-
Notifications
You must be signed in to change notification settings - Fork 1.5k
176 lines (154 loc) · 5.94 KB
/
build-centos-7.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
name: build-centos-7
on:
push:
pull_request:
workflow_dispatch:
inputs:
LIBHTP_REPO:
LIBHTP_BRANCH:
SU_REPO:
SU_BRANCH:
SV_REPO:
SV_BRANCH:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: read-all
env:
DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify
DEFAULT_SV_BRANCH: master
DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function"
jobs:
centos-7:
runs-on: ubuntu-latest
container: centos:7
steps:
- name: Cache cargo registry
uses: actions/cache@v3.3.3
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- name: Cache RPMs
uses: actions/cache@v3.3.3
with:
path: /var/cache/yum
key: ${{ github.job }}-yum
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
yum -y install epel-release
yum -y install \
autoconf \
automake \
cargo \
curl \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
lz4-devel \
make \
nss-devel \
pcre2-devel \
pkgconfig \
python36-PyYAML \
rust \
sudo \
which \
zlib-devel
- name: Parse repo and branch information
env:
# We fetch the actual pull request to get the latest body as
# github.event.pull_request.body has the body from the
# initial pull request.
PR_HREF: ${{ github.event.pull_request._links.self.href }}
run: |
if test "${PR_HREF}"; then
body=$(curl -s "${PR_HREF}" | jq -r .body | tr -d '\r')
echo "Parsing branch and PR info from:"
echo "${body}"
LIBHTP_REPO=$(echo "${body}" | awk -F = '/^LIBHTP_REPO=/ { print $2 }')
LIBHTP_BRANCH=$(echo "${body}" | awk -F = '/^LIBHTP_BRANCH=/ { print $2 }')
SU_REPO=$(echo "${body}" | awk -F = '/^SU_REPO=/ { print $2 }')
SU_BRANCH=$(echo "${body}" | awk -F = '/^SU_BRANCH=/ { print $2 }')
SV_REPO=$(echo "${body}" | awk -F = '/^SV_REPO=/ { print $2 }')
SV_BRANCH=$(echo "${body}" | awk -F = '/^SV_BRANCH=/ { print $2 }')
else
echo "No pull request body, will use inputs or defaults."
LIBHTP_REPO=${{ inputs.LIBHTP_REPO }}
LIBHTP_BRANCH=${{ inputs.LIBHTP_BRANCH }}
SU_REPO=${{ inputs.SU_REPO }}
SU_BRANCH=${{ inputs.SU_BRANCH }}
SV_REPO=${{ inputs.SV_REPO }}
SV_BRANCH=${{ inputs.SV_BRANCH }}
fi
# If the _REPO variables don't contain a full URL, add GitHub.
if [ "${LIBHTP_REPO}" ] && ! echo "${LIBHTP_REPO}" | grep -q '^https://'; then
LIBHTP_REPO="https://github.com/${LIBHTP_REPO}"
fi
if [ "${SU_REPO}" ] && ! echo "${SU_REPO}" | grep -q '^https://'; then
SU_REPO="https://github.com/${SU_REPO}"
fi
if [ "${SV_REPO}" ] && ! echo "${SV_REPO}" | grep -q '^https://'; then
SV_REPO="https://github.com/${SV_REPO}"
fi
echo LIBHTP_REPO=${LIBHTP_REPO} | tee -a ${GITHUB_ENV}
echo LIBHTP_BRANCH=${LIBHTP_BRANCH} | tee -a ${GITHUB_ENV}
echo SU_REPO=${SU_REPO} | tee -a ${GITHUB_ENV}
echo SU_BRANCH=${SU_BRANCH} | tee -a ${GITHUB_ENV}
echo SV_REPO=${SV_REPO:-${DEFAULT_SV_REPO}} | tee -a ${GITHUB_ENV}
echo SV_BRANCH=${SV_BRANCH:-${DEFAULT_SV_BRANCH}} | tee -a ${GITHUB_ENV}
- name: Annotate output
run: |
echo "::notice:: LIBHTP_REPO=${LIBHTP_REPO}"
echo "::notice:: LIBHTP_BRANCH=${LIBHTP_BRANCH}"
echo "::notice:: SU_REPO=${SU_REPO}"
echo "::notice:: SU_BRANCH=${SU_BRANCH}"
echo "::notice:: SV_REPO=${SV_REPO}"
echo "::notice:: SV_BRANCH=${SV_BRANCH}"
- name: Install cbindgen
run: |
cargo install --debug cbindgen
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
# Now checkout Suricata for the bundle script.
- name: Checking out Suricata
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- run: ./scripts/bundle.sh
- name: Fetching suricata-verify
run: |
# Looking for a pull request number. in the SV_BRANCH
# value. This could be "pr/NNN", "pull/NNN" or a link to an
# OISF/suricata-verify pull request.
pr=$(echo "${SV_BRANCH}" | sed -n \
-e 's/^https:\/\/github.com\/OISF\/suricata-verify\/pull\/\([0-9]*\)$/\1/p' \
-e 's/^pull\/\([0-9]*\)$/\1/p' \
-e 's/^pr\/\([0-9]*\)$/\1/p')
if [ "${pr}" ]; then
SV_BRANCH="refs/pull/${pr}/head"
echo "Using suricata-verify pull-request ${SV_BRANCH}"
else
echo "Using suricata-verify branch ${SV_BRANCH}"
fi
git clone --depth 1 ${SV_REPO} suricata-verify
cd suricata-verify
git fetch --depth 1 origin ${SV_BRANCH}
git -c advice.detachedHead=false checkout FETCH_HEAD
- run: ./autogen.sh
- run: ./configure --enable-warnings
- run: make -j ${{ env.CPUS }}
- run: python3 ./suricata-verify/run.py -q --debug-failed
- run: make install-full
- run: suricata-update -V
- run: suricatasc -h