1297d96592
github-actions: bump actions/upload-artifact from 4.3.1 to 4.3.3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.1 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fd
5 months ago
f14a4a1bf8
github-actions: bump github/codeql-action from 3.24.9 to 3.25.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.9 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.9...v3.25.3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
b9fbc5749d
github-actions: bump actions/download-artifact from 4.1.4 to 4.1.7
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.1.4 to 4.1.7.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](c850b930e6...65a9edc588
6 months ago
76314cc00e
github-actions: bump codecov/codecov-action from 4.1.1 to 4.3.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.1 to 4.3.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](c16abc29c9...5ecb98a3c6
6 months ago
2b80689ee4
github-actions: convert dpdk tests to use script
6 months ago
6edf05cdaa
github-actions: add dpdk ids live test script
6 months ago
ed9ad0048d
github-ci: add af-packet and dpdk codecov builds
...
Adds live tests for DPDK and AF_PACKET, with support for code coverage.
6 months ago
4fedba1140
github-ci: remove cocci from fedora 39 build
...
Cocci on Fedora 39+ gets stuck for some reason. Cocci has been moved
to a new Ubuntu 24.04 build.
6 months ago
1c2402f5e7
github-ci: add ubuntu 24.04 build with cocci
...
Rather basic 24.04 build for now, but use Cocci as Cocci is working
properly here, but not working in the latest Fedora releases.
6 months ago
47a1502dbb
ci: fix macos build
...
use brew instead of pip
limit the number of jobs for make
set a prefix where we can install
use brew flags for library finding
6 months ago
480955b1f8
github-ci: update fedora builds
...
f39 -> f40
f38 -> f39
6 months ago
3a27cfd7be
dpdk: increase timeout for DPDK test runs
6 months ago
365a66ac1c
ci: clean some disk space to run CIFuzz again
6 months ago
e54084fa87
dpdk: implement DPDK SW tests
...
Implement Github CI tests to run DPDK Suri with the minimal
configuration to verify that Suricata can start in both IDS
and IPS configuration.
6 months ago
78313100a4
ci: bump up the DPDK versions
6 months ago
34f53f85bc
systemd: reimplement sd_notify logic using UNIX socket
...
One of the lessons of the XZ backdoor story was that just linking to
libsystemd to call sd_notify is discouraged by the systemd project:
Lennart Poettering:
"PSA: In context of the xzpocalypse we now added an example reimplementation
of sd_notify() to our man page:
https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes
It's pretty comprehensive (i.e. uses it for reload notification too), but
still relatively short.
In the past, I have been telling anyone who wanted to listen that if all you
want is sd_notify() then don't bother linking to libsystemd, since the
protocol is stable and should be considered the API, not our C wrapper
around it. After all, the protocol is so trivial"
From: https://mastodon.social/@pid_eins/112202687764571433
This commit takes the example code and uses it to reimplement the notify
logic.
The code is enabled if Linux is detected in configure. Since the code
won't do anything if the NOTIFY_SOCKET env var isn't set, this should
also work fine on systems w/o systemd.
Ticket: #6913 .
6 months ago
d310d00eb0
github-actions: bump github/codeql-action from 3.24.6 to 3.24.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.6 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.6...v3.24.9 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
6035a8a2b6
github-ci: set checkout directory as safe before running git commands
...
While the checkout job appears to do this, it is done with a different
version of git which seems to be the cause for it not having an effect
when doing manual git operations from within a job.
Also removes duplicate checkout statements in Windows builds.
6 months ago
23463b9814
github-actions: bump codecov/codecov-action from 4.1.0 to 4.1.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](54bcd8715e...c16abc29c9
7 months ago
a2c817243f
rust: add MSRV as rust-version
...
Update github-actions to use it for the MSRV check.
7 months ago
632e52ca2b
ci: update ubuntu22.04 builds with clang14+asan
...
using a workround about ASLR
7 months ago
c6c1eac301
github-actions: bump actions/download-artifact from 4.1.3 to 4.1.4
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](87c55149d9...c850b930e6
8 months ago
f1b0f7c46b
github-actions: bump github/codeql-action from 3.24.5 to 3.24.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.5 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.5...v3.24.6 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
0dc3de332a
examples: minimal example capture plugin for ci
...
Create a mininal capture plugin that injects one packet. While it can
also be a template, we should be able to run this in CI to test the
loading and registration of the capture plugin mechanisms.
8 months ago
6d0e11e76c
dependabot: reduce to monthly update
8 months ago
c283e8565a
github-actions: bump codecov/codecov-action from 4.0.1 to 4.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](e0b68c6749...54bcd8715e
8 months ago
13da6498b5
github-actions: bump actions/download-artifact from 4.1.2 to 4.1.3
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...87c55149d9
8 months ago
07ec8b202e
github-actions: bump github/codeql-action from 3.24.3 to 3.24.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.3 to 3.24.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.3...v3.24.5 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
92980a11a3
github-actions: bump github/codeql-action from 3.24.1 to 3.24.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.1 to 3.24.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.24.1...v3.24.3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
2421b024f2
examples: program linking against library
...
Provide an example of an extremely simple application that links
against Suricata. This provides a Makefile integrated with the
Suricata build system for in-tree building, as well as an example
Makefile for building out of tree.
Currently this application just wraps SuricataMain and does nothing
else.
8 months ago
6d792f017b
examples/plugin: simplify Makefile
...
Simplify the Makefile by avoiding automake and providing our own
Makefile.in that is suitable for in-tree builds of the plugin and can
also serve as an example for standalone plugins.
But the bigger benefit of this is to allow building the example plugin
even with --disable-shared provided to configure, as this is just a
phony limitation imposed by automake/libtool.
8 months ago
6198ea5a91
github-ci: use all cpus for coccinelle checks
...
Also put "cocci" in the job name and install parallel so the script can
actually run with concurrency.
8 months ago
41a621178f
ci: right sha for authors check
8 months ago
fa98c48e65
github-actions: bump github/codeql-action from 2.24.0 to 3.24.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.24.0 to 3.24.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v2.24.0...v3.24.1 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
2242d10fa0
github-ci: fix authors check with special characters
...
Dependabot is always getting flagged as a new author even tho it uses
a consistent author of:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
But this doesn't work with plain grep. Fix by telling grep to treat
the value as a fixed string instead of a regular expression.
8 months ago
5c686af149
dependabot: disable rust checks
...
As we don't have a Cargo.toml and a Cargo.lock, dependabot for Rust
hasn't been working correctly. Disable, as we now have our own cargo
audit and update workflows.
8 months ago
c7cb3e92a6
dependabot: ignore actions/{cache,checkout} v3
...
The CentOS 7 build requires older GitHub actions, try to make
dependabot ignore these older versions.
8 months ago
a87943d9bf
github-ci: apply read-only permissions to more workflows
...
- authors.yml
- codeql.yml
- scan-build.yml
8 months ago
f9a4e9c588
codeql: add security-extended query suite
...
Add the CodeQL security-extended suite to
the CodeQL workflow configuration.
8 months ago
7881e85088
github-actions: bump github/codeql-action from 2 to 3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
be07d96c3d
github-actions: bump codecov/codecov-action from 3.1.1 to 4.0.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.1 to 4.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](d9f34f8cd5...e0b68c6749
8 months ago
7c98134624
github-ci: cancel previous job for all workflows
...
Previously only enabled in build.yml, apply cancen-in-progress to all
workflow files.
8 months ago
d5a3bfcab6
github-ci: don't depend on cbindgen when installed from package
8 months ago
49834eabf1
github-ci: update actions/github-script
8 months ago
e786297497
github-ci: update actions/checkout
8 months ago
32d55febed
github-ci: update actions/cache
8 months ago
5bfaeb3bf5
github-ci: update {download,upload} artifact actions
...
Multiple uploads can no longer use the same name, so give the cbindgen
artifact its own name of "cbindgen". Requires an additional download
for each build depending on this cbindgen artifact.
8 months ago
8522256aaa
github-ci: use all cores available
...
GitHub action Linux runners now have 4 cores, instead of hardcoding
the number, use nproc to determine how many cores are available and
use them.
8 months ago
6922fef4ab
github-ci: move centos-7 build to its own workflow
...
CentOS 7 requires older actions due to newer GitHub actions depending
on a newer glibc. So move to its own workflow file so the main builds
can move forward to newer versions of actions.
8 months ago
edfda9f69f
rust: weekly cargo audit and update
...
Add GitHub actions to perform:
- cargo audit: catch new warnings in dependendent packages
- cargo update: catch updated dependencies that depend on a new MSRV
than we use
8 months ago
dependabot[bot]
Victor Julien
Jason Ish
Philippe Antoine
Lukas Sismis
Lukas Sismis
Daniel Olatunji