github-actions: bump ossf/scorecard-action from 2.1.2 to 2.3.1 #391
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: commit-check | |
on: | |
- pull_request | |
permissions: read-all | |
env: | |
DEBIAN_FRONTEND: "noninteractive" | |
jobs: | |
check-commits: | |
name: Commit Check | |
runs-on: ubuntu-latest | |
container: ubuntu:20.04 | |
steps: | |
- name: Caching ~/.cargo | |
uses: actions/cache@v3.3.1 | |
with: | |
path: ~/.cargo | |
key: commit-check-cargo | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
cargo \ | |
curl \ | |
git \ | |
jq \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libjansson-dev \ | |
libpython2.7 \ | |
libssl-dev \ | |
make \ | |
parallel \ | |
pkg-config \ | |
python3-yaml \ | |
rustc \ | |
software-properties-common \ | |
zlib1g \ | |
zlib1g-dev | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- name: Installing sccache | |
run: | | |
(cd /tmp && curl -OL https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz) | |
mkdir -p "$HOME/.cargo/bin" | |
(cd "$HOME/.cargo/bin" && tar xvf /tmp/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz --strip-components=1 --wildcards '*/sccache') | |
echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
- name: Install cbindgen | |
run: | | |
cd $HOME/.cargo/bin | |
curl -OL https://github.com/eqrion/cbindgen/releases/download/v0.24.3/cbindgen | |
chmod 755 cbindgen | |
- uses: actions/checkout@v3.3.0 | |
with: | |
fetch-depth: 0 | |
# The action above is supposed to do this for us, but it doesn't appear to stick. | |
- run: /usr/bin/git config --global --add safe.directory /__w/suricata/suricata | |
- run: git fetch | |
- run: git clone https://github.com/OISF/libhtp -b 0.5.x | |
- name: Building all commits | |
run: | | |
echo "Building commits from ${GITHUB_BASE_REF}." | |
for rev in $(git rev-list --reverse origin/${GITHUB_BASE_REF}...); do | |
git checkout $rev | |
echo "Building rev ${rev}" | tee -a build_log.txt | |
./autogen.sh >> build_log.txt 2>&1 | |
CC="sccache gcc" ./configure --enable-unittests >> build_log.txt 2>&1 | |
if ! make -j2 >> build_log.txt 2>&1; then | |
echo "::error ::Failed to build rev ${rev}" | |
tail -n 50 build_log.txt | |
exit 1 | |
fi | |
make -ik distclean > /dev/null | |
done | |
- run: sccache -s | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce | |
name: Uploading build log | |
if: always() | |
with: | |
name: build_log | |
path: build_log.txt |