feat(ci): Check rule version increment #652
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pr | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| paths-ignore: | |
| - "docs/**" | |
| env: | |
| GO_VERSION: 1.23.x | |
| WIX_VERSION: 5.0.0 | |
| PYTHON_VERSION: 3.7.9 | |
| jobs: | |
| build: | |
| runs-on: windows-latest | |
| steps: | |
| - name: Validate PR title | |
| uses: amannn/action-semantic-pull-request@v5 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Adjust pkg-config prefix | |
| shell: bash | |
| run: | | |
| sed -i 's/C:\/Python37/C:\/hostedtoolcache\/windows\/Python\/3.7.9\/x64/' pkg-config/python-37.pc | |
| - name: Setup msys2 | |
| uses: msys2/setup-msys2@v2 | |
| with: | |
| release: false | |
| install: >- | |
| base-devel | |
| mingw-w64-x86_64-gcc | |
| mingw-w64-x86_64-openssl | |
| mingw-w64-x86_64-pkg-config | |
| git | |
| automake | |
| libtool | |
| autoconf | |
| - name: Cache yara | |
| uses: actions/cache@v4 | |
| id: cache | |
| with: | |
| path: | | |
| **/yara | |
| key: ${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }} | |
| restore-keys: | | |
| ${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }} | |
| - name: Clone yara | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| shell: bash | |
| env: | |
| VERSION: "4.2.x" | |
| run: | | |
| git clone --depth 1 --branch $VERSION https://github.com/VirusTotal/yara.git | |
| - name: Configure yara | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| shell: msys2 {0} | |
| run: | | |
| cd yara | |
| autoreconf -fiv | |
| ./configure --host=x86_64-w64-mingw32 | |
| - name: Install yara | |
| shell: msys2 {0} | |
| run: | | |
| cd yara | |
| make install | |
| - name: Build | |
| shell: bash | |
| run: | | |
| export PATH=/c/msys64/mingw64/bin:$PATH | |
| export PKG_CONFIG_PATH=$(pwd)/pkg-config | |
| export COMMIT=$(echo $GITHUB_SHA | cut -c1-8) | |
| export VERSION=0.0.0 | |
| ./make.bat rsrc | |
| ./make.bat mc | |
| ./make.bat | |
| env: | |
| TAGS: kcap,filament,yara,yara_static | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: "fibratus-amd64.exe" | |
| path: "./cmd/fibratus/fibratus.exe" | |
| - name: Install Wix | |
| shell: bash | |
| run: | | |
| dotnet tool install --global wix --version $WIX_VERSION | |
| - name: Package | |
| shell: bash | |
| run: | | |
| export VERSION=0.0.0 | |
| ./make.bat pkg | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: "fibratus-amd64.msi" | |
| path: "./build/msi/fibratus-0.0.0-amd64.msi" | |
| test: | |
| runs-on: windows-latest | |
| needs: | |
| - build | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Adjust pkg-config prefix | |
| shell: bash | |
| run: | | |
| sed -i 's/C:\/Python37/C:\/hostedtoolcache\/windows\/Python\/3.7.9\/x64/' pkg-config/python-37.pc | |
| - name: Setup msys2 | |
| uses: msys2/setup-msys2@v2 | |
| with: | |
| release: false | |
| install: >- | |
| base-devel | |
| mingw-w64-x86_64-gcc | |
| mingw-w64-x86_64-pkg-config | |
| mingw-w64-x86_64-openssl | |
| automake | |
| libtool | |
| autoconf | |
| - name: Cache yara | |
| uses: actions/cache@v4 | |
| id: cache | |
| with: | |
| path: | | |
| **/yara | |
| key: ${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }} | |
| restore-keys: | | |
| ${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }} | |
| - name: Install yara | |
| shell: msys2 {0} | |
| run: | | |
| cd yara | |
| make install | |
| - name: Test | |
| shell: bash | |
| run: | | |
| export PATH="/c/msys64/mingw64/bin:$PATH" | |
| export PKG_CONFIG_PATH=$(pwd)/pkg-config | |
| ./make.bat test | |
| env: | |
| TAGS: kcap,yara,yara_static | |
| lint: | |
| runs-on: windows-latest | |
| needs: test | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Adjust pkg-config prefix | |
| shell: bash | |
| run: | | |
| sed -i 's/C:\/Python37/C:\/hostedtoolcache\/windows\/Python\/3.7.9\/x64/' pkg-config/python-37.pc | |
| - name: Setup msys2 | |
| uses: msys2/setup-msys2@v2 | |
| with: | |
| release: false | |
| install: >- | |
| base-devel | |
| mingw-w64-x86_64-gcc | |
| mingw-w64-x86_64-pkg-config | |
| mingw-w64-x86_64-openssl | |
| automake | |
| libtool | |
| autoconf | |
| - name: Cache yara | |
| uses: actions/cache@v4 | |
| id: cache | |
| with: | |
| path: | | |
| **/yara | |
| key: ${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }} | |
| restore-keys: | | |
| ${{ runner.os }}-yara-${{ hashFiles('**/pkg/yara') }} | |
| - name: Install yara | |
| shell: msys2 {0} | |
| run: | | |
| cd yara | |
| make install | |
| - name: Install golangci-lint | |
| shell: bash | |
| run: | | |
| curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $GOLANGCI_LINT_VER | |
| env: | |
| GOLANGCI_LINT_VER: v1.61.0 | |
| - name: Lint | |
| shell: bash | |
| run: | | |
| export PATH="/c/msys64/mingw64/bin:$PATH" | |
| export PKG_CONFIG_PATH=$(pwd)/pkg-config | |
| ./make.bat lint | |
| validate-rules: | |
| runs-on: windows-latest | |
| needs: build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - name: Download MSI | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: "fibratus-amd64.msi" | |
| path: . | |
| - name: Install Fibratus | |
| shell: bash | |
| run: | | |
| ./make.bat install | |
| - name: Validate | |
| shell: bash | |
| run: | | |
| export PATH="/c/Program Files/Fibratus/Bin:$PATH" | |
| fibratus rules list | |
| fibratus rules validate | |
| - name: Install jq | |
| run: | | |
| choco install jq -y | |
| - name: Get changed rules | |
| id: changed-rules | |
| uses: tj-actions/changed-files@v45 | |
| with: | |
| files: | | |
| rules/**.yml | |
| - name: Check version increment | |
| if: steps.changed-rules.outputs.any_changed == 'true' | |
| env: | |
| CHANGED_RULES: ${{ steps.changed-rules.outputs.all_changed_files }} | |
| shell: bash | |
| run: | | |
| for rule in ${CHANGED_RULES}; do | |
| PREV_VERSION=$(git show HEAD~1:$rule | yq '.version') | |
| NEXT_VERSION=$(yq '.version' $rule) | |
| if [[ "$PREV_VERSION" == "$NEXT_VERSION" ]]; then | |
| echo "$rule changed but the version is not incremented. Head version: $PREV_VERSION" | |
| exit 1 | |
| fi | |
| done |