aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9fd56e8430'
${ noResults }
suricata/.github/workflows/builds.yml

723 lines
22 KiB
YAML
Raw Blame History

name: builds
on:
- push
- pull_request
env:
DEFAULT_LIBHTP_REPO: https://github.com/OISF/libhtp
DEFAULT_LIBHTP_BRANCH: 0.5.x
DEFAULT_SU_REPO: https://github.com/OISF/suricata-update
DEFAULT_SU_BRANCH: master
DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify
DEFAULT_SV_BRANCH: master
jobs:
prep:
name: Prepare Build
runs-on: ubuntu-latest
steps:
- run: sudo apt update && sudo apt -y install jq curl
- name: Parse repo and branch information
env:
# We fetch the actual pull request to get the latest body as
# github.event.pull_request.body has the body from the
# initial pull request.
PR_HREF: ${{ github.event.pull_request._links.self.href }}
run: |
if test "${PR_HREF}"; then
body=$(curl -s "${PR_HREF}" | jq -r .body)
libhtp_repo=$(echo "${body}" | awk '/^libhtp-repo/ { print $2 }')
libhtp_branch=$(echo "${body}" | awk '/^libhtp-branch/ { print $2 }')
su_repo=$(echo "${body}" | awk '/^suricata-update-repo/ { print $2 }')
su_branch=$(echo "${body}" | awk '/^suricata-update-branch/ { print $2 }')
sv_repo=$(echo "${body}" | awk '/^suricata-verify-repo/ { print $2 }')
sv_branch=$(echo "${body}" | awk '/^suricata-verify-branch/ { print $2 }')
fi
echo "::set-env name=libhtp_repo::${libhtp_repo:-${DEFAULT_LIBHTP_REPO}}"
echo "::set-env name=libhtp_branch::${libhtp_branch:-${DEFAULT_LIBHTP_BRANCH}}"
echo "::set-env name=su_repo::${su_repo:-${DEFAULT_SU_REPO}}"
echo "::set-env name=su_branch::${su_branch:-${DEFAULT_SU_BRANCH}}"
echo "::set-env name=sv_repo::${sv_repo:-${DEFAULT_SV_REPO}}"
echo "::set-env name=sv_branch::${sv_branch:-${DEFAULT_SV_BRANCH}}"
- name: Fetching libhtp
run: |
echo "Downloading ${libhtp_repo}/archive/${libhtp_branch}.tar.gz"
mkdir libhtp
cd libhtp
curl -Ls ${libhtp_repo}/archive/${libhtp_branch}.tar.gz | \
tar zxf - --strip-components=1
cd ..
tar zcf libhtp.tar.gz libhtp
rm -rf libhtp
- name: Fetching suricata-update
run: |
echo "Downloading ${su_repo}/archive/${su_branch}.tar.gz"
mkdir suricata-update
cd suricata-update
curl -Ls ${su_repo}/archive/${su_branch}.tar.gz | \
tar zxf - --strip-components=1
cd ..
tar zcf suricata-update.tar.gz suricata-update
rm -rf suricata-update
- name: Fetching suricata-verify
run: |
echo "Downloading ${sv_repo}/archive/${sv_branch}.tar.gz"
mkdir suricata-verify
cd suricata-verify
curl -Ls ${sv_repo}/archive/${sv_branch}.tar.gz | \
tar zxf - --strip-components=1
cd ..
tar zcf suricata-verify.tar.gz suricata-verify
rm -rf suricata-verify
- uses: actions/upload-artifact@v2
name: Uploading prep archive
with:
name: prep
path: .
centos-8:
name: CentOS 8
runs-on: ubuntu-latest
container: centos:8
needs: prep
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@v1
with:
path: ~/.cargo/registry
key: cargo-registry
- uses: actions/checkout@v2
# Download and extract dependency archives created during prep
# job.
- uses: actions/download-artifact@v2
with:
name: prep
path: prep
- run: tar xvf prep/libhtp.tar.gz
- run: tar xvf prep/suricata-update.tar.gz
- run: tar xvf prep/suricata-verify.tar.gz
- name: Install system packages
run: |
yum -y install dnf-plugins-core
yum config-manager --set-enabled PowerTools
yum -y install \
autoconf \
automake \
cargo-vendor \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
lua-devel \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
nss-devel \
pcre-devel \
pkgconfig \
python3-devel \
python3-sphinx \
python3-yaml \
rust-toolset \
sudo \
which \
zlib-devel
# These packages required to build the PDF.
yum -y install \
texlive-latex \
texlive-cmap \
texlive-collection-latexrecommended \
texlive-fncychap \
texlive-titlesec \
texlive-tabulary \
texlive-framed \
texlive-wrapfig \
texlive-upquote \
texlive-capt-of \
texlive-needspace \
- name: Install cbindgen
run: cargo install --force --debug --version 0.14.1 cbindgen
- run: echo "::add-path::$HOME/.cargo/bin"
- name: Configuring
run: |
./autogen.sh
./configure
- run: make -j2 distcheck
env:
DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks"
- run: test -e doc/userguide/suricata.1
- name: Preparing distribution
run: |
mkdir dist
mv suricata-*.tar.gz dist
- uses: actions/upload-artifact@v1
name: Uploading distribution
with:
name: dist
path: dist
centos-7:
name: CentOS 7
runs-on: ubuntu-latest
container: centos:7
needs: centos-8
steps:
- name: Install system dependencies
run: |
yum -y install epel-release
yum -y install \
cargo \
diffutils \
file-devel \
gcc \
gcc-c++ \
jansson-devel \
jq \
lua-devel \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
lz4-devel \
make \
nss-devel \
pcre-devel \
pkgconfig \
rust \
sudo \
which \
zlib-devel
- name: Download suricata.tar.gz
uses: actions/download-artifact@v2
with:
name: dist
- run: tar zxvf suricata-*.tar.gz --strip-components=1
- run: ./configure
- run: make -j2
- run: make install
- run: make install-conf
- run: make distcheck
- run: make clean
- run: make -j2
centos-6:
name: CentOS 6
runs-on: ubuntu-latest
container: centos:6
needs: centos-8
steps:
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.34.2 -y
- run: echo "::add-path::$HOME/.cargo/bin"
- name: Install system dependencies
run: |
yum -y install epel-release
yum -y install \
file-devel \
gcc \
gcc-c++ \
jq \
jansson-devel \
make \
libyaml-devel \
libpcap-devel \
pcre-devel \
python34-PyYAML \
nss-devel \
sudo \
which \
zlib-devel
- name: Download suricata.tar.gz
# Can't use @v2 here as it uses a binary that requires a newer
# glibc than provided by CentOS 6.
uses: actions/download-artifact@v1
with:
name: dist
- run: tar xvf dist/suricata-*.tar.gz --strip-components=1
- run: ./configure
- run: make -j2
- run: make install
- run: make install-conf
fedora-31:
name: Fedora 31
runs-on: ubuntu-latest
container: fedora:31
needs: prep
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@v1
with:
path: ~/.cargo/registry
key: cargo-registry
- run: |
dnf -y install \
autoconf \
automake \
cargo \
ccache \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
lua-devel \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
nspr-devel \
nss-devel \
nss-softokn-devel \
pcre-devel \
pkgconfig \
python3-yaml \
sudo \
which \
zlib-devel
- name: Installing packages to build documentation
run: |
dnf -y install \
python3-sphinx \
texlive-scheme-full
- name: Install cbindgen
run: cargo install --force --debug --version 0.14.1 cbindgen
- run: echo "::add-path::$HOME/.cargo/bin"
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: ./autogen.sh
- run: ./configure --enable-unittests
- run: make -j2
- run: make check
- run: make dist
- run: test -e doc/devguide/devguide.pdf
- run: test -e doc/userguide/userguide.pdf
- run: make distcheck
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py
ubuntu-18-04:
name: Ubuntu 18.04 (Cocci)
runs-on: ubuntu-18.04
container: ubuntu:18.04
needs: prep
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@v1
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre3 \
libpcre3-dev \
build-essential \
autoconf \
automake \
git \
jq \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1.6 \
libjansson-dev \
libpython2.7 \
make \
parallel \
python3-yaml \
rustc \
software-properties-common \
zlib1g \
zlib1g-dev \
exuberant-ctags
- name: Install packages for generating documentation
run: |
DEBIAN_FRONTEND=noninteractive apt -y install \
sphinx-doc \
sphinx-common \
texlive-latex-base \
texlive-fonts-recommended \
texlive-fonts-extra \
texlive-latex-extra
- name: Install Coccinelle
run: |
add-apt-repository -y ppa:npalix/coccinelle
apt -y install coccinelle
- name: Install cbindgen
run: cargo install --force --debug --version 0.14.1 cbindgen
- run: echo "::add-path::$HOME/.cargo/bin"
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: ./autogen.sh
- run: ./configure --enable-unittests --enable-coccinelle
- run: make -j2
- run: make tags
- name: Running unit tests and cocci checks
# Set the concurrency level for cocci.
run: CONCURRENCY_LEVEL=2 make check
- run: make dist
- name: Checking that documentation was built
run: |
test -e doc/devguide/devguide.pdf
test -e doc/userguide/userguide.pdf
test -e doc/userguide/suricata.1
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py
# test build with afl and fuzztargets
ubuntu-18-04-fuzz:
name: Ubuntu 18.04 (Fuzz)
runs-on: ubuntu-18.04
container: ubuntu:18.04
needs: prep
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@v1
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Install dependencies
run: |
apt update
apt -y install \
afl \
afl-clang \
libpcre3 \
libpcre3-dev \
build-essential \
autoconf \
automake \
git \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libhiredis-dev \
libjansson-dev \
libjansson-dev \
libpython2.7 \
make \
rustc \
software-properties-common \
zlib1g \
zlib1g-dev
- name: Install cbindgen
run: cargo install --force --debug --version 0.14.1 cbindgen
- run: echo "::add-path::$HOME/.cargo/bin"
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: ./autogen.sh
- run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ ./configure --enable-fuzztargets --disable-shared
- run: AFL_HARDEN=1 make -j2
# An Ubuntu 16.04 build using the tarball generated in the CentOS 8
# build above.
ubuntu-16-04:
name: Ubuntu 16.04
runs-on: ubuntu-latest
container: ubuntu:16.04
needs: centos-8
steps:
- name: Install dependencies
run: |
apt update
apt -y install \
build-essential \
curl \
libcap-ng-dev \
libcap-ng0 \
libevent-dev \
libhiredis-dev \
libjansson-dev \
libmagic-dev \
libnet1-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnss3-dev \
libpcre3 \
libpcre3-dev \
libpcap-dev \
libyaml-0-2 \
libyaml-dev \
make \
python3-yaml \
zlib1g \
zlib1g-dev
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.34.2 -y
- run: echo "::add-path::$HOME/.cargo/bin"
- name: Download suricata.tar.gz
uses: actions/download-artifact@v2
with:
name: dist
- name: Extract
run: tar zxvf suricata-*.tar.gz --strip-components=1
- name: Configure
run: ./configure
- name: Build
run: make -j2
- name: Testing
run: make check
- run: make install
- run: make install-conf
- run: make install-rules
debian-10:
name: Debian 10
runs-on: ubuntu-latest
container: debian:10
needs: prep
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@v1
with:
path: ~/.cargo/registry
key: cargo-registry
- run: |
apt update
apt -y install \
automake \
autoconf \
build-essential \
ccache \
curl \
git \
gosu \
jq \
libpcre3 \
libpcre3-dbg \
libpcre3-dev \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libjansson-dev \
libnss3-dev \
libgeoip-dev \
liblua5.1-dev \
libhiredis-dev \
libevent-dev \
libtool \
m4 \
make \
python-yaml \
pkg-config \
rustc \
sudo \
zlib1g \
zlib1g-dev
- name: Install cbindgen
run: cargo install --force --debug --version 0.14.1 cbindgen
- run: echo "::add-path::$HOME/.cargo/bin"
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: ./autogen.sh
- run: ./configure --enable-unittests --enable-fuzztargets
- run: make -j2
- run: make check
- run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: ./suricata-verify/run.py
debian-9:
name: Debian 9
runs-on: ubuntu-latest
container: debian:9
needs: prep
steps:
- run: |
apt update
apt -y install \
automake \
autoconf \
build-essential \
ccache \
curl \
git-core \
gosu \
jq \
libpcre3 \
libpcre3-dbg \
libpcre3-dev \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libjansson-dev \
libnss3-dev \
libgeoip-dev \
liblua5.1-dev \
libhiredis-dev \
libevent-dev \
libtool \
m4 \
make \
python-yaml \
pkg-config \
sudo \
zlib1g \
zlib1g-dev
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.34.2 -y
- run: echo "::add-path::$HOME/.cargo/bin"
- name: Install cbindgen
run: cargo install --force --debug --version 0.14.1 cbindgen
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: ./autogen.sh
- run: ./configure --enable-unittests
- run: make -j2
- run: make check
- run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: ./suricata-verify/run.py
macos-latest:
name: MacOS Latest
runs-on: macos-latest
needs: prep
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@v1
with:
path: ~/.cargo/registry
key: cargo-registry
- run: |
brew install \
autoconf \
automake \
curl \
hiredis \
jansson \
jq \
libmagic \
libnet \
libtool \
libyaml \
lua \
nss \
nspr \
pcre \
pkg-config \
rust \
xz
- name: Install cbindgen
run: cargo install --force --debug --version 0.14.1 cbindgen
- run: echo "::add-path::$HOME/.cargo/bin"
- run: pip install PyYAML
- uses: actions/checkout@v2
- name: Downloading prep archive
uses: actions/download-artifact@v2
with:
name: prep
path: prep
- run: tar xvf prep/libhtp.tar.gz
- run: ./autogen.sh
- run: ./configure --enable-unittests
- run: make -j2
- run: make check
- run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: ./suricata-verify/run.py
Reference in New Issue View Git Blame Copy Permalink