cd7c35eb5a
github-ci: add minimal build for Ubuntu and AlmaLinux
9 months ago
6d663ec885
github-ci: remove gosu from installed packages
9 months ago
130d75f025
github-action: remove end of life CentOS 8 stream
9 months ago
4040ae10d1
github-actions: bump codecov/codecov-action from 4.1.1 to 4.4.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.1 to 4.4.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v4.1.1...125fc84a9a348dbcf27191600683ec096ec9021c )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
9 months ago
1c5661673f
github-actions: bump ossf/scorecard-action from 2.3.1 to 2.3.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510
9 months ago
0b4652f4cc
github-actions: bump github/codeql-action from 3.25.3 to 3.25.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.3 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.25.3...v3.25.7 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
9 months ago
daa6f6f7f3
github-ci: re-add --disable-lua to commit check
...
This is required for some older versions in the pull request to build
as the commits change some compile time options with respect to Lua.
9 months ago
7897043144
github-ci/scan-build: exclude rust (lua)
...
The vendored Lua code triggers some scan-build failures, so exclude
the rust/ directory for now. Might want to look at these separately
though.
9 months ago
4788d684da
github-ci: test make after clean without cbindgen
...
Modify the CentOS 9 Stream build to not have cbdingen available, as
its already building from the dist. But add a "make clean" followed
by a "make" to test that it still builds after a clean.
9 months ago
2e440169d6
lua: remove lua as a compile time feature
...
Its always built-in. However, can be disabled at runtime.
9 months ago
bc011f2205
lua: use rust crate to vendor (bundle) lua
...
Remove lua-dev(el) from all CI tests.
9 months ago
d5c6c3a21c
lua: build lua by default
...
Ticket: #4776
[Edits by Jason Ish]
- Add Lua in CI where needed
- Disable Lua for builds that don't have Lua 5.4
9 months ago
586c92d9d5
lua: require lua 5.4
...
github-ci: Disable lua on debian 10 as it doesn't have Lua 5.4.
Ticket: #4776
9 months ago
e0411878fc
github-actions: bump scan-build to Ubuntu 24.04 / clang 18
9 months ago
ce9bfba76a
ci: fix and test with Wunused-macros
...
Ticket: 6937
9 months ago
d401082bba
github-actions: set bpf to icmp for af-packet
10 months ago
1240bdd914
github-actions: add pcap live test script and jobs
...
Asan and coverage jobs.
10 months ago
27b6a31a0c
github-actions: unix pcap coverage run
...
To increase code coverage.
10 months ago
ea95aac022
github-actions: add unix socket runmode script and job
...
Runs with ASAN.
10 months ago
40b87bfd04
github-actions: add ASAN enabled Ubuntu 24.04 build of live tests
10 months ago
4c33e64d56
github-actions: make sure unix socket is created in dpdk tests
10 months ago
8e320449f6
github-actions: expand af-packet live test with more unix commands
10 months ago
1297d96592
github-actions: bump actions/upload-artifact from 4.3.1 to 4.3.3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.1 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fd
10 months ago
f14a4a1bf8
github-actions: bump github/codeql-action from 3.24.9 to 3.25.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.9 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.9...v3.25.3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
b9fbc5749d
github-actions: bump actions/download-artifact from 4.1.4 to 4.1.7
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.1.4 to 4.1.7.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](c850b930e6...65a9edc588
10 months ago
76314cc00e
github-actions: bump codecov/codecov-action from 4.1.1 to 4.3.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.1 to 4.3.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](c16abc29c9...5ecb98a3c6
10 months ago
2b80689ee4
github-actions: convert dpdk tests to use script
10 months ago
6edf05cdaa
github-actions: add dpdk ids live test script
10 months ago
ed9ad0048d
github-ci: add af-packet and dpdk codecov builds
...
Adds live tests for DPDK and AF_PACKET, with support for code coverage.
10 months ago
4fedba1140
github-ci: remove cocci from fedora 39 build
...
Cocci on Fedora 39+ gets stuck for some reason. Cocci has been moved
to a new Ubuntu 24.04 build.
10 months ago
1c2402f5e7
github-ci: add ubuntu 24.04 build with cocci
...
Rather basic 24.04 build for now, but use Cocci as Cocci is working
properly here, but not working in the latest Fedora releases.
10 months ago
47a1502dbb
ci: fix macos build
...
use brew instead of pip
limit the number of jobs for make
set a prefix where we can install
use brew flags for library finding
10 months ago
480955b1f8
github-ci: update fedora builds
...
f39 -> f40
f38 -> f39
10 months ago
3a27cfd7be
dpdk: increase timeout for DPDK test runs
11 months ago
365a66ac1c
ci: clean some disk space to run CIFuzz again
11 months ago
e54084fa87
dpdk: implement DPDK SW tests
...
Implement Github CI tests to run DPDK Suri with the minimal
configuration to verify that Suricata can start in both IDS
and IPS configuration.
11 months ago
78313100a4
ci: bump up the DPDK versions
11 months ago
34f53f85bc
systemd: reimplement sd_notify logic using UNIX socket
...
One of the lessons of the XZ backdoor story was that just linking to
libsystemd to call sd_notify is discouraged by the systemd project:
Lennart Poettering:
"PSA: In context of the xzpocalypse we now added an example reimplementation
of sd_notify() to our man page:
https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes
It's pretty comprehensive (i.e. uses it for reload notification too), but
still relatively short.
In the past, I have been telling anyone who wanted to listen that if all you
want is sd_notify() then don't bother linking to libsystemd, since the
protocol is stable and should be considered the API, not our C wrapper
around it. After all, the protocol is so trivial"
From: https://mastodon.social/@pid_eins/112202687764571433
This commit takes the example code and uses it to reimplement the notify
logic.
The code is enabled if Linux is detected in configure. Since the code
won't do anything if the NOTIFY_SOCKET env var isn't set, this should
also work fine on systems w/o systemd.
Ticket: #6913 .
11 months ago
d310d00eb0
github-actions: bump github/codeql-action from 3.24.6 to 3.24.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.6 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.6...v3.24.9 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago
6035a8a2b6
github-ci: set checkout directory as safe before running git commands
...
While the checkout job appears to do this, it is done with a different
version of git which seems to be the cause for it not having an effect
when doing manual git operations from within a job.
Also removes duplicate checkout statements in Windows builds.
11 months ago
23463b9814
github-actions: bump codecov/codecov-action from 4.1.0 to 4.1.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](54bcd8715e...c16abc29c9
11 months ago
a2c817243f
rust: add MSRV as rust-version
...
Update github-actions to use it for the MSRV check.
12 months ago
632e52ca2b
ci: update ubuntu22.04 builds with clang14+asan
...
using a workround about ASLR
12 months ago
c6c1eac301
github-actions: bump actions/download-artifact from 4.1.3 to 4.1.4
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](87c55149d9...c850b930e6
1 year ago
f1b0f7c46b
github-actions: bump github/codeql-action from 3.24.5 to 3.24.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.5 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.5...v3.24.6 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 year ago
0dc3de332a
examples: minimal example capture plugin for ci
...
Create a mininal capture plugin that injects one packet. While it can
also be a template, we should be able to run this in CI to test the
loading and registration of the capture plugin mechanisms.
1 year ago
c283e8565a
github-actions: bump codecov/codecov-action from 4.0.1 to 4.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](e0b68c6749...54bcd8715e
1 year ago
13da6498b5
github-actions: bump actions/download-artifact from 4.1.2 to 4.1.3
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...87c55149d9
1 year ago
07ec8b202e
github-actions: bump github/codeql-action from 3.24.3 to 3.24.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.3 to 3.24.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.3...v3.24.5 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 year ago
92980a11a3
github-actions: bump github/codeql-action from 3.24.1 to 3.24.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.1 to 3.24.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.1...v3.24.3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 year ago
2421b024f2
examples: program linking against library
...
Provide an example of an extremely simple application that links
against Suricata. This provides a Makefile integrated with the
Suricata build system for in-tree building, as well as an example
Makefile for building out of tree.
Currently this application just wraps SuricataMain and does nothing
else.
1 year ago
6d792f017b
examples/plugin: simplify Makefile
...
Simplify the Makefile by avoiding automake and providing our own
Makefile.in that is suitable for in-tree builds of the plugin and can
also serve as an example for standalone plugins.
But the bigger benefit of this is to allow building the example plugin
even with --disable-shared provided to configure, as this is just a
phony limitation imposed by automake/libtool.
1 year ago
6198ea5a91
github-ci: use all cpus for coccinelle checks
...
Also put "cocci" in the job name and install parallel so the script can
actually run with concurrency.
1 year ago
41a621178f
ci: right sha for authors check
1 year ago
fa98c48e65
github-actions: bump github/codeql-action from 2.24.0 to 3.24.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.24.0 to 3.24.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v2.24.0...v3.24.1 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
1 year ago
2242d10fa0
github-ci: fix authors check with special characters
...
Dependabot is always getting flagged as a new author even tho it uses
a consistent author of:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
But this doesn't work with plain grep. Fix by telling grep to treat
the value as a fixed string instead of a regular expression.
1 year ago
a87943d9bf
github-ci: apply read-only permissions to more workflows
...
- authors.yml
- codeql.yml
- scan-build.yml
1 year ago
f9a4e9c588
codeql: add security-extended query suite
...
Add the CodeQL security-extended suite to
the CodeQL workflow configuration.
1 year ago
7881e85088
github-actions: bump github/codeql-action from 2 to 3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
1 year ago
be07d96c3d
github-actions: bump codecov/codecov-action from 3.1.1 to 4.0.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.1 to 4.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](d9f34f8cd5...e0b68c6749
1 year ago
7c98134624
github-ci: cancel previous job for all workflows
...
Previously only enabled in build.yml, apply cancen-in-progress to all
workflow files.
1 year ago
d5a3bfcab6
github-ci: don't depend on cbindgen when installed from package
1 year ago
49834eabf1
github-ci: update actions/github-script
1 year ago
e786297497
github-ci: update actions/checkout
1 year ago
32d55febed
github-ci: update actions/cache
1 year ago
5bfaeb3bf5
github-ci: update {download,upload} artifact actions
...
Multiple uploads can no longer use the same name, so give the cbindgen
artifact its own name of "cbindgen". Requires an additional download
for each build depending on this cbindgen artifact.
1 year ago
8522256aaa
github-ci: use all cores available
...
GitHub action Linux runners now have 4 cores, instead of hardcoding
the number, use nproc to determine how many cores are available and
use them.
1 year ago
6922fef4ab
github-ci: move centos-7 build to its own workflow
...
CentOS 7 requires older actions due to newer GitHub actions depending
on a newer glibc. So move to its own workflow file so the main builds
can move forward to newer versions of actions.
1 year ago
edfda9f69f
rust: weekly cargo audit and update
...
Add GitHub actions to perform:
- cargo audit: catch new warnings in dependendent packages
- cargo update: catch updated dependencies that depend on a new MSRV
than we use
1 year ago
9fe00ff710
config/jansson: Remove excess libjansson mentions
...
Issue: 6712
Remove multiple occurrences of libjansson installation packages.
1 year ago
ee6208be9d
config/nss: Remove libnspr/libnss traces
...
Issue: 6712
1 year ago
7f5e98e6df
ci: authors check using OISF repo
...
As flagged critical by codescan
1 year ago
6de885c603
ci: update scorecard analysis workflow
1 year ago
d73ccd0f52
ci: run clippy without all features
1 year ago
bedd48596f
ci: run clippy on test code as well
1 year ago
93071501b5
github-ci/formatting: update to Ubuntu 22.04
...
Update the formatting CI job to Ubuntu 22.04 to get a newer version of
clang-format, in this case clang-format-14.
1 year ago
c82d93490c
github/action: fix Debian 12 intermittent failures
...
Parallel builds caused issues during `cargo vendor`. So do just a single
thread build.
make[4]: Entering directory '/__w/suricata/suricata/rust'
cbindgen --config /__w/suricata/suricata/rust/cbindgen.toml \
--quiet --output /__w/suricata/suricata/rust/dist/rust-bindings.h
CARGO_HOME="/github/home/.cargo" /usr/bin/cargo vendor
Blocking waiting for file lock on package cache
Blocking waiting for file lock on package cache
ERROR: Couldn't execute `cargo metadata` with manifest "/__w/suricata/suricata/rust/Cargo.toml": Metadata(Output { status: ExitStatus(unix_wait_status(25856)), stdout: "", stderr: " Blocking waiting for file lock on package cache\n Blocking waiting for file lock on package cache\nerror: failed to download `adler v1.0.2`\n\nCaused by:\n unable to get packages from source\n\nCaused by:\n failed to parse manifest at `/github/home/.cargo/registry/src/github.com-1ecc6299db9ec823/adler-1.0.2/Cargo.toml`\n\nCaused by:\n no targets specified in the manifest\n either src/lib.rs, src/main.rs, a [lib] section, or [[bin]] section must be present\n" })
ERROR: Couldn't generate bindings for /__w/suricata/suricata/rust.
make[4]: *** [Makefile:597: dist/rust-bindings.h] Error 1
make[4]: *** Waiting for unfinished jobs....
1 year ago
64d12aacc8
ebpf: Update eBPF map to BTF defined map
...
legacy map definition is removed from libbpf1.0+.
update the legacy map definition to BTF defined map.
Distros with < libbpf1.0 (0.5, 0.6, 0.7, 0.8) bpf_helpers.h
support BTF map definition, this change does not break
old libbpf and support new libpbf1.0+.
Bug: #6250
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Co-authored-by: Victor Julien <vjulien@oisf.net>
1 year ago
d2b25af3f4
examples: add an example plugin of an eve filetype
...
This is an example of what adding plugin examples to the Suricata repo
could look like.
This plugin is an example plugin for an EVE filetype. It could be
extended to support outputs like Redis, syslog, etc.
There is one issue with adding plugins like this to an autotools
project, the project can't be built with --disable-shared, which is
more of an autotools limitation, and not really a Suricata issue.
Suricata built with --disable-shared will load plugins just fine.
Note that the examples directory was added as DIST_SUBDIRS as we don't
want normal builds to recurse into it and attempt to build the plugin,
its just an example, but we still need to keep distcheck happy.
1 year ago
bec1d8ca9f
github-ci: don't add author names/emails to new author comment
...
The new author details will still be available in the artifact, we're
just not calling them out in a nighly visible pull request comment.
1 year ago
2b9603d94d
github-ci: cancel previous builds workflow for branch
...
On a push of the same branch, cancel the previous running builds.yml
workflow.
1 year ago
741ba51c1e
github-ci: Fedora 37 to 39; use packaged cbindgen
1 year ago
c53086575a
dpdk: update DPDK builder versions
1 year ago
e65c052414
build/nss: Remove libnss from CI
2 years ago
a4f670622e
workflows: use s-v --debug-failed
2 years ago
ae5c65fb49
github-ci: disable some workflows on doc only changes
...
Don't run the following GitHub workflows on documentation only
changes:
- cifuzz
- codeql
- formatting
- rust
- scan-build
2 years ago
f511b176bf
github-ci: don't build docs in almalinux:8, centos:8
...
Our docs require a newer version of Sphinx.
2 years ago
7f822ba053
github-ci: run cocci in fedora 38
2 years ago
4ccc9aed01
github-ci: remove fedora 36 builds
...
Fedora 36 is now EOL.
2 years ago
84674f4205
github-ci: update rust versions
...
New minimum Rust version: 1.63.0.
Current latest known good version: 1.70.0.
Add test specifically for MSRV as we didn't have one.
Ticket: #4163
2 years ago
ebdf482580
github-ci: add CentOS Stream builders
...
Builders for CentOS Stream 8 and 9.
2 years ago
ca68b6b994
github-ci: replace dist builder with Debian 12
...
Add new dist builder job based on Debian 12. Debian 12 gives us news
Sphinx that AlmaLinux 8, plus avoids any potential disruption in the
RHEL rebuild ecosystem.
Also make dist building its own job so it finishes quicker, allowing
other jobs to proceed. The new non-dist building Debian 12 job will
still do a complete distcheck, as do other jobs.
2 years ago
96dd6a7ca0
github-ci: add Debian 12 builder
2 years ago
f870dcd4cc
github-ci: allow pull request URL in SV_BRANCH
...
Allow the SV_BRANCH variable to contain the full link to an
OISF/suricata-verify pull request. This will cause GitHub to create a
cross-link for us.
2 years ago
83afccd932
github-ci: update action: setup-msys2
...
Use @v2, hopefully the dependency bot will keep it up to date now.
2 years ago
37d68230f8
github-ci: use latest version of actions/upload-artifact
2 years ago
d576be2452
github-ci: update actions/cache to v3.3.1
2 years ago
3dfd5ddaed
github-ci: use same version (3.0.2) for actions/download-artifact
2 years ago
04ba1a7ef6
github-ci: update actions/checkout to v3.5.3
2 years ago
6d7923c80b
github-ci: check for suricata-update example configuration files
...
Check that the Suricata-Update example configuration files are
installed.
2 years ago
Lukas Sismis
Victor Julien
dependabot[bot]
Jason Ish
Jo Johnson
Philippe Antoine
Lukas Sismis
Daniel Olatunji
Jeff Lucovsky
Vincent Li
Shivani Bhardwaj