name: builds on: - push - pull_request env: DEFAULT_LIBHTP_REPO: https://github.com/OISF/libhtp DEFAULT_LIBHTP_BRANCH: 0.5.x DEFAULT_SU_REPO: https://github.com/OISF/suricata-update DEFAULT_SU_BRANCH: master DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify DEFAULT_SV_BRANCH: master jobs: prep: name: Prepare Build runs-on: ubuntu-latest steps: - run: sudo apt update && sudo apt -y install jq curl - name: Parse repo and branch information env: # We fetch the actual pull request to get the latest body as # github.event.pull_request.body has the body from the # initial pull request. PR_HREF: ${{ github.event.pull_request._links.self.href }} run: | if test "${PR_HREF}"; then body=$(curl -s "${PR_HREF}" | jq -r .body) libhtp_repo=$(echo "${body}" | awk '/^libhtp-repo/ { print $2 }') libhtp_branch=$(echo "${body}" | awk '/^libhtp-branch/ { print $2 }') su_repo=$(echo "${body}" | awk '/^suricata-update-repo/ { print $2 }') su_branch=$(echo "${body}" | awk '/^suricata-update-branch/ { print $2 }') sv_repo=$(echo "${body}" | awk '/^suricata-verify-repo/ { print $2 }') sv_branch=$(echo "${body}" | awk '/^suricata-verify-branch/ { print $2 }') fi echo "::set-env name=libhtp_repo::${libhtp_repo:-${DEFAULT_LIBHTP_REPO}}" echo "::set-env name=libhtp_branch::${libhtp_branch:-${DEFAULT_LIBHTP_BRANCH}}" echo "::set-env name=su_repo::${su_repo:-${DEFAULT_SU_REPO}}" echo "::set-env name=su_branch::${su_branch:-${DEFAULT_SU_BRANCH}}" echo "::set-env name=sv_repo::${sv_repo:-${DEFAULT_SV_REPO}}" echo "::set-env name=sv_branch::${sv_branch:-${DEFAULT_SV_BRANCH}}" - name: Fetching libhtp run: | echo "Downloading ${libhtp_repo}/archive/${libhtp_branch}.tar.gz" mkdir libhtp cd libhtp curl -Ls ${libhtp_repo}/archive/${libhtp_branch}.tar.gz | \ tar zxf - --strip-components=1 cd .. tar zcf libhtp.tar.gz libhtp rm -rf libhtp - name: Fetching suricata-update run: | echo "Downloading ${su_repo}/archive/${su_branch}.tar.gz" mkdir suricata-update cd suricata-update curl -Ls ${su_repo}/archive/${su_branch}.tar.gz | \ tar zxf - --strip-components=1 cd .. tar zcf suricata-update.tar.gz suricata-update rm -rf suricata-update - name: Fetching suricata-verify run: | echo "Downloading ${sv_repo}/archive/${sv_branch}.tar.gz" mkdir suricata-verify cd suricata-verify curl -Ls ${sv_repo}/archive/${sv_branch}.tar.gz | \ tar zxf - --strip-components=1 cd .. tar zcf suricata-verify.tar.gz suricata-verify rm -rf suricata-verify - uses: actions/upload-artifact@v2 name: Uploading prep archive with: name: prep path: . centos-8: name: CentOS 8 runs-on: ubuntu-latest container: centos:8 needs: prep steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v1 with: path: ~/.cargo/registry key: cargo-registry - uses: actions/checkout@v2 # Download and extract dependency archives created during prep # job. - uses: actions/download-artifact@v2 with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: tar xvf prep/suricata-update.tar.gz - run: tar xvf prep/suricata-verify.tar.gz - name: Install system packages run: | yum -y install dnf-plugins-core yum config-manager --set-enabled PowerTools yum -y install \ autoconf \ automake \ cargo-vendor \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ lua-devel \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nss-devel \ pcre-devel \ pkgconfig \ python3-devel \ python3-sphinx \ python3-yaml \ rust-toolset \ sudo \ which \ zlib-devel # These packages required to build the PDF. yum -y install \ texlive-latex \ texlive-cmap \ texlive-collection-latexrecommended \ texlive-fncychap \ texlive-titlesec \ texlive-tabulary \ texlive-framed \ texlive-wrapfig \ texlive-upquote \ texlive-capt-of \ texlive-needspace \ - name: Install cbindgen run: cargo install --force --debug --version 0.14.1 cbindgen - run: echo "::add-path::$HOME/.cargo/bin" - name: Configuring run: | ./autogen.sh ./configure - run: make -j2 distcheck env: DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks" - run: test -e doc/userguide/suricata.1 - name: Preparing distribution run: | mkdir dist mv suricata-*.tar.gz dist - uses: actions/upload-artifact@v1 name: Uploading distribution with: name: dist path: dist centos-7: name: CentOS 7 runs-on: ubuntu-latest container: centos:7 needs: centos-8 steps: - name: Install system dependencies run: | yum -y install epel-release yum -y install \ cargo \ diffutils \ file-devel \ gcc \ gcc-c++ \ jansson-devel \ jq \ lua-devel \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ lz4-devel \ make \ nss-devel \ pcre-devel \ pkgconfig \ rust \ sudo \ which \ zlib-devel - name: Download suricata.tar.gz uses: actions/download-artifact@v2 with: name: dist - run: tar zxvf suricata-*.tar.gz --strip-components=1 - run: ./configure - run: make -j2 - run: make install - run: make install-conf - run: make distcheck - run: make clean - run: make -j2 centos-6: name: CentOS 6 runs-on: ubuntu-latest container: centos:6 needs: centos-8 steps: - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.34.2 -y - run: echo "::add-path::$HOME/.cargo/bin" - name: Install system dependencies run: | yum -y install epel-release yum -y install \ file-devel \ gcc \ gcc-c++ \ jq \ jansson-devel \ make \ libyaml-devel \ libpcap-devel \ pcre-devel \ python34-PyYAML \ nss-devel \ sudo \ which \ zlib-devel - name: Download suricata.tar.gz # Can't use @v2 here as it uses a binary that requires a newer # glibc than provided by CentOS 6. uses: actions/download-artifact@v1 with: name: dist - run: tar xvf dist/suricata-*.tar.gz --strip-components=1 - run: ./configure - run: make -j2 - run: make install - run: make install-conf fedora-31: name: Fedora 31 runs-on: ubuntu-latest container: fedora:31 needs: prep steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v1 with: path: ~/.cargo/registry key: cargo-registry - run: | dnf -y install \ autoconf \ automake \ cargo \ ccache \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ lua-devel \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nspr-devel \ nss-devel \ nss-softokn-devel \ pcre-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - name: Installing packages to build documentation run: | dnf -y install \ python3-sphinx \ texlive-scheme-full - name: Install cbindgen run: cargo install --force --debug --version 0.14.1 cbindgen - run: echo "::add-path::$HOME/.cargo/bin" - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: ./autogen.sh - run: ./configure --enable-unittests - run: make -j2 - run: make check - run: make dist - run: test -e doc/devguide/devguide.pdf - run: test -e doc/userguide/userguide.pdf - run: make distcheck - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py ubuntu-18-04: name: Ubuntu 18.04 (Cocci) runs-on: ubuntu-18.04 container: ubuntu:18.04 needs: prep steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v1 with: path: ~/.cargo/registry key: cargo-registry - name: Install dependencies run: | apt update apt -y install \ libpcre3 \ libpcre3-dev \ build-essential \ autoconf \ automake \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1.6 \ libjansson-dev \ libpython2.7 \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags - name: Install packages for generating documentation run: | DEBIAN_FRONTEND=noninteractive apt -y install \ sphinx-doc \ sphinx-common \ texlive-latex-base \ texlive-fonts-recommended \ texlive-fonts-extra \ texlive-latex-extra - name: Install Coccinelle run: | add-apt-repository -y ppa:npalix/coccinelle apt -y install coccinelle - name: Install cbindgen run: cargo install --force --debug --version 0.14.1 cbindgen - run: echo "::add-path::$HOME/.cargo/bin" - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: ./autogen.sh - run: ./configure --enable-unittests --enable-coccinelle - run: make -j2 - run: make tags - name: Running unit tests and cocci checks # Set the concurrency level for cocci. run: CONCURRENCY_LEVEL=2 make check - run: make dist - name: Checking that documentation was built run: | test -e doc/devguide/devguide.pdf test -e doc/userguide/userguide.pdf test -e doc/userguide/suricata.1 - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py # test build with afl and fuzztargets ubuntu-18-04-fuzz: name: Ubuntu 18.04 (Fuzz) runs-on: ubuntu-18.04 container: ubuntu:18.04 needs: prep steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v1 with: path: ~/.cargo/registry key: cargo-registry - name: Install dependencies run: | apt update apt -y install \ afl \ afl-clang \ libpcre3 \ libpcre3-dev \ build-essential \ autoconf \ automake \ git \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libjansson-dev \ libpython2.7 \ make \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev - name: Install cbindgen run: cargo install --force --debug --version 0.14.1 cbindgen - run: echo "::add-path::$HOME/.cargo/bin" - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: ./autogen.sh - run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ ./configure --enable-fuzztargets --disable-shared - run: AFL_HARDEN=1 make -j2 # An Ubuntu 16.04 build using the tarball generated in the CentOS 8 # build above. ubuntu-16-04: name: Ubuntu 16.04 runs-on: ubuntu-latest container: ubuntu:16.04 needs: centos-8 steps: - name: Install dependencies run: | apt update apt -y install \ build-essential \ curl \ libcap-ng-dev \ libcap-ng0 \ libevent-dev \ libhiredis-dev \ libjansson-dev \ libmagic-dev \ libnet1-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnss3-dev \ libpcre3 \ libpcre3-dev \ libpcap-dev \ libyaml-0-2 \ libyaml-dev \ make \ python3-yaml \ zlib1g \ zlib1g-dev - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.34.2 -y - run: echo "::add-path::$HOME/.cargo/bin" - name: Download suricata.tar.gz uses: actions/download-artifact@v2 with: name: dist - name: Extract run: tar zxvf suricata-*.tar.gz --strip-components=1 - name: Configure run: ./configure - name: Build run: make -j2 - name: Testing run: make check - run: make install - run: make install-conf - run: make install-rules debian-10: name: Debian 10 runs-on: ubuntu-latest container: debian:10 needs: prep steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v1 with: path: ~/.cargo/registry key: cargo-registry - run: | apt update apt -y install \ automake \ autoconf \ build-essential \ ccache \ curl \ git \ gosu \ jq \ libpcre3 \ libpcre3-dbg \ libpcre3-dev \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libjansson-dev \ libnss3-dev \ libgeoip-dev \ liblua5.1-dev \ libhiredis-dev \ libevent-dev \ libtool \ m4 \ make \ python-yaml \ pkg-config \ rustc \ sudo \ zlib1g \ zlib1g-dev - name: Install cbindgen run: cargo install --force --debug --version 0.14.1 cbindgen - run: echo "::add-path::$HOME/.cargo/bin" - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: ./configure --enable-unittests --enable-fuzztargets - run: make -j2 - run: make check - run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: ./suricata-verify/run.py debian-9: name: Debian 9 runs-on: ubuntu-latest container: debian:9 needs: prep steps: - run: | apt update apt -y install \ automake \ autoconf \ build-essential \ ccache \ curl \ git-core \ gosu \ jq \ libpcre3 \ libpcre3-dbg \ libpcre3-dev \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libjansson-dev \ libnss3-dev \ libgeoip-dev \ liblua5.1-dev \ libhiredis-dev \ libevent-dev \ libtool \ m4 \ make \ python-yaml \ pkg-config \ sudo \ zlib1g \ zlib1g-dev - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.34.2 -y - run: echo "::add-path::$HOME/.cargo/bin" - name: Install cbindgen run: cargo install --force --debug --version 0.14.1 cbindgen - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: ./configure --enable-unittests - run: make -j2 - run: make check - run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: ./suricata-verify/run.py macos-latest: name: MacOS Latest runs-on: macos-latest needs: prep steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v1 with: path: ~/.cargo/registry key: cargo-registry - run: | brew install \ autoconf \ automake \ curl \ hiredis \ jansson \ jq \ libmagic \ libnet \ libtool \ libyaml \ lua \ nss \ nspr \ pcre \ pkg-config \ rust \ xz - name: Install cbindgen run: cargo install --force --debug --version 0.14.1 cbindgen - run: echo "::add-path::$HOME/.cargo/bin" - run: pip install PyYAML - uses: actions/checkout@v2 - name: Downloading prep archive uses: actions/download-artifact@v2 with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: ./autogen.sh - run: ./configure --enable-unittests - run: make -j2 - run: make check - run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: ./suricata-verify/run.py