diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index b3e959e2bcf2..73fb13f4e2ba 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -152,7 +152,7 @@ jobs: path: ~/.cargo/registry key: cargo-registry - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # Prebuild check for duplicat SIDs - name: Check for duplicate SIDs @@ -359,7 +359,7 @@ jobs: sudo \ which \ zlib-devel - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep @@ -435,7 +435,7 @@ jobs: sudo \ which \ zlib-devel - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep @@ -502,7 +502,7 @@ jobs: zlib1g \ zlib1g-dev \ exuberant-ctags - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep @@ -567,7 +567,7 @@ jobs: zlib1g \ zlib1g-dev \ exuberant-ctags - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep @@ -692,7 +692,7 @@ jobs: zlib1g \ zlib1g-dev \ exuberant-ctags - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep @@ -777,7 +777,7 @@ jobs: run: | add-apt-repository -y ppa:npalix/coccinelle apt -y install coccinelle - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep @@ -856,7 +856,7 @@ jobs: zlib1g \ zlib1g-dev - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep @@ -978,7 +978,7 @@ jobs: - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep @@ -1042,7 +1042,7 @@ jobs: - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep @@ -1098,7 +1098,7 @@ jobs: run: cargo install --force --debug --version 0.14.1 cbindgen - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: pip3 install PyYAML - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - name: Downloading prep archive uses: actions/download-artifact@v2 with: @@ -1121,7 +1121,7 @@ jobs: run: shell: msys2 {0} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 @@ -1131,7 +1131,7 @@ jobs: # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.14.1 cbindgen - - uses: actions/checkout@v2 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 - uses: actions/download-artifact@v2 with: name: prep diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml index dbdd4e9aedc5..c8850f2bec29 100644 --- a/.github/workflows/commits.yml +++ b/.github/workflows/commits.yml @@ -3,15 +3,20 @@ name: commit-check on: - pull_request +permissions: read-all + +env: + DEBIAN_FRONTEND: "noninteractive" + jobs: check-commits: name: Commit Check runs-on: ubuntu-latest - container: ubuntu:18.04 + container: ubuntu:20.04 steps: - name: Caching ~/.cargo - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo key: commit-check-cargo @@ -42,7 +47,7 @@ jobs: libhiredis-dev \ libjansson-dev \ libevent-dev \ - libevent-pthreads-2.1.6 \ + libevent-pthreads-2.1-7 \ libjansson-dev \ libpython2.7 \ libssl-dev \ @@ -59,7 +64,11 @@ jobs: - name: Install cbindgen run: cargo install cbindgen - run: echo $PATH - - uses: actions/checkout@v1 + - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 + with: + fetch-depth: 0 + # The action above is supposed to do this for us, but it doesn't appear to stick. + - run: /usr/bin/git config --global --add safe.directory /__w/suricata/suricata - run: git fetch - run: git clone https://github.com/OISF/libhtp -b 0.5.x - name: Building all commits diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index fbf29f665ace..306d4cd54ea3 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -8,19 +8,24 @@ on: - 'master-*' pull_request: +permissions: read-all + +env: + DEBIAN_FRONTEND: "noninteractive" + jobs: # Checking for correct formatting of branch for C code changes check-formatting: name: Formatting Check (clang 9) - runs-on: ubuntu-18.04 - container: ubuntu:18.04 - continue-on-error: true + runs-on: ubuntu-20.04 + container: ubuntu:20.04 + continue-on-error: false steps: # Cache Rust stuff. - name: Cache cargo registry - uses: actions/cache@v1 + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed with: path: ~/.cargo/registry key: cargo-registry @@ -81,7 +86,9 @@ jobs: # My patience simply ran too short to keep on looking. See follow-on # action to manually fix this up. - name: Checkout - might be merge commit! - uses: actions/checkout@v1 + uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 + with: + fetch-depth: 0 # Use last commit of branch, not potential merge commit! # # This works perfectly well on pull requests within forked repos, but @@ -89,7 +96,8 @@ jobs: # does not know the branch (from the forked repo). Argh. # with: # ref: ${{ github.head_ref }} # check out branch - + # The action above is supposed to do this for us, but it doesn't appear to stick. + - run: /usr/bin/git config --global --add safe.directory /__w/suricata/suricata # Manually ignore the merge commit as none of the with/ref things tried # with actions/checkout seemed to work for pull requests from forks into # the OISF repo.