--- /dev/null
+name: build-centos-7
+
+on:
+ push:
+ pull_request:
+ workflow_dispatch:
+ inputs:
+ LIBHTP_REPO:
+ LIBHTP_BRANCH:
+ SU_REPO:
+ SU_BRANCH:
+ SV_REPO:
+ SV_BRANCH:
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
+permissions: read-all
+
+env:
+ DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify
+ DEFAULT_SV_BRANCH: master
+ DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function"
+
+jobs:
+ centos-7:
+ runs-on: ubuntu-latest
+ container: centos:7
+ steps:
+ - name: Cache cargo registry
+ uses: actions/cache@v3.3.3
+ with:
+ path: ~/.cargo
+ key: ${{ github.job }}-cargo
+
+ - name: Cache RPMs
+ uses: actions/cache@v3.3.3
+ with:
+ path: /var/cache/yum
+ key: ${{ github.job }}-yum
+
+ - run: |
+ yum -y install epel-release
+ yum -y install \
+ autoconf \
+ automake \
+ cargo \
+ curl \
+ diffutils \
+ file-devel \
+ gcc \
+ gcc-c++ \
+ git \
+ jansson-devel \
+ jq \
+ lua-devel \
+ libtool \
+ libyaml-devel \
+ libnfnetlink-devel \
+ libnetfilter_queue-devel \
+ libnet-devel \
+ libcap-ng-devel \
+ libevent-devel \
+ libmaxminddb-devel \
+ libpcap-devel \
+ lz4-devel \
+ make \
+ nss-devel \
+ pcre2-devel \
+ pkgconfig \
+ python36-PyYAML \
+ rust \
+ sudo \
+ which \
+ zlib-devel
+ - name: Parse repo and branch information
+ env:
+ # We fetch the actual pull request to get the latest body as
+ # github.event.pull_request.body has the body from the
+ # initial pull request.
+ PR_HREF: ${{ github.event.pull_request._links.self.href }}
+ run: |
+ if test "${PR_HREF}"; then
+ body=$(curl -s "${PR_HREF}" | jq -r .body | tr -d '\r')
+
+ echo "Parsing branch and PR info from:"
+ echo "${body}"
+
+ LIBHTP_REPO=$(echo "${body}" | awk -F = '/^LIBHTP_REPO=/ { print $2 }')
+ LIBHTP_BRANCH=$(echo "${body}" | awk -F = '/^LIBHTP_BRANCH=/ { print $2 }')
+
+ SU_REPO=$(echo "${body}" | awk -F = '/^SU_REPO=/ { print $2 }')
+ SU_BRANCH=$(echo "${body}" | awk -F = '/^SU_BRANCH=/ { print $2 }')
+
+ SV_REPO=$(echo "${body}" | awk -F = '/^SV_REPO=/ { print $2 }')
+ SV_BRANCH=$(echo "${body}" | awk -F = '/^SV_BRANCH=/ { print $2 }')
+ else
+ echo "No pull request body, will use inputs or defaults."
+ LIBHTP_REPO=${{ inputs.LIBHTP_REPO }}
+ LIBHTP_BRANCH=${{ inputs.LIBHTP_BRANCH }}
+ SU_REPO=${{ inputs.SU_REPO }}
+ SU_BRANCH=${{ inputs.SU_BRANCH }}
+ SV_REPO=${{ inputs.SV_REPO }}
+ SV_BRANCH=${{ inputs.SV_BRANCH }}
+ fi
+
+ # If the _REPO variables don't contain a full URL, add GitHub.
+ if [ "${LIBHTP_REPO}" ] && ! echo "${LIBHTP_REPO}" | grep -q '^https://'; then
+ LIBHTP_REPO="https://github.com/${LIBHTP_REPO}"
+ fi
+ if [ "${SU_REPO}" ] && ! echo "${SU_REPO}" | grep -q '^https://'; then
+ SU_REPO="https://github.com/${SU_REPO}"
+ fi
+ if [ "${SV_REPO}" ] && ! echo "${SV_REPO}" | grep -q '^https://'; then
+ SV_REPO="https://github.com/${SV_REPO}"
+ fi
+
+ echo LIBHTP_REPO=${LIBHTP_REPO} | tee -a ${GITHUB_ENV}
+ echo LIBHTP_BRANCH=${LIBHTP_BRANCH} | tee -a ${GITHUB_ENV}
+
+ echo SU_REPO=${SU_REPO} | tee -a ${GITHUB_ENV}
+ echo SU_BRANCH=${SU_BRANCH} | tee -a ${GITHUB_ENV}
+
+ echo SV_REPO=${SV_REPO:-${DEFAULT_SV_REPO}} | tee -a ${GITHUB_ENV}
+ echo SV_BRANCH=${SV_BRANCH:-${DEFAULT_SV_BRANCH}} | tee -a ${GITHUB_ENV}
+
+ - name: Annotate output
+ run: |
+ echo "::notice:: LIBHTP_REPO=${LIBHTP_REPO}"
+ echo "::notice:: LIBHTP_BRANCH=${LIBHTP_BRANCH}"
+ echo "::notice:: SU_REPO=${SU_REPO}"
+ echo "::notice:: SU_BRANCH=${SU_BRANCH}"
+ echo "::notice:: SV_REPO=${SV_REPO}"
+ echo "::notice:: SV_BRANCH=${SV_BRANCH}"
+
+ - name: Install cbindgen
+ run: |
+ cargo install --debug cbindgen
+ echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+
+ # Now checkout Suricata for the bundle script.
+ - name: Checking out Suricata
+ uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+
+ - run: ./scripts/bundle.sh
+
+ - name: Fetching suricata-verify
+ run: |
+ # Looking for a pull request number. in the SV_BRANCH
+ # value. This could be "pr/NNN", "pull/NNN" or a link to an
+ # OISF/suricata-verify pull request.
+ pr=$(echo "${SV_BRANCH}" | sed -n \
+ -e 's/^https:\/\/github.com\/OISF\/suricata-verify\/pull\/\([0-9]*\)$/\1/p' \
+ -e 's/^pull\/\([0-9]*\)$/\1/p' \
+ -e 's/^pr\/\([0-9]*\)$/\1/p')
+ if [ "${pr}" ]; then
+ SV_BRANCH="refs/pull/${pr}/head"
+ echo "Using suricata-verify pull-request ${SV_BRANCH}"
+ else
+ echo "Using suricata-verify branch ${SV_BRANCH}"
+ fi
+ git clone --depth 1 ${SV_REPO} suricata-verify
+ cd suricata-verify
+ git fetch --depth 1 origin ${SV_BRANCH}
+ git -c advice.detachedHead=false checkout FETCH_HEAD
+
+ - run: ./autogen.sh
+ - run: ./configure
+ - run: make -j ${{ env.CPUS }}
+ - run: python3 ./suricata-verify/run.py -q --debug-failed
+ - run: make install-full
+ - run: suricata-update -V
+ - run: suricatasc -h
- run: suricata-update -V
- run: suricatasc -h
- centos-7:
- name: CentOS 7
- runs-on: ubuntu-latest
- container: centos:7
- needs: [prepare-deps, debian-12-dist]
- steps:
- - name: Cache ~/.cargo
- uses: actions/cache@v3.3.1
- with:
- path: ~/.cargo
- key: ${{ github.job }}-cargo
-
- - name: Cache RPMs
- uses: actions/cache@v3.3.1
- with:
- path: /var/cache/yum
- key: ${{ github.job }}-yum
- - run: echo "keepcache=1" >> /etc/yum.conf
-
- - name: Install system dependencies
- run: |
- yum -y install epel-release
- yum -y install \
- autoconf \
- automake \
- cargo \
- diffutils \
- file-devel \
- gcc \
- gcc-c++ \
- jansson-devel \
- jq \
- lua-devel \
- libtool \
- libyaml-devel \
- libnfnetlink-devel \
- libnetfilter_queue-devel \
- libnet-devel \
- libcap-ng-devel \
- libevent-devel \
- libmaxminddb-devel \
- libpcap-devel \
- lz4-devel \
- make \
- pcre2-devel \
- pkgconfig \
- python36-PyYAML \
- rust \
- sudo \
- which \
- zlib-devel
- - name: Download suricata.tar.gz
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
- with:
- name: dist
- - run: tar zxvf suricata-*.tar.gz --strip-components=1
- # This isn't really needed as we are building from a prepared
- # package, but some package managers like RPM and Debian like to
- # run this command even on prepared packages, so make sure it
- # works.
- - name: Test autoreconf
- run: autoreconf -fv --install
- - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure
- - run: make -j2
- - run: make install
- - run: make install-conf
- - run: make distcheck
- - run: make clean
- - run: make -j2
- - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
- with:
- name: prep
- path: prep
- - run: tar xf prep/suricata-verify.tar.gz
- - run: python3 ./suricata-verify/run.py -q --debug-failed
- - run: suricata-update -V
- - run: suricatasc -h
-
fedora-38-sv-codecov:
name: Fedora 38 (Suricata Verify codecov)
runs-on: ubuntu-latest
projects / thirdparty / suricata.git / commitdiff
