diff --git a/.github/workflows/build-centos-7.yml b/.github/workflows/build-centos-7.yml new file mode 100644 index 0000000000..83f8533066 --- /dev/null +++ b/.github/workflows/build-centos-7.yml @@ -0,0 +1,174 @@ +name: build-centos-7 + +on: + push: + pull_request: + workflow_dispatch: + inputs: + LIBHTP_REPO: + LIBHTP_BRANCH: + SU_REPO: + SU_BRANCH: + SV_REPO: + SV_BRANCH: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: read-all + +env: + DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify + DEFAULT_SV_BRANCH: master + DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function" + +jobs: + centos-7: + runs-on: ubuntu-latest + container: centos:7 + steps: + - name: Cache cargo registry + uses: actions/cache@v3.3.3 + with: + path: ~/.cargo + key: ${{ github.job }}-cargo + + - name: Cache RPMs + uses: actions/cache@v3.3.3 + with: + path: /var/cache/yum + key: ${{ github.job }}-yum + + - run: | + yum -y install epel-release + yum -y install \ + autoconf \ + automake \ + cargo \ + curl \ + diffutils \ + file-devel \ + gcc \ + gcc-c++ \ + git \ + jansson-devel \ + jq \ + lua-devel \ + libtool \ + libyaml-devel \ + libnfnetlink-devel \ + libnetfilter_queue-devel \ + libnet-devel \ + libcap-ng-devel \ + libevent-devel \ + libmaxminddb-devel \ + libpcap-devel \ + lz4-devel \ + make \ + nss-devel \ + pcre2-devel \ + pkgconfig \ + python36-PyYAML \ + rust \ + sudo \ + which \ + zlib-devel + - name: Parse repo and branch information + env: + # We fetch the actual pull request to get the latest body as + # github.event.pull_request.body has the body from the + # initial pull request. + PR_HREF: ${{ github.event.pull_request._links.self.href }} + run: | + if test "${PR_HREF}"; then + body=$(curl -s "${PR_HREF}" | jq -r .body | tr -d '\r') + + echo "Parsing branch and PR info from:" + echo "${body}" + + LIBHTP_REPO=$(echo "${body}" | awk -F = '/^LIBHTP_REPO=/ { print $2 }') + LIBHTP_BRANCH=$(echo "${body}" | awk -F = '/^LIBHTP_BRANCH=/ { print $2 }') + + SU_REPO=$(echo "${body}" | awk -F = '/^SU_REPO=/ { print $2 }') + SU_BRANCH=$(echo "${body}" | awk -F = '/^SU_BRANCH=/ { print $2 }') + + SV_REPO=$(echo "${body}" | awk -F = '/^SV_REPO=/ { print $2 }') + SV_BRANCH=$(echo "${body}" | awk -F = '/^SV_BRANCH=/ { print $2 }') + else + echo "No pull request body, will use inputs or defaults." + LIBHTP_REPO=${{ inputs.LIBHTP_REPO }} + LIBHTP_BRANCH=${{ inputs.LIBHTP_BRANCH }} + SU_REPO=${{ inputs.SU_REPO }} + SU_BRANCH=${{ inputs.SU_BRANCH }} + SV_REPO=${{ inputs.SV_REPO }} + SV_BRANCH=${{ inputs.SV_BRANCH }} + fi + + # If the _REPO variables don't contain a full URL, add GitHub. + if [ "${LIBHTP_REPO}" ] && ! echo "${LIBHTP_REPO}" | grep -q '^https://'; then + LIBHTP_REPO="https://github.com/${LIBHTP_REPO}" + fi + if [ "${SU_REPO}" ] && ! echo "${SU_REPO}" | grep -q '^https://'; then + SU_REPO="https://github.com/${SU_REPO}" + fi + if [ "${SV_REPO}" ] && ! echo "${SV_REPO}" | grep -q '^https://'; then + SV_REPO="https://github.com/${SV_REPO}" + fi + + echo LIBHTP_REPO=${LIBHTP_REPO} | tee -a ${GITHUB_ENV} + echo LIBHTP_BRANCH=${LIBHTP_BRANCH} | tee -a ${GITHUB_ENV} + + echo SU_REPO=${SU_REPO} | tee -a ${GITHUB_ENV} + echo SU_BRANCH=${SU_BRANCH} | tee -a ${GITHUB_ENV} + + echo SV_REPO=${SV_REPO:-${DEFAULT_SV_REPO}} | tee -a ${GITHUB_ENV} + echo SV_BRANCH=${SV_BRANCH:-${DEFAULT_SV_BRANCH}} | tee -a ${GITHUB_ENV} + + - name: Annotate output + run: | + echo "::notice:: LIBHTP_REPO=${LIBHTP_REPO}" + echo "::notice:: LIBHTP_BRANCH=${LIBHTP_BRANCH}" + echo "::notice:: SU_REPO=${SU_REPO}" + echo "::notice:: SU_BRANCH=${SU_BRANCH}" + echo "::notice:: SV_REPO=${SV_REPO}" + echo "::notice:: SV_BRANCH=${SV_BRANCH}" + + - name: Install cbindgen + run: | + cargo install --debug cbindgen + echo "$HOME/.cargo/bin" >> $GITHUB_PATH + + # Now checkout Suricata for the bundle script. + - name: Checking out Suricata + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + + - run: ./scripts/bundle.sh + + - name: Fetching suricata-verify + run: | + # Looking for a pull request number. in the SV_BRANCH + # value. This could be "pr/NNN", "pull/NNN" or a link to an + # OISF/suricata-verify pull request. + pr=$(echo "${SV_BRANCH}" | sed -n \ + -e 's/^https:\/\/github.com\/OISF\/suricata-verify\/pull\/\([0-9]*\)$/\1/p' \ + -e 's/^pull\/\([0-9]*\)$/\1/p' \ + -e 's/^pr\/\([0-9]*\)$/\1/p') + if [ "${pr}" ]; then + SV_BRANCH="refs/pull/${pr}/head" + echo "Using suricata-verify pull-request ${SV_BRANCH}" + else + echo "Using suricata-verify branch ${SV_BRANCH}" + fi + git clone --depth 1 ${SV_REPO} suricata-verify + cd suricata-verify + git fetch --depth 1 origin ${SV_BRANCH} + git -c advice.detachedHead=false checkout FETCH_HEAD + + - run: ./autogen.sh + - run: ./configure + - run: make -j ${{ env.CPUS }} + - run: python3 ./suricata-verify/run.py -q --debug-failed + - run: make install-full + - run: suricata-update -V + - run: suricatasc -h diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 7dab8ed84c..df679b1bbd 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -660,84 +660,6 @@ jobs: - run: suricata-update -V - run: suricatasc -h - centos-7: - name: CentOS 7 - runs-on: ubuntu-latest - container: centos:7 - needs: [prepare-deps, debian-12-dist] - steps: - - name: Cache ~/.cargo - uses: actions/cache@v3.3.1 - with: - path: ~/.cargo - key: ${{ github.job }}-cargo - - - name: Cache RPMs - uses: actions/cache@v3.3.1 - with: - path: /var/cache/yum - key: ${{ github.job }}-yum - - run: echo "keepcache=1" >> /etc/yum.conf - - - name: Install system dependencies - run: | - yum -y install epel-release - yum -y install \ - autoconf \ - automake \ - cargo \ - diffutils \ - file-devel \ - gcc \ - gcc-c++ \ - jansson-devel \ - jq \ - lua-devel \ - libtool \ - libyaml-devel \ - libnfnetlink-devel \ - libnetfilter_queue-devel \ - libnet-devel \ - libcap-ng-devel \ - libevent-devel \ - libmaxminddb-devel \ - libpcap-devel \ - lz4-devel \ - make \ - pcre2-devel \ - pkgconfig \ - python36-PyYAML \ - rust \ - sudo \ - which \ - zlib-devel - - name: Download suricata.tar.gz - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a - with: - name: dist - - run: tar zxvf suricata-*.tar.gz --strip-components=1 - # This isn't really needed as we are building from a prepared - # package, but some package managers like RPM and Debian like to - # run this command even on prepared packages, so make sure it - # works. - - name: Test autoreconf - run: autoreconf -fv --install - - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure - - run: make -j2 - - run: make install - - run: make install-conf - - run: make distcheck - - run: make clean - - run: make -j2 - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a - with: - name: prep - path: prep - - run: tar xf prep/suricata-verify.tar.gz - - run: python3 ./suricata-verify/run.py -q --debug-failed - - run: suricata-update -V - - run: suricatasc -h - fedora-38-sv-codecov: name: Fedora 38 (Suricata Verify codecov) runs-on: ubuntu-latest