forked from OISF/suricata
-
Notifications
You must be signed in to change notification settings - Fork 2
175 lines (163 loc) · 5.24 KB
/
rust-checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
name: Cargo Audit and Update
on:
schedule:
# Run on Monday mornings, 11AM UTC.
- cron: '0 11 * * 1'
pull_request:
# Enable push for testing when working on this file.
#push:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: read-all
jobs:
# This job runs `cargo audit` and will exit with a failure code if
# any warnings are raised.
audit:
name: Cargo Audit
runs-on: ubuntu-latest
container: almalinux:9
steps:
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Install system packages
run: |
dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enabled crb
dnf -y install \
autoconf \
automake \
cbindgen \
diffutils \
numactl-devel \
dpdk-devel \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-devel \
python3-sphinx \
python3-yaml \
sudo \
which \
zlib-devel
- name: Install Rust
run: |
curl https://sh.rustup.rs -sSf | sh -s -- -y
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Install Cargo Audit
run: cargo install cargo-audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Configure Suricata
run: |
./scripts/bundle.sh libhtp
./autogen.sh
./configure --enable-warnings
- name: Run Cargo Audit
working-directory: rust
run: |
IGNORES=()
# failure, via bendy
IGNORES+=(--ignore RUSTSEC-2020-0036)
# failure, via bendy
IGNORES+=(--ignore RUSTSEC-2019-0036)
cargo audit -D warnings "${IGNORES[@]}"
# This job uses our MSRV and does a `cargo update` with the idea
# that it should catch early any dependencies that have done a patch
# update pulling in a new MSRV. This would be an indicator that we
# have to more tightly pin the dependency, or even attempt to pin a
# transitive dependency.
update:
name: Cargo Update
runs-on: ubuntu-latest
container: almalinux:9
steps:
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Install system packages
run: |
dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enabled crb
dnf -y install \
autoconf \
automake \
cbindgen \
diffutils \
numactl-devel \
dpdk-devel \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-devel \
python3-sphinx \
python3-yaml \
sudo \
which \
zlib-devel
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Install Minimum Supported Rust Version
run: |
curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain $(awk -F '"' '/rust-version/ { print $2 }' rust/Cargo.toml.in)
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Configure Suricata
run: |
./scripts/bundle.sh libhtp
./autogen.sh
./configure --enable-warnings
- name: Cargo Update and Build
working-directory: rust
run: |
cargo update
cargo build --all-features --all-targets