name: build-centos-7

on:
  push:
  pull_request:
  workflow_dispatch:
    inputs:
      LIBHTP_REPO:
      LIBHTP_BRANCH:
      SU_REPO:
      SU_BRANCH:
      SV_REPO:
      SV_BRANCH:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions: read-all

env:
  DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify
  DEFAULT_SV_BRANCH: master
  DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function"

jobs:
  centos-7:
    runs-on: ubuntu-latest
    container: centos:7
    steps:
      - name: Cache cargo registry
        uses: actions/cache@v3.3.3
        with:
          path: ~/.cargo
          key: ${{ github.job }}-cargo

      - name: Cache RPMs
        uses: actions/cache@v3.3.3
        with:
          path: /var/cache/yum
          key: ${{ github.job }}-yum

      - name: Determine number of CPUs
        run: echo CPUS=$(nproc --all) >> $GITHUB_ENV

      - run: |
          yum -y install epel-release
          yum -y install \
                autoconf \
                automake \
                cargo \
                curl \
                diffutils \
                file-devel \
                gcc \
                gcc-c++ \
                git \
                jansson-devel \
                jq \
                lua-devel \
                libtool \
                libyaml-devel \
                libnfnetlink-devel \
                libnetfilter_queue-devel \
                libnet-devel \
                libcap-ng-devel \
                libevent-devel \
                libmaxminddb-devel \
                libpcap-devel \
                lz4-devel \
                make \
                nss-devel \
                pcre2-devel \
                pkgconfig \
                python36-PyYAML \
                rust \
                sudo \
                which \
                zlib-devel
      - name: Parse repo and branch information
        env:
          # We fetch the actual pull request to get the latest body as
          # github.event.pull_request.body has the body from the
          # initial pull request.
          PR_HREF: ${{ github.event.pull_request._links.self.href }}
        run: |
          if test "${PR_HREF}"; then
              body=$(curl -s "${PR_HREF}" | jq -r .body | tr -d '\r')

              echo "Parsing branch and PR info from:"
              echo "${body}"

              LIBHTP_REPO=$(echo "${body}" | awk -F = '/^LIBHTP_REPO=/ { print $2 }')
              LIBHTP_BRANCH=$(echo "${body}" | awk -F = '/^LIBHTP_BRANCH=/ { print $2 }')

              SU_REPO=$(echo "${body}" | awk -F = '/^SU_REPO=/ { print $2 }')
              SU_BRANCH=$(echo "${body}" | awk -F = '/^SU_BRANCH=/ { print $2 }')

              SV_REPO=$(echo "${body}" | awk -F = '/^SV_REPO=/ { print $2 }')
              SV_BRANCH=$(echo "${body}" | awk -F = '/^SV_BRANCH=/ { print $2 }')
          else
              echo "No pull request body, will use inputs or defaults."
              LIBHTP_REPO=${{ inputs.LIBHTP_REPO }}
              LIBHTP_BRANCH=${{ inputs.LIBHTP_BRANCH }}
              SU_REPO=${{ inputs.SU_REPO }}
              SU_BRANCH=${{ inputs.SU_BRANCH }}
              SV_REPO=${{ inputs.SV_REPO }}
              SV_BRANCH=${{ inputs.SV_BRANCH }}
          fi

          # If the _REPO variables don't contain a full URL, add GitHub.
          if [ "${LIBHTP_REPO}" ] && ! echo "${LIBHTP_REPO}" | grep -q '^https://'; then
              LIBHTP_REPO="https://github.com/${LIBHTP_REPO}"
          fi
          if [ "${SU_REPO}" ] && ! echo "${SU_REPO}" | grep -q '^https://'; then
              SU_REPO="https://github.com/${SU_REPO}"
          fi
          if [ "${SV_REPO}" ] && ! echo "${SV_REPO}" | grep -q '^https://'; then
              SV_REPO="https://github.com/${SV_REPO}"
          fi

          echo LIBHTP_REPO=${LIBHTP_REPO} | tee -a ${GITHUB_ENV}
          echo LIBHTP_BRANCH=${LIBHTP_BRANCH} | tee -a ${GITHUB_ENV}

          echo SU_REPO=${SU_REPO} | tee -a ${GITHUB_ENV}
          echo SU_BRANCH=${SU_BRANCH} | tee -a ${GITHUB_ENV}

          echo SV_REPO=${SV_REPO:-${DEFAULT_SV_REPO}} | tee -a ${GITHUB_ENV}
          echo SV_BRANCH=${SV_BRANCH:-${DEFAULT_SV_BRANCH}} | tee -a ${GITHUB_ENV}

      - name: Annotate output
        run: |
          echo "::notice:: LIBHTP_REPO=${LIBHTP_REPO}"
          echo "::notice:: LIBHTP_BRANCH=${LIBHTP_BRANCH}"
          echo "::notice:: SU_REPO=${SU_REPO}"
          echo "::notice:: SU_BRANCH=${SU_BRANCH}"
          echo "::notice:: SV_REPO=${SV_REPO}"
          echo "::notice:: SV_BRANCH=${SV_BRANCH}"

      - name: Install cbindgen
        run: |
          cargo install --debug cbindgen
          echo "$HOME/.cargo/bin" >> $GITHUB_PATH

      # Now checkout Suricata for the bundle script.
      - name: Checking out Suricata
        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744

      - run: ./scripts/bundle.sh

      - name: Fetching suricata-verify
        run: |
          # Looking for a pull request number. in the SV_BRANCH
          # value. This could be "pr/NNN", "pull/NNN" or a link to an
          # OISF/suricata-verify pull request.
          pr=$(echo "${SV_BRANCH}" | sed -n \
              -e 's/^https:\/\/github.com\/OISF\/suricata-verify\/pull\/\([0-9]*\)$/\1/p' \
              -e 's/^pull\/\([0-9]*\)$/\1/p' \
              -e 's/^pr\/\([0-9]*\)$/\1/p')
          if [ "${pr}" ]; then
              SV_BRANCH="refs/pull/${pr}/head"
              echo "Using suricata-verify pull-request ${SV_BRANCH}"
          else
              echo "Using suricata-verify branch ${SV_BRANCH}"
          fi
          git clone --depth 1 ${SV_REPO} suricata-verify
          cd suricata-verify
          git fetch --depth 1 origin ${SV_BRANCH}
          git -c advice.detachedHead=false checkout FETCH_HEAD

      - run: ./autogen.sh
      - run: ./configure
      - run: make -j ${{ env.CPUS }}
      - run: python3 ./suricata-verify/run.py -q --debug-failed
      - run: make install-full
      - run: suricata-update -V
      - run: suricatasc -h