]>
Commit | Line | Data |
---|---|---|
3887f8d1 JI |
1 | name: builds |
2 | ||
3 | on: | |
4 | - push | |
5 | - pull_request | |
6 | ||
ced66563 JI |
7 | env: |
8 | DEFAULT_LIBHTP_REPO: https://github.com/OISF/libhtp | |
9 | DEFAULT_LIBHTP_BRANCH: 0.5.x | |
7d22993a JI |
10 | DEFAULT_LIBHTP_PR: |
11 | ||
ced66563 JI |
12 | DEFAULT_SU_REPO: https://github.com/OISF/suricata-update |
13 | DEFAULT_SU_BRANCH: master | |
7d22993a JI |
14 | DEFAULT_SU_PR: |
15 | ||
ced66563 JI |
16 | DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify |
17 | DEFAULT_SV_BRANCH: master | |
7d22993a | 18 | DEFAULT_SV_PR: |
ced66563 | 19 | |
1ec6307d JI |
20 | DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function" |
21 | ||
dfbd38e8 JI |
22 | # Apt sometimes likes to ask for user input, this will prevent that. |
23 | DEBIAN_FRONTEND: "noninteractive" | |
24 | ||
f629321d SD |
25 | # A recent version of stable Rust that is known to pass build, test and other |
26 | # verification steps in this workflow. This was added because using "stable" | |
27 | # could cause some steps to fail. | |
28 | RUST_VERSION_KNOWN: "1.49.0" | |
cb963f86 | 29 | |
37eff69a JI |
30 | # The minimum version of Rust supported. |
31 | RUST_VERSION_MIN: "1.41.1" | |
32 | ||
3887f8d1 JI |
33 | jobs: |
34 | ||
1f1a7651 JI |
35 | prepare-deps: |
36 | name: Prepare dependencies | |
ced66563 JI |
37 | runs-on: ubuntu-latest |
38 | steps: | |
1f1a7651 JI |
39 | - name: Cache ~/.cargo |
40 | uses: actions/cache@v1 | |
41 | with: | |
42 | path: ~/.cargo | |
43 | key: cargo | |
ced66563 JI |
44 | - run: sudo apt update && sudo apt -y install jq curl |
45 | - name: Parse repo and branch information | |
46 | env: | |
47 | # We fetch the actual pull request to get the latest body as | |
48 | # github.event.pull_request.body has the body from the | |
49 | # initial pull request. | |
50 | PR_HREF: ${{ github.event.pull_request._links.self.href }} | |
51 | run: | | |
52 | if test "${PR_HREF}"; then | |
d2c8c9f5 JL |
53 | body=$(curl -s "${PR_HREF}" | jq -r .body | tr -d '\r') |
54 | ||
ced66563 JI |
55 | libhtp_repo=$(echo "${body}" | awk '/^libhtp-repo/ { print $2 }') |
56 | libhtp_branch=$(echo "${body}" | awk '/^libhtp-branch/ { print $2 }') | |
7d22993a JI |
57 | libhtp_pr=$(echo "${body}" | awk '/^libhtp-pr/ { print $2 }') |
58 | ||
ced66563 JI |
59 | su_repo=$(echo "${body}" | awk '/^suricata-update-repo/ { print $2 }') |
60 | su_branch=$(echo "${body}" | awk '/^suricata-update-branch/ { print $2 }') | |
7d22993a JI |
61 | su_pr=$(echo "${body}" | awk '/^suricata-update-pr/ { print $2 }') |
62 | ||
ced66563 JI |
63 | sv_repo=$(echo "${body}" | awk '/^suricata-verify-repo/ { print $2 }') |
64 | sv_branch=$(echo "${body}" | awk '/^suricata-verify-branch/ { print $2 }') | |
7d22993a | 65 | sv_pr=$(echo "${body}" | awk '/^suricata-verify-pr/ { print $2 }') |
ced66563 | 66 | fi |
2ede7361 JI |
67 | echo "libhtp_repo=${libhtp_repo:-${DEFAULT_LIBHTP_REPO}}" >> $GITHUB_ENV |
68 | echo "libhtp_branch=${libhtp_branch:-${DEFAULT_LIBHTP_BRANCH}}" >> $GITHUB_ENV | |
69 | echo "libhtp_pr=${libhtp_pr:-${DEFAULT_LIBHTP_PR}}" >> $GITHUB_ENV | |
7d22993a | 70 | |
2ede7361 JI |
71 | echo "su_repo=${su_repo:-${DEFAULT_SU_REPO}}" >> $GITHUB_ENV |
72 | echo "su_branch=${su_branch:-${DEFAULT_SU_BRANCH}}" >> $GITHUB_ENV | |
73 | echo "su_pr=${su_pr:-${DEFAULT_SU_PR}}" >> $GITHUB_ENV | |
7d22993a | 74 | |
2ede7361 JI |
75 | echo "sv_repo=${sv_repo:-${DEFAULT_SV_REPO}}" >> $GITHUB_ENV |
76 | echo "sv_branch=${sv_branch:-${DEFAULT_SV_BRANCH}}" >> $GITHUB_ENV | |
77 | echo "sv_pr=${sv_pr:-${DEFAULT_SV_PR}}" >> $GITHUB_ENV | |
ced66563 JI |
78 | - name: Fetching libhtp |
79 | run: | | |
7d22993a JI |
80 | git clone --depth 1 ${libhtp_repo} -b ${libhtp_branch} libhtp |
81 | if [[ "${libhtp_pr}" != "" ]]; then | |
82 | cd libhtp | |
3a3a9e13 | 83 | git fetch origin pull/${libhtp_pr}/head:prep |
7d22993a JI |
84 | git checkout prep |
85 | cd .. | |
86 | fi | |
ced66563 | 87 | tar zcf libhtp.tar.gz libhtp |
ced66563 JI |
88 | - name: Fetching suricata-update |
89 | run: | | |
7d22993a JI |
90 | git clone --depth 1 ${su_repo} -b ${su_branch} suricata-update |
91 | if [[ "${su_pr}" != "" ]]; then | |
92 | cd suricata-update | |
93 | git fetch origin pull/${su_pr}/head:prep | |
94 | git checkout prep | |
95 | cd .. | |
96 | fi | |
ced66563 | 97 | tar zcf suricata-update.tar.gz suricata-update |
ced66563 JI |
98 | - name: Fetching suricata-verify |
99 | run: | | |
3e81d20a | 100 | git clone ${sv_repo} -b ${sv_branch} suricata-verify |
7d22993a JI |
101 | if [[ "${sv_pr}" != "" ]]; then |
102 | cd suricata-verify | |
103 | git fetch origin pull/${sv_pr}/head:prep | |
104 | git checkout prep | |
7fa3e8df PA |
105 | git config --global user.email you@example.com |
106 | git config --global user.name You | |
3e81d20a | 107 | git rebase ${DEFAULT_SV_BRANCH} |
7d22993a JI |
108 | cd .. |
109 | fi | |
ced66563 | 110 | tar zcf suricata-verify.tar.gz suricata-verify |
1f1a7651 JI |
111 | - name: Cleaning up |
112 | run: rm -rf libhtp suricata-update suricata-verify | |
113 | - name: Uploading prep archive | |
114 | uses: actions/upload-artifact@v2 | |
115 | with: | |
116 | name: prep | |
117 | path: . | |
118 | ||
119 | prepare-cbindgen: | |
120 | name: Prepare cbindgen | |
121 | runs-on: ubuntu-latest | |
122 | steps: | |
123 | - name: Cache ~/.cargo | |
124 | uses: actions/cache@v1 | |
125 | with: | |
126 | path: ~/.cargo | |
127 | key: cbindgen | |
128 | - name: Installing Rust | |
129 | run: | | |
130 | curl https://sh.rustup.rs -sSf | sh -s -- -y | |
131 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
132 | rustup target add x86_64-unknown-linux-musl | |
133 | - name: Buliding static cbindgen for Linux | |
134 | run: | | |
135 | cargo install --target x86_64-unknown-linux-musl --debug cbindgen | |
136 | cp $HOME/.cargo/bin/cbindgen . | |
137 | - name: Uploading prep archive | |
138 | uses: actions/upload-artifact@v2 | |
ced66563 JI |
139 | with: |
140 | name: prep | |
141 | path: . | |
142 | ||
3887f8d1 JI |
143 | centos-8: |
144 | name: CentOS 8 | |
145 | runs-on: ubuntu-latest | |
146 | container: centos:8 | |
1f1a7651 | 147 | needs: [prepare-deps, prepare-cbindgen] |
3887f8d1 | 148 | steps: |
3887f8d1 JI |
149 | # Cache Rust stuff. |
150 | - name: Cache cargo registry | |
151 | uses: actions/cache@v1 | |
152 | with: | |
153 | path: ~/.cargo/registry | |
154 | key: cargo-registry | |
155 | ||
ced66563 JI |
156 | - uses: actions/checkout@v2 |
157 | ||
bb7f80ef JI |
158 | # Prebuild check for duplicat SIDs |
159 | - name: Check for duplicate SIDs | |
160 | run: | | |
161 | dups=$(sed -n 's/^alert.*sid:\([[:digit:]]*\);.*/\1/p' ./rules/*.rules|sort|uniq -d|tr '\n' ' ') | |
162 | if [[ "${dups}" != "" ]]; then | |
163 | echo "::error::Duplicate SIDs found:${dups}" | |
164 | exit 1 | |
165 | fi | |
166 | ||
ced66563 JI |
167 | # Download and extract dependency archives created during prep |
168 | # job. | |
169 | - uses: actions/download-artifact@v2 | |
170 | with: | |
171 | name: prep | |
172 | path: prep | |
173 | - run: tar xvf prep/libhtp.tar.gz | |
174 | - run: tar xvf prep/suricata-update.tar.gz | |
175 | - run: tar xvf prep/suricata-verify.tar.gz | |
1f1a7651 JI |
176 | - name: Setup cbindgen |
177 | run: | | |
178 | mkdir -p $HOME/.cargo/bin | |
179 | cp prep/cbindgen $HOME/.cargo/bin | |
180 | chmod 755 $HOME/.cargo/bin/cbindgen | |
181 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
3887f8d1 JI |
182 | - name: Install system packages |
183 | run: | | |
184 | yum -y install dnf-plugins-core | |
f09536a9 | 185 | yum config-manager --set-enabled powertools |
3887f8d1 JI |
186 | yum -y install \ |
187 | autoconf \ | |
188 | automake \ | |
189 | cargo-vendor \ | |
190 | diffutils \ | |
191 | file-devel \ | |
192 | gcc \ | |
193 | gcc-c++ \ | |
194 | git \ | |
195 | jansson-devel \ | |
196 | jq \ | |
197 | lua-devel \ | |
198 | libtool \ | |
199 | libyaml-devel \ | |
200 | libnfnetlink-devel \ | |
201 | libnetfilter_queue-devel \ | |
202 | libnet-devel \ | |
203 | libcap-ng-devel \ | |
204 | libevent-devel \ | |
205 | libmaxminddb-devel \ | |
206 | libpcap-devel \ | |
207 | libtool \ | |
208 | lz4-devel \ | |
209 | make \ | |
210 | nss-devel \ | |
acb1ab08 | 211 | pcre2-devel \ |
3887f8d1 JI |
212 | pkgconfig \ |
213 | python3-devel \ | |
214 | python3-sphinx \ | |
215 | python3-yaml \ | |
216 | rust-toolset \ | |
217 | sudo \ | |
218 | which \ | |
219 | zlib-devel | |
220 | # These packages required to build the PDF. | |
221 | yum -y install \ | |
222 | texlive-latex \ | |
223 | texlive-cmap \ | |
224 | texlive-collection-latexrecommended \ | |
225 | texlive-fncychap \ | |
226 | texlive-titlesec \ | |
227 | texlive-tabulary \ | |
228 | texlive-framed \ | |
229 | texlive-wrapfig \ | |
230 | texlive-upquote \ | |
231 | texlive-capt-of \ | |
232 | texlive-needspace \ | |
3887f8d1 JI |
233 | - name: Configuring |
234 | run: | | |
235 | ./autogen.sh | |
8b38db4a | 236 | CFLAGS="${DEFAULT_CFLAGS}" ./configure |
211b193e JI |
237 | - run: make -j2 distcheck |
238 | env: | |
239 | DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks" | |
240 | - run: test -e doc/userguide/suricata.1 | |
5d0d6302 JI |
241 | - name: Building Rust documentation |
242 | run: make doc | |
243 | working-directory: rust | |
211b193e | 244 | - name: Preparing distribution |
3887f8d1 | 245 | run: | |
3887f8d1 JI |
246 | mkdir dist |
247 | mv suricata-*.tar.gz dist | |
248 | - uses: actions/upload-artifact@v1 | |
249 | name: Uploading distribution | |
250 | with: | |
251 | name: dist | |
252 | path: dist | |
253 | ||
254 | centos-7: | |
255 | name: CentOS 7 | |
256 | runs-on: ubuntu-latest | |
257 | container: centos:7 | |
82ecf64f | 258 | needs: [prepare-deps, centos-8] |
3887f8d1 JI |
259 | steps: |
260 | - name: Install system dependencies | |
261 | run: | | |
262 | yum -y install epel-release | |
263 | yum -y install \ | |
0de0c60c JI |
264 | autoconf \ |
265 | automake \ | |
3887f8d1 JI |
266 | cargo \ |
267 | diffutils \ | |
268 | file-devel \ | |
269 | gcc \ | |
270 | gcc-c++ \ | |
271 | jansson-devel \ | |
272 | jq \ | |
273 | lua-devel \ | |
274 | libtool \ | |
275 | libyaml-devel \ | |
276 | libnfnetlink-devel \ | |
277 | libnetfilter_queue-devel \ | |
278 | libnet-devel \ | |
279 | libcap-ng-devel \ | |
280 | libevent-devel \ | |
281 | libmaxminddb-devel \ | |
282 | libpcap-devel \ | |
283 | lz4-devel \ | |
284 | make \ | |
285 | nss-devel \ | |
acb1ab08 | 286 | pcre2-devel \ |
3887f8d1 | 287 | pkgconfig \ |
82ecf64f | 288 | python36-PyYAML \ |
3887f8d1 JI |
289 | rust \ |
290 | sudo \ | |
291 | which \ | |
292 | zlib-devel | |
293 | - name: Download suricata.tar.gz | |
ced66563 | 294 | uses: actions/download-artifact@v2 |
3887f8d1 JI |
295 | with: |
296 | name: dist | |
ced66563 | 297 | - run: tar zxvf suricata-*.tar.gz --strip-components=1 |
0de0c60c JI |
298 | # This isn't really needed as we are building from a prepared |
299 | # package, but some package managers like RPM and Debian like to | |
300 | # run this command even on prepared packages, so make sure it | |
301 | # works. | |
302 | - name: Test autoreconf | |
303 | run: autoreconf -fv --install | |
8b38db4a | 304 | - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure |
83630015 JI |
305 | - run: make -j2 |
306 | - run: make install | |
307 | - run: make install-conf | |
308 | - run: make distcheck | |
0a1d2fce JI |
309 | - run: make clean |
310 | - run: make -j2 | |
82ecf64f JI |
311 | - uses: actions/download-artifact@v2 |
312 | with: | |
313 | name: prep | |
314 | path: prep | |
315 | - run: tar xf prep/suricata-verify.tar.gz | |
bfac4ff4 | 316 | - run: python3 ./suricata-verify/run.py -q |
3887f8d1 | 317 | |
7be793f7 CT |
318 | fedora-35: |
319 | name: Fedora 35 (debug, clang, asan, wshadow, rust-strict) | |
320 | runs-on: ubuntu-latest | |
321 | container: fedora:35 | |
322 | needs: [prepare-deps, prepare-cbindgen] | |
323 | steps: | |
324 | ||
325 | # Cache Rust stuff. | |
326 | - name: Cache cargo registry | |
327 | uses: actions/cache@v1 | |
328 | with: | |
329 | path: ~/.cargo/registry | |
330 | key: cargo-registry | |
331 | ||
332 | - run: | | |
333 | dnf -y install \ | |
334 | autoconf \ | |
335 | automake \ | |
336 | cargo \ | |
337 | ccache \ | |
338 | clang \ | |
339 | diffutils \ | |
340 | file-devel \ | |
341 | gcc \ | |
342 | gcc-c++ \ | |
343 | git \ | |
344 | hiredis-devel \ | |
345 | jansson-devel \ | |
346 | jq \ | |
347 | lua-devel \ | |
348 | libasan \ | |
349 | libtool \ | |
350 | libyaml-devel \ | |
351 | libnfnetlink-devel \ | |
352 | libnetfilter_queue-devel \ | |
353 | libnet-devel \ | |
354 | libcap-ng-devel \ | |
355 | libevent-devel \ | |
356 | libmaxminddb-devel \ | |
357 | libpcap-devel \ | |
358 | libtool \ | |
359 | lz4-devel \ | |
360 | make \ | |
361 | nss-softokn-devel \ | |
362 | pcre2-devel \ | |
363 | pkgconfig \ | |
364 | python3-yaml \ | |
365 | sudo \ | |
366 | which \ | |
367 | zlib-devel | |
368 | - uses: actions/checkout@v2 | |
369 | - uses: actions/download-artifact@v2 | |
370 | with: | |
371 | name: prep | |
372 | path: prep | |
373 | - run: tar xf prep/libhtp.tar.gz | |
374 | - name: Setup cbindgen | |
375 | run: | | |
376 | mkdir -p $HOME/.cargo/bin | |
377 | cp prep/cbindgen $HOME/.cargo/bin | |
378 | chmod 755 $HOME/.cargo/bin/cbindgen | |
379 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
380 | - run: ./autogen.sh | |
381 | - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis | |
382 | env: | |
383 | LDFLAGS: "-fsanitize=address" | |
384 | ac_cv_func_realloc_0_nonnull: "yes" | |
385 | ac_cv_func_malloc_0_nonnull: "yes" | |
386 | - run: make -j2 | |
387 | - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . | |
388 | - name: Extracting suricata-verify | |
389 | run: tar xf prep/suricata-verify.tar.gz | |
390 | - name: Running suricata-verify | |
391 | run: python3 ./suricata-verify/run.py -q | |
392 | # Now install and make sure headers and libraries aren't install | |
393 | # until requested. | |
394 | - run: make install | |
395 | - run: test ! -e /usr/local/lib/libsuricata_c.a | |
396 | - run: test ! -e /usr/local/include/suricata | |
397 | - run: make install-headers | |
398 | - run: test -e /usr/local/include/suricata/suricata.h | |
399 | - run: make install-library | |
400 | - run: test -e /usr/local/lib/libsuricata_c.a | |
401 | - run: test -e /usr/local/lib/libsuricata_rust.a | |
402 | - run: test -e /usr/local/bin/libsuricata-config | |
403 | - run: test ! -e /usr/local/lib/libsuricata.so | |
404 | ||
a480ec2b JI |
405 | fedora-34: |
406 | name: Fedora 34 (debug, clang, asan, wshadow, rust-strict) | |
42196e93 | 407 | runs-on: ubuntu-latest |
a480ec2b | 408 | container: fedora:34 |
1f1a7651 | 409 | needs: [prepare-deps, prepare-cbindgen] |
42196e93 JI |
410 | steps: |
411 | ||
412 | # Cache Rust stuff. | |
413 | - name: Cache cargo registry | |
414 | uses: actions/cache@v1 | |
415 | with: | |
416 | path: ~/.cargo/registry | |
417 | key: cargo-registry | |
418 | ||
419 | - run: | | |
420 | dnf -y install \ | |
421 | autoconf \ | |
422 | automake \ | |
423 | cargo \ | |
424 | ccache \ | |
425 | clang \ | |
426 | diffutils \ | |
427 | file-devel \ | |
428 | gcc \ | |
429 | gcc-c++ \ | |
430 | git \ | |
def63638 | 431 | hiredis-devel \ |
42196e93 JI |
432 | jansson-devel \ |
433 | jq \ | |
434 | lua-devel \ | |
435 | libasan \ | |
436 | libtool \ | |
437 | libyaml-devel \ | |
438 | libnfnetlink-devel \ | |
439 | libnetfilter_queue-devel \ | |
440 | libnet-devel \ | |
441 | libcap-ng-devel \ | |
442 | libevent-devel \ | |
443 | libmaxminddb-devel \ | |
444 | libpcap-devel \ | |
445 | libtool \ | |
446 | lz4-devel \ | |
447 | make \ | |
42196e93 | 448 | nss-softokn-devel \ |
acb1ab08 | 449 | pcre2-devel \ |
42196e93 JI |
450 | pkgconfig \ |
451 | python3-yaml \ | |
452 | sudo \ | |
453 | which \ | |
454 | zlib-devel | |
42196e93 JI |
455 | - uses: actions/checkout@v2 |
456 | - uses: actions/download-artifact@v2 | |
457 | with: | |
458 | name: prep | |
459 | path: prep | |
460 | - run: tar xf prep/libhtp.tar.gz | |
1f1a7651 JI |
461 | - name: Setup cbindgen |
462 | run: | | |
463 | mkdir -p $HOME/.cargo/bin | |
464 | cp prep/cbindgen $HOME/.cargo/bin | |
465 | chmod 755 $HOME/.cargo/bin/cbindgen | |
466 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
42196e93 | 467 | - run: ./autogen.sh |
743fb12a | 468 | - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer -Wimplicit-int-float-conversion" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis |
42196e93 | 469 | env: |
325096a0 | 470 | LDFLAGS: "-fsanitize=address" |
42196e93 JI |
471 | ac_cv_func_realloc_0_nonnull: "yes" |
472 | ac_cv_func_malloc_0_nonnull: "yes" | |
473 | - run: make -j2 | |
474 | - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . | |
475 | - name: Extracting suricata-verify | |
476 | run: tar xf prep/suricata-verify.tar.gz | |
477 | - name: Running suricata-verify | |
bfac4ff4 | 478 | run: python3 ./suricata-verify/run.py -q |
93ce39d4 JI |
479 | # Now install and make sure headers and libraries aren't install |
480 | # until requested. | |
481 | - run: make install | |
482 | - run: test ! -e /usr/local/lib/libsuricata_c.a | |
483 | - run: test ! -e /usr/local/include/suricata | |
484 | - run: make install-headers | |
485 | - run: test -e /usr/local/include/suricata/suricata.h | |
486 | - run: make install-library | |
487 | - run: test -e /usr/local/lib/libsuricata_c.a | |
488 | - run: test -e /usr/local/lib/libsuricata_rust.a | |
489 | - run: test -e /usr/local/bin/libsuricata-config | |
490 | - run: test ! -e /usr/local/lib/libsuricata.so | |
42196e93 | 491 | |
a480ec2b JI |
492 | fedora-33: |
493 | name: Fedora 33 (debug, clang, asan, wshadow, rust-strict) | |
1ec6307d | 494 | runs-on: ubuntu-latest |
a480ec2b | 495 | container: fedora:33 |
1f1a7651 | 496 | needs: [prepare-deps, prepare-cbindgen] |
1ec6307d JI |
497 | steps: |
498 | ||
499 | # Cache Rust stuff. | |
500 | - name: Cache cargo registry | |
501 | uses: actions/cache@v1 | |
502 | with: | |
503 | path: ~/.cargo/registry | |
504 | key: cargo-registry | |
505 | ||
506 | - run: | | |
507 | dnf -y install \ | |
508 | autoconf \ | |
509 | automake \ | |
510 | cargo \ | |
511 | ccache \ | |
512 | clang \ | |
513 | diffutils \ | |
514 | file-devel \ | |
515 | gcc \ | |
516 | gcc-c++ \ | |
517 | git \ | |
518 | jansson-devel \ | |
519 | jq \ | |
520 | lua-devel \ | |
521 | libasan \ | |
522 | libtool \ | |
523 | libyaml-devel \ | |
524 | libnfnetlink-devel \ | |
525 | libnetfilter_queue-devel \ | |
526 | libnet-devel \ | |
527 | libcap-ng-devel \ | |
528 | libevent-devel \ | |
529 | libmaxminddb-devel \ | |
530 | libpcap-devel \ | |
531 | libtool \ | |
532 | lz4-devel \ | |
533 | make \ | |
1ec6307d | 534 | nss-softokn-devel \ |
acb1ab08 | 535 | pcre2-devel \ |
1ec6307d JI |
536 | pkgconfig \ |
537 | python3-yaml \ | |
538 | sudo \ | |
539 | which \ | |
540 | zlib-devel | |
1ec6307d JI |
541 | - uses: actions/checkout@v2 |
542 | - uses: actions/download-artifact@v2 | |
543 | with: | |
544 | name: prep | |
545 | path: prep | |
1f1a7651 JI |
546 | - name: Setup cbindgen |
547 | run: | | |
548 | mkdir -p $HOME/.cargo/bin | |
549 | cp prep/cbindgen $HOME/.cargo/bin | |
550 | chmod 755 $HOME/.cargo/bin/cbindgen | |
551 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
1ec6307d JI |
552 | - run: tar xf prep/libhtp.tar.gz |
553 | - run: ./autogen.sh | |
b698f66c | 554 | - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict |
1ec6307d | 555 | env: |
325096a0 | 556 | LDFLAGS: "-fsanitize=address" |
1ec6307d JI |
557 | ac_cv_func_realloc_0_nonnull: "yes" |
558 | ac_cv_func_malloc_0_nonnull: "yes" | |
559 | - run: make -j2 | |
560 | - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . | |
561 | - name: Extracting suricata-verify | |
562 | run: tar xf prep/suricata-verify.tar.gz | |
563 | - name: Running suricata-verify | |
bfac4ff4 | 564 | run: python3 ./suricata-verify/run.py -q |
1ec6307d | 565 | |
a480ec2b JI |
566 | fedora-34-no-jansson: |
567 | name: Fedora 34 (no jansson) | |
280ab657 | 568 | runs-on: ubuntu-latest |
a480ec2b | 569 | container: fedora:34 |
1f1a7651 | 570 | needs: [prepare-deps, prepare-cbindgen] |
280ab657 JI |
571 | steps: |
572 | ||
573 | # Cache Rust stuff. | |
574 | - name: Cache cargo registry | |
575 | uses: actions/cache@v1 | |
576 | with: | |
577 | path: ~/.cargo/registry | |
578 | key: cargo-registry | |
579 | ||
580 | - run: | | |
581 | dnf -y install \ | |
582 | autoconf \ | |
583 | automake \ | |
584 | cargo \ | |
585 | ccache \ | |
586 | clang \ | |
587 | diffutils \ | |
588 | file-devel \ | |
589 | gcc \ | |
590 | gcc-c++ \ | |
591 | git \ | |
592 | lua-devel \ | |
593 | libasan \ | |
594 | libtool \ | |
595 | libyaml-devel \ | |
596 | libnfnetlink-devel \ | |
597 | libnetfilter_queue-devel \ | |
598 | libnet-devel \ | |
599 | libcap-ng-devel \ | |
600 | libevent-devel \ | |
601 | libmaxminddb-devel \ | |
602 | libpcap-devel \ | |
603 | libtool \ | |
604 | lz4-devel \ | |
605 | make \ | |
280ab657 | 606 | nss-softokn-devel \ |
acb1ab08 | 607 | pcre2-devel \ |
280ab657 JI |
608 | pkgconfig \ |
609 | python3-yaml \ | |
610 | sudo \ | |
611 | which \ | |
612 | zlib-devel | |
280ab657 JI |
613 | - uses: actions/checkout@v2 |
614 | - uses: actions/download-artifact@v2 | |
615 | with: | |
616 | name: prep | |
617 | path: prep | |
618 | - run: tar xf prep/libhtp.tar.gz | |
1f1a7651 JI |
619 | - name: Setup cbindgen |
620 | run: | | |
621 | mkdir -p $HOME/.cargo/bin | |
622 | cp prep/cbindgen $HOME/.cargo/bin | |
623 | chmod 755 $HOME/.cargo/bin/cbindgen | |
624 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
280ab657 JI |
625 | - run: ./autogen.sh |
626 | - run: | | |
627 | if ./configure; then | |
628 | echo "error: configure should have failed" | |
629 | exit 1 | |
630 | else | |
631 | exit 0 | |
632 | fi | |
633 | ||
f0f57844 VJ |
634 | ubuntu-20-04-cov-sv: |
635 | name: Ubuntu 20.04 (suricata verify coverage) | |
dfbd38e8 JI |
636 | runs-on: ubuntu-latest |
637 | container: ubuntu:20.04 | |
1f1a7651 | 638 | needs: [prepare-deps, prepare-cbindgen] |
dfbd38e8 JI |
639 | steps: |
640 | - name: Install dependencies | |
641 | run: | | |
642 | apt update | |
643 | apt -y install \ | |
acb1ab08 | 644 | libpcre2-dev \ |
dfbd38e8 JI |
645 | build-essential \ |
646 | autoconf \ | |
647 | automake \ | |
f0f57844 | 648 | gcc-9 \ |
dfbd38e8 JI |
649 | git \ |
650 | jq \ | |
651 | libtool \ | |
652 | libpcap-dev \ | |
653 | libnet1-dev \ | |
654 | libyaml-0-2 \ | |
655 | libyaml-dev \ | |
656 | libcap-ng-dev \ | |
657 | libcap-ng0 \ | |
658 | libmagic-dev \ | |
ae29804a | 659 | libnet1-dev \ |
dfbd38e8 JI |
660 | libnetfilter-queue-dev \ |
661 | libnetfilter-queue1 \ | |
662 | libnfnetlink-dev \ | |
663 | libnfnetlink0 \ | |
664 | libhiredis-dev \ | |
f0f57844 | 665 | liblua5.1-dev \ |
dfbd38e8 JI |
666 | libjansson-dev \ |
667 | libevent-dev \ | |
668 | libevent-pthreads-2.1-7 \ | |
669 | libjansson-dev \ | |
670 | libpython2.7 \ | |
671 | make \ | |
672 | parallel \ | |
673 | python3-yaml \ | |
674 | rustc \ | |
675 | software-properties-common \ | |
676 | zlib1g \ | |
677 | zlib1g-dev \ | |
f0f57844 VJ |
678 | exuberant-ctags \ |
679 | curl | |
dfbd38e8 JI |
680 | - uses: actions/checkout@v2 |
681 | - uses: actions/download-artifact@v2 | |
682 | with: | |
683 | name: prep | |
684 | path: prep | |
685 | - run: tar xf prep/libhtp.tar.gz | |
1f1a7651 JI |
686 | - name: Setup cbindgen |
687 | run: | | |
688 | mkdir -p $HOME/.cargo/bin | |
689 | cp prep/cbindgen $HOME/.cargo/bin | |
690 | chmod 755 $HOME/.cargo/bin/cbindgen | |
691 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
dfbd38e8 | 692 | - run: ./autogen.sh |
f2e95174 | 693 | - run: CFLAGS="${DEFAULT_CFLAGS} -fprofile-arcs -ftest-coverage -O0 -ggdb" ./configure |
dfbd38e8 | 694 | - run: make -j2 |
dfbd38e8 JI |
695 | - name: Extracting suricata-verify |
696 | run: tar xf prep/suricata-verify.tar.gz | |
697 | - name: Running suricata-verify | |
bfac4ff4 | 698 | run: python3 ./suricata-verify/run.py -q |
f0f57844 VJ |
699 | - name: Gcov |
700 | run: | | |
701 | cd src | |
711cfe56 | 702 | gcov-9 -p *.[ch] |
f0f57844 | 703 | cd ../libhtp/htp |
711cfe56 | 704 | gcov-9 -p *.[ch] |
f0f57844 VJ |
705 | - name: Upload coverage to Codecov |
706 | uses: codecov/codecov-action@v1 | |
707 | with: | |
708 | flags: suricata-verify | |
709 | ||
710 | ubuntu-20-04-cov-ut: | |
711 | name: Ubuntu 20.04 (unittests coverage) | |
712 | runs-on: ubuntu-latest | |
713 | container: ubuntu:20.04 | |
714 | needs: [prepare-deps, prepare-cbindgen] | |
715 | steps: | |
716 | - name: Install dependencies | |
717 | run: | | |
718 | apt update | |
719 | apt -y install \ | |
acb1ab08 | 720 | libpcre2-dev \ |
f0f57844 VJ |
721 | build-essential \ |
722 | autoconf \ | |
723 | automake \ | |
724 | gcc-9 \ | |
725 | git \ | |
726 | jq \ | |
727 | libtool \ | |
728 | libpcap-dev \ | |
729 | libnet1-dev \ | |
730 | libyaml-0-2 \ | |
731 | libyaml-dev \ | |
732 | libcap-ng-dev \ | |
733 | libcap-ng0 \ | |
734 | libmagic-dev \ | |
735 | libnetfilter-queue-dev \ | |
736 | libnetfilter-queue1 \ | |
737 | libnfnetlink-dev \ | |
738 | libnfnetlink0 \ | |
739 | libhiredis-dev \ | |
740 | liblua5.1-dev \ | |
741 | libjansson-dev \ | |
742 | libevent-dev \ | |
743 | libevent-pthreads-2.1-7 \ | |
744 | libjansson-dev \ | |
745 | libpython2.7 \ | |
746 | make \ | |
747 | parallel \ | |
748 | python3-yaml \ | |
749 | rustc \ | |
750 | software-properties-common \ | |
751 | zlib1g \ | |
752 | zlib1g-dev \ | |
753 | exuberant-ctags \ | |
754 | curl | |
755 | - uses: actions/checkout@v2 | |
756 | - uses: actions/download-artifact@v2 | |
757 | with: | |
758 | name: prep | |
759 | path: prep | |
760 | - run: tar xf prep/libhtp.tar.gz | |
761 | - name: Setup cbindgen | |
762 | run: | | |
763 | mkdir -p $HOME/.cargo/bin | |
764 | cp prep/cbindgen $HOME/.cargo/bin | |
765 | chmod 755 $HOME/.cargo/bin/cbindgen | |
766 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
767 | - run: ./autogen.sh | |
f2e95174 | 768 | - run: CFLAGS="${DEFAULT_CFLAGS} -fprofile-arcs -ftest-coverage -O0 -ggdb" ./configure --enable-unittests |
f0f57844 VJ |
769 | - run: make -j2 |
770 | - run: ./src/suricata -u -l /tmp/ | |
771 | - name: Gcov | |
772 | run: | | |
773 | cd src | |
711cfe56 | 774 | gcov-9 -p *.[ch] |
f0f57844 | 775 | cd ../libhtp/htp |
711cfe56 | 776 | gcov-9 -p *.[ch] |
f0f57844 VJ |
777 | - name: Upload coverage to Codecov |
778 | uses: codecov/codecov-action@v1 | |
779 | with: | |
780 | flags: unittests | |
dfbd38e8 | 781 | |
3ce05a35 VJ |
782 | ubuntu-20-04-cov-fuzz: |
783 | name: Ubuntu 20.04 (fuzz corpus coverage) | |
784 | runs-on: ubuntu-latest | |
785 | container: ubuntu:20.04 | |
786 | needs: [prepare-deps, prepare-cbindgen] | |
787 | steps: | |
788 | - name: Install dependencies | |
789 | run: | | |
790 | apt update | |
791 | apt -y install \ | |
acb1ab08 | 792 | libpcre2-dev \ |
3ce05a35 VJ |
793 | build-essential \ |
794 | autoconf \ | |
795 | automake \ | |
796 | llvm-10 \ | |
797 | clang-10 \ | |
798 | git \ | |
799 | jq \ | |
800 | libc++-dev \ | |
801 | libc++abi-dev \ | |
802 | libtool \ | |
803 | libpcap-dev \ | |
804 | libnet1-dev \ | |
805 | libyaml-0-2 \ | |
806 | libyaml-dev \ | |
807 | libcap-ng-dev \ | |
808 | libcap-ng0 \ | |
809 | libmagic-dev \ | |
810 | libnetfilter-queue-dev \ | |
811 | libnetfilter-queue1 \ | |
812 | libnfnetlink-dev \ | |
813 | libnfnetlink0 \ | |
814 | libhiredis-dev \ | |
815 | liblua5.1-dev \ | |
816 | libjansson-dev \ | |
817 | libevent-dev \ | |
818 | libevent-pthreads-2.1-7 \ | |
819 | libjansson-dev \ | |
820 | libpython2.7 \ | |
821 | make \ | |
822 | parallel \ | |
823 | python3-yaml \ | |
824 | rustc \ | |
825 | software-properties-common \ | |
826 | zlib1g \ | |
827 | zlib1g-dev \ | |
828 | exuberant-ctags \ | |
829 | unzip \ | |
830 | curl \ | |
7ca4b135 | 831 | time \ |
3ce05a35 VJ |
832 | wget |
833 | - uses: actions/checkout@v2 | |
834 | - uses: actions/download-artifact@v2 | |
835 | with: | |
836 | name: prep | |
837 | path: prep | |
838 | - run: tar xf prep/libhtp.tar.gz | |
839 | - name: Setup cbindgen | |
840 | run: | | |
841 | mkdir -p $HOME/.cargo/bin | |
842 | cp prep/cbindgen $HOME/.cargo/bin | |
843 | chmod 755 $HOME/.cargo/bin/cbindgen | |
844 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
845 | - run: ./autogen.sh | |
846 | - run: LIB_FUZZING_ENGINE="fail_to_onefile_driver" CC=clang-10 CXX=clang++-10 CFLAGS="-fprofile-arcs -ftest-coverage -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1" CXXFLAGS="-fprofile-arcs -ftest-coverage -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -stdlib=libc++" ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes ./configure --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect | |
847 | - run: make -j2 | |
848 | - run: ./qa/run-ossfuzz-corpus.sh | |
849 | - name: Gcov | |
850 | run: | | |
851 | cd src | |
852 | llvm-cov-10 gcov -p *.c | |
853 | - name: Upload coverage to Codecov | |
854 | uses: codecov/codecov-action@v1 | |
855 | with: | |
856 | flags: fuzzcorpus | |
857 | ||
975b58c0 JI |
858 | ubuntu-20-04-ndebug: |
859 | name: Ubuntu 20.04 (-DNDEBUG) | |
860 | runs-on: ubuntu-latest | |
861 | container: ubuntu:20.04 | |
1f1a7651 | 862 | needs: [prepare-deps, prepare-cbindgen] |
975b58c0 JI |
863 | steps: |
864 | ||
865 | - name: Install dependencies | |
866 | run: | | |
867 | apt update | |
868 | apt -y install \ | |
869 | build-essential \ | |
870 | autoconf \ | |
871 | automake \ | |
872 | git \ | |
873 | jq \ | |
874 | libtool \ | |
875 | libpcap-dev \ | |
876 | libnet1-dev \ | |
877 | libyaml-0-2 \ | |
878 | libyaml-dev \ | |
879 | libcap-ng-dev \ | |
880 | libcap-ng0 \ | |
881 | libmagic-dev \ | |
882 | libnetfilter-queue-dev \ | |
883 | libnetfilter-queue1 \ | |
884 | libnfnetlink-dev \ | |
885 | libnfnetlink0 \ | |
886 | libhiredis-dev \ | |
887 | libjansson-dev \ | |
888 | libevent-dev \ | |
889 | libevent-pthreads-2.1-7 \ | |
890 | libjansson-dev \ | |
891 | libpython2.7 \ | |
acb1ab08 | 892 | libpcre2-dev \ |
975b58c0 JI |
893 | make \ |
894 | parallel \ | |
895 | python3-yaml \ | |
896 | rustc \ | |
897 | software-properties-common \ | |
898 | zlib1g \ | |
899 | zlib1g-dev \ | |
900 | exuberant-ctags | |
975b58c0 JI |
901 | - uses: actions/checkout@v2 |
902 | - uses: actions/download-artifact@v2 | |
903 | with: | |
904 | name: prep | |
905 | path: prep | |
906 | - run: tar xf prep/libhtp.tar.gz | |
1f1a7651 JI |
907 | - name: Setup cbindgen |
908 | run: | | |
909 | mkdir -p $HOME/.cargo/bin | |
910 | cp prep/cbindgen $HOME/.cargo/bin | |
911 | chmod 755 $HOME/.cargo/bin/cbindgen | |
912 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
975b58c0 JI |
913 | - run: ./autogen.sh |
914 | - run: CFLAGS="$DEFAULT_CFLAGS -DNDEBUG" ./configure --enable-unittests | |
915 | - run: make -j2 | |
916 | - run: make check | |
917 | - run: make dist | |
918 | - name: Extracting suricata-verify | |
919 | run: tar xf prep/suricata-verify.tar.gz | |
920 | - name: Running suricata-verify | |
bfac4ff4 | 921 | run: python3 ./suricata-verify/run.py -q |
93ce39d4 JI |
922 | # Now install and make sure headers and libraries aren't install |
923 | # until requested. | |
924 | - run: make install | |
925 | - run: test ! -e /usr/local/lib/libsuricata_c.a | |
926 | - run: test ! -e /usr/local/include/suricata | |
927 | - run: make install-headers | |
928 | - run: test -e /usr/local/include/suricata/suricata.h | |
929 | - run: make install-library | |
930 | - run: test -e /usr/local/lib/libsuricata_c.a | |
931 | - run: test -e /usr/local/lib/libsuricata_rust.a | |
932 | - run: test -e /usr/local/bin/libsuricata-config | |
933 | - run: test -e /usr/local/lib/libsuricata.so | |
934 | - run: test -e /usr/local/lib/$(readlink /usr/local/lib/libsuricata.so) | |
975b58c0 | 935 | |
146a1ee1 JI |
936 | ubuntu-20-04-too-old-rust: |
937 | name: Ubuntu 20.04 (unsupported rust) | |
938 | runs-on: ubuntu-latest | |
939 | container: ubuntu:20.04 | |
940 | needs: centos-8 | |
941 | steps: | |
942 | - name: Install dependencies | |
943 | run: | | |
944 | apt update | |
945 | apt -y install \ | |
946 | build-essential \ | |
947 | curl \ | |
948 | libtool \ | |
949 | libpcap-dev \ | |
950 | libnet1-dev \ | |
951 | libyaml-0-2 \ | |
952 | libyaml-dev \ | |
953 | libcap-ng-dev \ | |
954 | libcap-ng0 \ | |
955 | libmagic-dev \ | |
956 | libnetfilter-queue-dev \ | |
957 | libnetfilter-queue1 \ | |
958 | libnfnetlink-dev \ | |
959 | libnfnetlink0 \ | |
960 | libhiredis-dev \ | |
961 | libjansson-dev \ | |
962 | libevent-dev \ | |
963 | libevent-pthreads-2.1-7 \ | |
964 | libjansson-dev \ | |
965 | libpython2.7 \ | |
acb1ab08 | 966 | libpcre2-dev \ |
146a1ee1 JI |
967 | make \ |
968 | python3-yaml \ | |
969 | software-properties-common \ | |
970 | zlib1g \ | |
971 | zlib1g-dev \ | |
972 | - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.33.0 -y | |
2ede7361 | 973 | - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH |
146a1ee1 JI |
974 | - name: Download suricata.tar.gz |
975 | uses: actions/download-artifact@v2 | |
976 | with: | |
977 | name: dist | |
978 | - run: tar zxvf suricata-*.tar.gz --strip-components=1 | |
979 | - run: | | |
980 | if ./configure; then | |
981 | echo "error: configure should have failed" | |
982 | exit 1 | |
983 | else | |
984 | exit 0 | |
985 | fi | |
986 | ||
0ae63e85 SB |
987 | ubuntu-18-04-debug-validation: |
988 | name: Ubuntu 18.04 (Debug Validation) | |
989 | runs-on: ubuntu-18.04 | |
990 | container: ubuntu:18.04 | |
1f1a7651 | 991 | needs: [prepare-deps, prepare-cbindgen] |
0ae63e85 SB |
992 | steps: |
993 | ||
994 | # Cache Rust stuff. | |
995 | - name: Cache cargo registry | |
996 | uses: actions/cache@v1 | |
997 | with: | |
998 | path: ~/.cargo/registry | |
999 | key: cargo-registry | |
1000 | ||
1001 | - name: Install dependencies | |
1002 | run: | | |
1003 | apt update | |
1004 | apt -y install \ | |
acb1ab08 | 1005 | libpcre2-dev \ |
0ae63e85 SB |
1006 | build-essential \ |
1007 | autoconf \ | |
1008 | automake \ | |
1009 | git \ | |
1010 | jq \ | |
1011 | libtool \ | |
1012 | libpcap-dev \ | |
1013 | libnet1-dev \ | |
1014 | libyaml-0-2 \ | |
1015 | libyaml-dev \ | |
1016 | libcap-ng-dev \ | |
1017 | libcap-ng0 \ | |
1018 | libmagic-dev \ | |
1019 | libnetfilter-queue-dev \ | |
1020 | libnetfilter-queue1 \ | |
1021 | libnfnetlink-dev \ | |
1022 | libnfnetlink0 \ | |
1023 | libhiredis-dev \ | |
1024 | libjansson-dev \ | |
1025 | libevent-dev \ | |
1026 | libevent-pthreads-2.1.6 \ | |
1027 | libjansson-dev \ | |
1028 | libpython2.7 \ | |
1029 | make \ | |
1030 | parallel \ | |
1031 | python3-yaml \ | |
1032 | rustc \ | |
1033 | software-properties-common \ | |
1034 | zlib1g \ | |
1035 | zlib1g-dev \ | |
1036 | exuberant-ctags | |
0ae63e85 SB |
1037 | - uses: actions/checkout@v2 |
1038 | - uses: actions/download-artifact@v2 | |
1039 | with: | |
1040 | name: prep | |
1041 | path: prep | |
1042 | - run: tar xf prep/libhtp.tar.gz | |
1f1a7651 JI |
1043 | - name: Setup cbindgen |
1044 | run: | | |
1045 | mkdir -p $HOME/.cargo/bin | |
1046 | cp prep/cbindgen $HOME/.cargo/bin | |
1047 | chmod 755 $HOME/.cargo/bin/cbindgen | |
1048 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
0ae63e85 | 1049 | - run: ./autogen.sh |
8b38db4a | 1050 | - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-debug-validation |
0ae63e85 SB |
1051 | - run: make -j2 |
1052 | - run: make check | |
1053 | - name: Extracting suricata-verify | |
1054 | run: tar xf prep/suricata-verify.tar.gz | |
1055 | - name: Running suricata-verify | |
bfac4ff4 | 1056 | run: python3 ./suricata-verify/run.py -q |
0ae63e85 | 1057 | |
3887f8d1 JI |
1058 | ubuntu-18-04: |
1059 | name: Ubuntu 18.04 (Cocci) | |
1060 | runs-on: ubuntu-18.04 | |
b9515671 | 1061 | container: ubuntu:18.04 |
1f1a7651 | 1062 | needs: [prepare-deps, prepare-cbindgen] |
3887f8d1 JI |
1063 | steps: |
1064 | ||
1065 | # Cache Rust stuff. | |
1066 | - name: Cache cargo registry | |
1067 | uses: actions/cache@v1 | |
1068 | with: | |
1069 | path: ~/.cargo/registry | |
1070 | key: cargo-registry | |
1071 | ||
1072 | - name: Install dependencies | |
1073 | run: | | |
b9515671 JI |
1074 | apt update |
1075 | apt -y install \ | |
acb1ab08 | 1076 | libpcre2-dev \ |
3887f8d1 JI |
1077 | build-essential \ |
1078 | autoconf \ | |
1079 | automake \ | |
b9515671 JI |
1080 | git \ |
1081 | jq \ | |
3887f8d1 JI |
1082 | libtool \ |
1083 | libpcap-dev \ | |
1084 | libnet1-dev \ | |
1085 | libyaml-0-2 \ | |
1086 | libyaml-dev \ | |
1087 | libcap-ng-dev \ | |
1088 | libcap-ng0 \ | |
1089 | libmagic-dev \ | |
1090 | libnetfilter-queue-dev \ | |
1091 | libnetfilter-queue1 \ | |
1092 | libnfnetlink-dev \ | |
1093 | libnfnetlink0 \ | |
1094 | libhiredis-dev \ | |
1095 | libjansson-dev \ | |
1096 | libevent-dev \ | |
1097 | libevent-pthreads-2.1.6 \ | |
1098 | libjansson-dev \ | |
b9515671 | 1099 | libpython2.7 \ |
3887f8d1 | 1100 | make \ |
6c7f06b0 | 1101 | mscgen \ |
3887f8d1 | 1102 | parallel \ |
b9515671 JI |
1103 | python3-yaml \ |
1104 | rustc \ | |
3887f8d1 JI |
1105 | software-properties-common \ |
1106 | zlib1g \ | |
9b5ccbe4 PA |
1107 | zlib1g-dev \ |
1108 | exuberant-ctags | |
bcbd8c2a JI |
1109 | - name: Install packages for generating documentation |
1110 | run: | | |
1111 | DEBIAN_FRONTEND=noninteractive apt -y install \ | |
1112 | sphinx-doc \ | |
1113 | sphinx-common \ | |
1114 | texlive-latex-base \ | |
1115 | texlive-fonts-recommended \ | |
1116 | texlive-fonts-extra \ | |
1117 | texlive-latex-extra | |
3887f8d1 JI |
1118 | - name: Install Coccinelle |
1119 | run: | | |
b9515671 JI |
1120 | add-apt-repository -y ppa:npalix/coccinelle |
1121 | apt -y install coccinelle | |
ced66563 JI |
1122 | - uses: actions/checkout@v2 |
1123 | - uses: actions/download-artifact@v2 | |
1124 | with: | |
1125 | name: prep | |
1126 | path: prep | |
1127 | - run: tar xf prep/libhtp.tar.gz | |
1f1a7651 JI |
1128 | - name: Setup cbindgen |
1129 | run: | | |
1130 | mkdir -p $HOME/.cargo/bin | |
1131 | cp prep/cbindgen $HOME/.cargo/bin | |
1132 | chmod 755 $HOME/.cargo/bin/cbindgen | |
1133 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
3887f8d1 | 1134 | - run: ./autogen.sh |
8b38db4a | 1135 | - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-coccinelle |
3887f8d1 | 1136 | - run: make -j2 |
9b5ccbe4 | 1137 | - run: make tags |
3887f8d1 JI |
1138 | - name: Running unit tests and cocci checks |
1139 | # Set the concurrency level for cocci. | |
1140 | run: CONCURRENCY_LEVEL=2 make check | |
bcbd8c2a JI |
1141 | - run: make dist |
1142 | - name: Checking that documentation was built | |
1143 | run: | | |
1144 | test -e doc/devguide/devguide.pdf | |
1145 | test -e doc/userguide/userguide.pdf | |
1146 | test -e doc/userguide/suricata.1 | |
ced66563 JI |
1147 | - name: Extracting suricata-verify |
1148 | run: tar xf prep/suricata-verify.tar.gz | |
3887f8d1 | 1149 | - name: Running suricata-verify |
bfac4ff4 | 1150 | run: python3 ./suricata-verify/run.py -q |
3887f8d1 | 1151 | |
19fe8d98 VJ |
1152 | # test build with afl and fuzztargets |
1153 | ubuntu-18-04-fuzz: | |
1154 | name: Ubuntu 18.04 (Fuzz) | |
1155 | runs-on: ubuntu-18.04 | |
1156 | container: ubuntu:18.04 | |
1f1a7651 | 1157 | needs: [prepare-deps, prepare-cbindgen] |
19fe8d98 VJ |
1158 | steps: |
1159 | ||
1160 | # Cache Rust stuff. | |
1161 | - name: Cache cargo registry | |
1162 | uses: actions/cache@v1 | |
1163 | with: | |
1164 | path: ~/.cargo/registry | |
1165 | key: cargo-registry | |
1166 | ||
1167 | - name: Install dependencies | |
1168 | run: | | |
1169 | apt update | |
1170 | apt -y install \ | |
1171 | afl \ | |
1172 | afl-clang \ | |
acb1ab08 | 1173 | libpcre2-dev \ |
19fe8d98 VJ |
1174 | build-essential \ |
1175 | autoconf \ | |
1176 | automake \ | |
1177 | git \ | |
1178 | libtool \ | |
1179 | libpcap-dev \ | |
1180 | libnet1-dev \ | |
1181 | libyaml-0-2 \ | |
1182 | libyaml-dev \ | |
1183 | libcap-ng-dev \ | |
1184 | libcap-ng0 \ | |
1185 | libmagic-dev \ | |
1186 | libnetfilter-queue-dev \ | |
1187 | libnetfilter-queue1 \ | |
1188 | libnfnetlink-dev \ | |
1189 | libnfnetlink0 \ | |
1190 | libhiredis-dev \ | |
1191 | libjansson-dev \ | |
1192 | libjansson-dev \ | |
1193 | libpython2.7 \ | |
1194 | make \ | |
1195 | rustc \ | |
1196 | software-properties-common \ | |
1197 | zlib1g \ | |
1198 | zlib1g-dev | |
2ede7361 | 1199 | - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH |
ced66563 JI |
1200 | - uses: actions/checkout@v2 |
1201 | - uses: actions/download-artifact@v2 | |
1202 | with: | |
1203 | name: prep | |
1204 | path: prep | |
1205 | - run: tar xf prep/libhtp.tar.gz | |
1f1a7651 JI |
1206 | - name: Setup cbindgen |
1207 | run: | | |
1208 | mkdir -p $HOME/.cargo/bin | |
1209 | cp prep/cbindgen $HOME/.cargo/bin | |
1210 | chmod 755 $HOME/.cargo/bin/cbindgen | |
325096a0 | 1211 | echo "$HOME/.cargo/bin" >> $GITHUB_PATH |
19fe8d98 | 1212 | - run: ./autogen.sh |
325096a0 | 1213 | - run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ LDFLAGS="-fsanitize=address" ./configure --enable-fuzztargets --disable-shared |
19fe8d98 VJ |
1214 | - run: AFL_HARDEN=1 make -j2 |
1215 | ||
3887f8d1 JI |
1216 | # An Ubuntu 16.04 build using the tarball generated in the CentOS 8 |
1217 | # build above. | |
1218 | ubuntu-16-04: | |
1219 | name: Ubuntu 16.04 | |
1220 | runs-on: ubuntu-latest | |
1221 | container: ubuntu:16.04 | |
1222 | needs: centos-8 | |
1223 | steps: | |
1224 | - name: Install dependencies | |
1225 | run: | | |
1226 | apt update | |
1227 | apt -y install \ | |
1228 | build-essential \ | |
1229 | curl \ | |
1230 | libcap-ng-dev \ | |
1231 | libcap-ng0 \ | |
1232 | libevent-dev \ | |
1233 | libhiredis-dev \ | |
1234 | libjansson-dev \ | |
1235 | libmagic-dev \ | |
1236 | libnet1-dev \ | |
1237 | libnetfilter-queue-dev \ | |
1238 | libnetfilter-queue1 \ | |
1239 | libnfnetlink-dev \ | |
1240 | libnfnetlink0 \ | |
acb1ab08 | 1241 | libpcre2-dev \ |
3887f8d1 JI |
1242 | libpcap-dev \ |
1243 | libyaml-0-2 \ | |
1244 | libyaml-dev \ | |
1245 | make \ | |
1246 | python3-yaml \ | |
1247 | zlib1g \ | |
1248 | zlib1g-dev | |
1249 | - name: Install Rust | |
37eff69a | 1250 | run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain ${RUST_VERSION_MIN} -y |
2ede7361 | 1251 | - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH |
3887f8d1 | 1252 | - name: Download suricata.tar.gz |
ced66563 | 1253 | uses: actions/download-artifact@v2 |
3887f8d1 JI |
1254 | with: |
1255 | name: dist | |
3887f8d1 | 1256 | - name: Extract |
ced66563 | 1257 | run: tar zxvf suricata-*.tar.gz --strip-components=1 |
3887f8d1 | 1258 | - name: Configure |
8b38db4a | 1259 | run: CFLAGS="${DEFAULT_CFLAGS}" ./configure |
3887f8d1 | 1260 | - name: Build |
3887f8d1 JI |
1261 | run: make -j2 |
1262 | - name: Testing | |
3887f8d1 | 1263 | run: make check |
ced66563 JI |
1264 | - run: make install |
1265 | - run: make install-conf | |
1266 | - run: make install-rules | |
3887f8d1 JI |
1267 | |
1268 | debian-10: | |
1269 | name: Debian 10 | |
1270 | runs-on: ubuntu-latest | |
1271 | container: debian:10 | |
1f1a7651 | 1272 | needs: [prepare-deps, prepare-cbindgen] |
3887f8d1 JI |
1273 | steps: |
1274 | # Cache Rust stuff. | |
1275 | - name: Cache cargo registry | |
1276 | uses: actions/cache@v1 | |
1277 | with: | |
1278 | path: ~/.cargo/registry | |
1279 | key: cargo-registry | |
1280 | ||
1281 | - run: | | |
1282 | apt update | |
1283 | apt -y install \ | |
1284 | automake \ | |
1285 | autoconf \ | |
1286 | build-essential \ | |
1287 | ccache \ | |
1288 | curl \ | |
1289 | git \ | |
1290 | gosu \ | |
1291 | jq \ | |
acb1ab08 | 1292 | libpcre2-dev \ |
3887f8d1 JI |
1293 | libpcap-dev \ |
1294 | libnet1-dev \ | |
1295 | libyaml-0-2 \ | |
1296 | libyaml-dev \ | |
1297 | libcap-ng-dev \ | |
1298 | libcap-ng0 \ | |
1299 | libmagic-dev \ | |
1300 | libjansson-dev \ | |
3887f8d1 JI |
1301 | libgeoip-dev \ |
1302 | liblua5.1-dev \ | |
1303 | libhiredis-dev \ | |
1304 | libevent-dev \ | |
1305 | libtool \ | |
1306 | m4 \ | |
1307 | make \ | |
18a1fd22 | 1308 | python3-yaml \ |
3887f8d1 | 1309 | pkg-config \ |
3887f8d1 JI |
1310 | sudo \ |
1311 | zlib1g \ | |
23b1607d EL |
1312 | zlib1g-dev \ |
1313 | clang \ | |
1314 | libbpf-dev \ | |
1315 | libelf-dev | |
a9249cb2 VJ |
1316 | - name: Install Rust |
1317 | run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y | |
1318 | - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
ced66563 JI |
1319 | - uses: actions/checkout@v2 |
1320 | - uses: actions/download-artifact@v2 | |
1321 | with: | |
1322 | name: prep | |
1323 | path: prep | |
1324 | - run: tar xf prep/libhtp.tar.gz | |
1325 | - run: tar xf prep/suricata-update.tar.gz | |
1f1a7651 JI |
1326 | - name: Setup cbindgen |
1327 | run: | | |
1328 | mkdir -p $HOME/.cargo/bin | |
1329 | cp prep/cbindgen $HOME/.cargo/bin | |
1330 | chmod 755 $HOME/.cargo/bin/cbindgen | |
3887f8d1 | 1331 | - run: ./autogen.sh |
23b1607d | 1332 | - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-fuzztargets --enable-ebpf --enable-ebpf-build |
3887f8d1 JI |
1333 | - run: make -j2 |
1334 | - run: make check | |
ced66563 | 1335 | - run: tar xf prep/suricata-verify.tar.gz |
3887f8d1 | 1336 | - name: Running suricata-verify |
bfac4ff4 | 1337 | run: python3 ./suricata-verify/run.py -q |
3887f8d1 JI |
1338 | |
1339 | debian-9: | |
1340 | name: Debian 9 | |
1341 | runs-on: ubuntu-latest | |
1342 | container: debian:9 | |
1f1a7651 | 1343 | needs: [prepare-deps, prepare-cbindgen] |
3887f8d1 JI |
1344 | steps: |
1345 | - run: | | |
1346 | apt update | |
1347 | apt -y install \ | |
1348 | automake \ | |
1349 | autoconf \ | |
1350 | build-essential \ | |
1351 | ccache \ | |
1352 | curl \ | |
1353 | git-core \ | |
1354 | gosu \ | |
1355 | jq \ | |
acb1ab08 | 1356 | libpcre2-dev \ |
3887f8d1 JI |
1357 | libpcap-dev \ |
1358 | libnet1-dev \ | |
1359 | libyaml-0-2 \ | |
1360 | libyaml-dev \ | |
1361 | libcap-ng-dev \ | |
1362 | libcap-ng0 \ | |
1363 | libmagic-dev \ | |
1364 | libjansson-dev \ | |
3887f8d1 JI |
1365 | libgeoip-dev \ |
1366 | liblua5.1-dev \ | |
1367 | libhiredis-dev \ | |
1368 | libevent-dev \ | |
1369 | libtool \ | |
1370 | m4 \ | |
1371 | make \ | |
18a1fd22 | 1372 | python3-yaml \ |
3887f8d1 JI |
1373 | pkg-config \ |
1374 | sudo \ | |
1375 | zlib1g \ | |
1376 | zlib1g-dev | |
1377 | - name: Install Rust | |
cb963f86 | 1378 | run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y |
2ede7361 | 1379 | - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH |
ced66563 JI |
1380 | - uses: actions/checkout@v2 |
1381 | - uses: actions/download-artifact@v2 | |
1382 | with: | |
1383 | name: prep | |
1384 | path: prep | |
1385 | - run: tar xf prep/libhtp.tar.gz | |
1386 | - run: tar xf prep/suricata-update.tar.gz | |
1f1a7651 JI |
1387 | - name: Setup cbindgen |
1388 | run: | | |
1389 | mkdir -p $HOME/.cargo/bin | |
1390 | cp prep/cbindgen $HOME/.cargo/bin | |
1391 | chmod 755 $HOME/.cargo/bin/cbindgen | |
3887f8d1 | 1392 | - run: ./autogen.sh |
8b38db4a | 1393 | - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests |
3887f8d1 JI |
1394 | - run: make -j2 |
1395 | - run: make check | |
ced66563 | 1396 | - run: tar xf prep/suricata-verify.tar.gz |
3887f8d1 | 1397 | - name: Running suricata-verify |
bfac4ff4 | 1398 | run: python3 ./suricata-verify/run.py -q |
3887f8d1 JI |
1399 | |
1400 | macos-latest: | |
1401 | name: MacOS Latest | |
8b9721b2 JI |
1402 | # use 10.15 for now. Build fails on macos-11 (aka macos-latest) |
1403 | runs-on: macos-10.15 | |
1f1a7651 | 1404 | needs: [prepare-deps] |
3887f8d1 JI |
1405 | steps: |
1406 | # Cache Rust stuff. | |
1407 | - name: Cache cargo registry | |
1408 | uses: actions/cache@v1 | |
1409 | with: | |
1410 | path: ~/.cargo/registry | |
1411 | key: cargo-registry | |
1412 | - run: | | |
1413 | brew install \ | |
1414 | autoconf \ | |
1415 | automake \ | |
1416 | curl \ | |
1417 | hiredis \ | |
1418 | jansson \ | |
1419 | jq \ | |
1420 | libmagic \ | |
1421 | libnet \ | |
1422 | libtool \ | |
1423 | libyaml \ | |
1424 | lua \ | |
3887f8d1 | 1425 | pkg-config \ |
7904ef82 | 1426 | python \ |
3887f8d1 JI |
1427 | rust \ |
1428 | xz | |
b573c16d | 1429 | - name: Install cbindgen |
4318c1de | 1430 | run: cargo install --force --debug --version 0.14.1 cbindgen |
2ede7361 | 1431 | - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH |
7904ef82 | 1432 | - run: pip3 install PyYAML |
ced66563 JI |
1433 | - uses: actions/checkout@v2 |
1434 | - name: Downloading prep archive | |
1435 | uses: actions/download-artifact@v2 | |
1436 | with: | |
1437 | name: prep | |
1438 | path: prep | |
1439 | - run: tar xvf prep/libhtp.tar.gz | |
3887f8d1 | 1440 | - run: ./autogen.sh |
8b38db4a | 1441 | - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests |
3887f8d1 JI |
1442 | - run: make -j2 |
1443 | - run: make check | |
ced66563 | 1444 | - run: tar xf prep/suricata-verify.tar.gz |
3887f8d1 | 1445 | - name: Running suricata-verify |
bfac4ff4 | 1446 | run: python3 ./suricata-verify/run.py -q |
75c0f9bd VJ |
1447 | |
1448 | windows-msys2-mingw64: | |
1449 | name: Windows MSYS2 MINGW64 | |
1450 | runs-on: windows-latest | |
1f1a7651 | 1451 | needs: [prepare-deps] |
75c0f9bd VJ |
1452 | defaults: |
1453 | run: | |
1454 | shell: msys2 {0} | |
1455 | steps: | |
1456 | - uses: actions/checkout@v2 | |
1457 | - uses: msys2/setup-msys2@v2 | |
1458 | with: | |
1459 | msystem: MINGW64 | |
1460 | update: true | |
1dc98cad | 1461 | install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 |
75c0f9bd VJ |
1462 | # hack: install our own cbindgen system wide as we can't get the |
1463 | # preinstalled one to be picked up by configure | |
1464 | - name: cbindgen | |
1465 | run: cargo install --root /usr --force --debug --version 0.14.1 cbindgen | |
1466 | - uses: actions/checkout@v2 | |
1467 | - uses: actions/download-artifact@v2 | |
1468 | with: | |
1469 | name: prep | |
1470 | path: prep | |
1471 | - run: tar xf prep/libhtp.tar.gz | |
1472 | - run: tar xf prep/suricata-update.tar.gz | |
1473 | - name: Npcap DLL | |
1474 | run: | | |
1475 | curl -s -O https://nmap.org/npcap/dist/npcap-1.00.exe | |
1476 | 7z -y x -o/npcap-bin npcap-1.00.exe | |
1477 | # hack: place dlls in cwd | |
1478 | cp /npcap-bin/*.dll . | |
1479 | - name: Npcap SDK | |
1480 | run: | | |
1481 | curl -s -O https://nmap.org/npcap/dist/npcap-sdk-1.06.zip | |
1482 | unzip npcap-sdk-1.06.zip -d /npcap | |
1483 | cp /npcap/Lib/x64/* /usr/lib/ | |
1484 | - run: tar xf prep/suricata-verify.tar.gz | |
1485 | - name: Build | |
1486 | run: | | |
1487 | ./autogen.sh | |
1488 | CFLAGS="-ggdb -Werror" ./configure --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 | |
1489 | make -j3 | |
1490 | - name: Run | |
1491 | run: | | |
1492 | ./src/suricata --build-info | |
1493 | ./src/suricata -u -l /tmp/ | |
1494 | # need cwd in path due to npcap dlls (see above) | |
bfac4ff4 | 1495 | PATH="$PATH:$(pwd)" python3 ./suricata-verify/run.py -q |