750 software-properties-common \
755 - uses: actions/checkout@v2
756 - uses: actions/download-artifact@v2
760 - run: tar xf prep/libhtp.tar.gz
761 - name: Setup cbindgen
763 mkdir -p $HOME/.cargo/bin
764 cp prep/cbindgen $HOME/.cargo/bin
765 chmod 755 $HOME/.cargo/bin/cbindgen
766 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
768 - run: CFLAGS="${DEFAULT_CFLAGS} -fprofile-arcs -ftest-coverage -O0 -ggdb" ./configure --enable-unittests
770 - run: ./src/suricata -u -l /tmp/
777 - name: Upload coverage to Codecov
778 uses: codecov/codecov-action@v1
782 ubuntu-20-04-cov-fuzz:
783 name: Ubuntu 20.04 (fuzz corpus coverage)
784 runs-on: ubuntu-latest
785 container: ubuntu:20.04
786 needs: [prepare-deps, prepare-cbindgen]
788 - name: Install dependencies
810 libnetfilter-queue-dev \
811 libnetfilter-queue1 \
818 libevent-pthreads-2.1-7 \
825 software-properties-common \
833 - uses: actions/checkout@v2
834 - uses: actions/download-artifact@v2
838 - run: tar xf prep/libhtp.tar.gz
839 - name: Setup cbindgen
841 mkdir -p $HOME/.cargo/bin
842 cp prep/cbindgen $HOME/.cargo/bin
843 chmod 755 $HOME/.cargo/bin/cbindgen
844 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
846 - run: LIB_FUZZING_ENGINE="fail_to_onefile_driver" CC=clang-10 CXX=clang++-10 CFLAGS="-fprofile-arcs -ftest-coverage -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1" CXXFLAGS="-fprofile-arcs -ftest-coverage -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -stdlib=libc++" ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes ./configure --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect
848 - run: ./qa/run-ossfuzz-corpus.sh
852 llvm-cov-10 gcov -p *.c
853 - name: Upload coverage to Codecov
854 uses: codecov/codecov-action@v1
859 name: Ubuntu 20.04 (-DNDEBUG)
860 runs-on: ubuntu-latest
861 container: ubuntu:20.04
862 needs: [prepare-deps, prepare-cbindgen]
865 - name: Install dependencies
882 libnetfilter-queue-dev \
883 libnetfilter-queue1 \
889 libevent-pthreads-2.1-7 \
897 software-properties-common \
901 - uses: actions/checkout@v2
902 - uses: actions/download-artifact@v2
906 - run: tar xf prep/libhtp.tar.gz
907 - name: Setup cbindgen
909 mkdir -p $HOME/.cargo/bin
910 cp prep/cbindgen $HOME/.cargo/bin
911 chmod 755 $HOME/.cargo/bin/cbindgen
912 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
914 - run: CFLAGS="$DEFAULT_CFLAGS -DNDEBUG" ./configure --enable-unittests
918 - name: Extracting suricata-verify
919 run: tar xf prep/suricata-verify.tar.gz
920 - name: Running suricata-verify
921 run: python3 ./suricata-verify/run.py -q
922 # Now install and make sure headers and libraries aren't install
925 - run: test ! -e /usr/local/lib/libsuricata_c.a
926 - run: test ! -e /usr/local/include/suricata
927 - run: make install-headers
928 - run: test -e /usr/local/include/suricata/suricata.h
929 - run: make install-library
930 - run: test -e /usr/local/lib/libsuricata_c.a
931 - run: test -e /usr/local/lib/libsuricata_rust.a
932 - run: test -e /usr/local/bin/libsuricata-config
933 - run: test -e /usr/local/lib/libsuricata.so
934 - run: test -e /usr/local/lib/$(readlink /usr/local/lib/libsuricata.so)
936 ubuntu-20-04-too-old-rust:
937 name: Ubuntu 20.04 (unsupported rust)
938 runs-on: ubuntu-latest
939 container: ubuntu:20.04
942 - name: Install dependencies
956 libnetfilter-queue-dev \
957 libnetfilter-queue1 \
963 libevent-pthreads-2.1-7 \
969 software-properties-common \
972 - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.33.0 -y
973 - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
974 - name: Download suricata.tar.gz
975 uses: actions/download-artifact@v2
978 - run: tar zxvf suricata-*.tar.gz --strip-components=1
981 echo "error: configure should have failed"
987 ubuntu-18-04-debug-validation:
988 name: Ubuntu 18.04 (Debug Validation)
989 runs-on: ubuntu-18.04
990 container: ubuntu:18.04
991 needs: [prepare-deps, prepare-cbindgen]
995 - name: Cache cargo registry
996 uses: actions/cache@v1
998 path: ~/.cargo/registry
1001 - name: Install dependencies
1019 libnetfilter-queue-dev \
1020 libnetfilter-queue1 \
1026 libevent-pthreads-2.1.6 \
1033 software-properties-common \
1037 - uses: actions/checkout@v2
1038 - uses: actions/download-artifact@v2
1042 - run: tar xf prep/libhtp.tar.gz
1043 - name: Setup cbindgen
1045 mkdir -p $HOME/.cargo/bin
1046 cp prep/cbindgen $HOME/.cargo/bin
1047 chmod 755 $HOME/.cargo/bin/cbindgen
1048 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
1050 - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-debug-validation
1053 - name: Extracting suricata-verify
1054 run: tar xf prep/suricata-verify.tar.gz
1055 - name: Running suricata-verify
1056 run: python3 ./suricata-verify/run.py -q
1059 name: Ubuntu 18.04 (Cocci)
1060 runs-on: ubuntu-18.04
1061 container: ubuntu:18.04
1062 needs: [prepare-deps, prepare-cbindgen]
1066 - name: Cache cargo registry
1067 uses: actions/cache@v1
1069 path: ~/.cargo/registry
1072 - name: Install dependencies
1090 libnetfilter-queue-dev \
1091 libnetfilter-queue1 \
1097 libevent-pthreads-2.1.6 \
1105 software-properties-common \
1109 - name: Install packages for generating documentation
1111 DEBIAN_FRONTEND=noninteractive apt -y install \
1114 texlive-latex-base \
1115 texlive-fonts-recommended \
1116 texlive-fonts-extra \
1118 - name: Install Coccinelle
1120 add-apt-repository -y ppa:npalix/coccinelle
1121 apt -y install coccinelle
1122 - uses: actions/checkout@v2
1123 - uses: actions/download-artifact@v2
1127 - run: tar xf prep/libhtp.tar.gz
1128 - name: Setup cbindgen
1130 mkdir -p $HOME/.cargo/bin
1131 cp prep/cbindgen $HOME/.cargo/bin
1132 chmod 755 $HOME/.cargo/bin/cbindgen
1133 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
1135 - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-coccinelle
1138 - name: Running unit tests and cocci checks
1139 # Set the concurrency level for cocci.
1140 run: CONCURRENCY_LEVEL=2 make check
1142 - name: Checking that documentation was built
1144 test -e doc/devguide/devguide.pdf
1145 test -e doc/userguide/userguide.pdf
1146 test -e doc/userguide/suricata.1
1147 - name: Extracting suricata-verify
1148 run: tar xf prep/suricata-verify.tar.gz
1149 - name: Running suricata-verify
1150 run: python3 ./suricata-verify/run.py -q
1152 # test build with afl and fuzztargets
1154 name: Ubuntu 18.04 (Fuzz)
1155 runs-on: ubuntu-18.04
1156 container: ubuntu:18.04
1157 needs: [prepare-deps, prepare-cbindgen]
1161 - name: Cache cargo registry
1162 uses: actions/cache@v1
1164 path: ~/.cargo/registry
1167 - name: Install dependencies
1186 libnetfilter-queue-dev \
1187 libnetfilter-queue1 \
1196 software-properties-common \
1199 - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
1200 - uses: actions/checkout@v2
1201 - uses: actions/download-artifact@v2
1205 - run: tar xf prep/libhtp.tar.gz
1206 - name: Setup cbindgen
1208 mkdir -p $HOME/.cargo/bin
1209 cp prep/cbindgen $HOME/.cargo/bin
1210 chmod 755 $HOME/.cargo/bin/cbindgen
1211 echo "$HOME/.cargo/bin" >> $GITHUB_PATH
1213 - run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ LDFLAGS="-fsanitize=address" ./configure --enable-fuzztargets --disable-shared
1214 - run: AFL_HARDEN=1 make -j2
1216 # An Ubuntu 16.04 build using the tarball generated in the CentOS 8
1220 runs-on: ubuntu-latest
1221 container: ubuntu:16.04
1224 - name: Install dependencies
1237 libnetfilter-queue-dev \
1238 libnetfilter-queue1 \
1249 - name: Install Rust
1250 run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain ${RUST_VERSION_MIN} -y
1251 - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
1252 - name: Download suricata.tar.gz
1253 uses: actions/download-artifact@v2
1257 run: tar zxvf suricata-*.tar.gz --strip-components=1
1259 run: CFLAGS="${DEFAULT_CFLAGS}" ./configure
1265 - run: make install-conf
1266 - run: make install-rules
1270 runs-on: ubuntu-latest
1271 container: debian:10
1272 needs: [prepare-deps, prepare-cbindgen]
1275 - name: Cache cargo registry
1276 uses: actions/cache@v1
1278 path: ~/.cargo/registry
1316 - name: Install Rust
1317 run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y
1318 - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
1319 - uses: actions/checkout@v2
1320 - uses: actions/download-artifact@v2
1324 - run: tar xf prep/libhtp.tar.gz
1325 - run: tar xf prep/suricata-update.tar.gz
1326 - name: Setup cbindgen
1328 mkdir -p $HOME/.cargo/bin
1329 cp prep/cbindgen $HOME/.cargo/bin
1330 chmod 755 $HOME/.cargo/bin/cbindgen
1332 - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-fuzztargets --enable-ebpf --enable-ebpf-build
1335 - run: tar xf prep/suricata-verify.tar.gz
1336 - name: Running suricata-verify
1337 run: python3 ./suricata-verify/run.py -q
1341 runs-on: ubuntu-latest
1343 needs: [prepare-deps, prepare-cbindgen]
1377 - name: Install Rust
1378 run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y
1379 - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
1380 - uses: actions/checkout@v2
1381 - uses: actions/download-artifact@v2
1385 - run: tar xf prep/libhtp.tar.gz
1386 - run: tar xf prep/suricata-update.tar.gz
1387 - name: Setup cbindgen
1389 mkdir -p $HOME/.cargo/bin
1390 cp prep/cbindgen $HOME/.cargo/bin
1391 chmod 755 $HOME/.cargo/bin/cbindgen
1393 - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests
1396 - run: tar xf prep/suricata-verify.tar.gz
1397 - name: Running suricata-verify
1398 run: python3 ./suricata-verify/run.py -q
1402 # use 10.15 for now. Build fails on macos-11 (aka macos-latest)
1403 runs-on: macos-10.15
1404 needs: [prepare-deps]
1407 - name: Cache cargo registry
1408 uses: actions/cache@v1
1410 path: ~/.cargo/registry
1429 - name: Install cbindgen
1430 run: cargo install --force --debug --version 0.14.1 cbindgen
1431 - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
1432 - run: pip3 install PyYAML
1433 - uses: actions/checkout@v2
1434 - name: Downloading prep archive
1435 uses: actions/download-artifact@v2
1439 - run: tar xvf prep/libhtp.tar.gz
1441 - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests
1444 - run: tar xf prep/suricata-verify.tar.gz
1445 - name: Running suricata-verify
1446 run: python3 ./suricata-verify/run.py -q
1448 windows-msys2-mingw64:
1449 name: Windows MSYS2 MINGW64
1450 runs-on: windows-latest
1451 needs: [prepare-deps]
1456 - uses: actions/checkout@v2
1457 - uses: msys2/setup-msys2@v2
1461 install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2
1462 # hack: install our own cbindgen system wide as we can't get the
1463 # preinstalled one to be picked up by configure
1465 run: cargo install --root /usr --force --debug --version 0.14.1 cbindgen
1466 - uses: actions/checkout@v2
1467 - uses: actions/download-artifact@v2
1471 - run: tar xf prep/libhtp.tar.gz
1472 - run: tar xf prep/suricata-update.tar.gz
1475 curl -s -O https://nmap.org/npcap/dist/npcap-1.00.exe
1476 7z -y x -o/npcap-bin npcap-1.00.exe
1477 # hack: place dlls in cwd
1478 cp /npcap-bin/*.dll .
1481 curl -s -O https://nmap.org/npcap/dist/npcap-sdk-1.06.zip
1482 unzip npcap-sdk-1.06.zip -d /npcap
1483 cp /npcap/Lib/x64/* /usr/lib/
1484 - run: tar xf prep/suricata-verify.tar.gz
1488 CFLAGS="-ggdb -Werror" ./configure --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64
1492 ./src/suricata --build-info
1493 ./src/suricata -u -l /tmp/
1494 # need cwd in path due to npcap dlls (see above)
1495 PATH="$PATH:$(pwd)" python3 ./suricata-verify/run.py -q