diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000000..f51346ed9f --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,36 @@ +name: "Build" + +on: + push: + branches: [ main ] + pull_request: + +jobs: + OpenVAS: + runs-on: ubuntu-latest + strategy: + matrix: + # With the upcoming changes, we require both downwards and upwards compatibility between the OpenVAS C + # code and GVM-libs. This is because, even though we will be using semantic versioning, as long as + # OpenVAS and GVM-libs remain separate repositories, we want to be notified of every change. + gvm-libs-version: + - stable + - unstable + container: greenbone/gvm-libs:${{ matrix.gvm-libs-version }} + steps: + - uses: actions/checkout@v4 + - name: install dependencies + run: | + sh .github/install-openvas-dependencies.sh + - name: build + run: | + cmake -Bbuild -DCMAKE_C_COMPILER=/usr/share/clang/scan-build-14/libexec/ccc-analyzer + scan-build -o ~/scan-build-report cmake --build build + - name: Upload scan-build report + uses: actions/upload-artifact@v3 + with: + name: scan-build-report + path: ~/scan-build-report/ + retention-days: 7 + OpenVAS Daemon: + uses: ./.github/workflows/build-rust.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..d710f396de --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,107 @@ +name: "Linting" + +on: + push: + branches: [ main] + pull_request: + +jobs: + OpenVAS: + runs-on: ubuntu-latest + container: greenbone/gvm-libs:stable + steps: + - uses: actions/checkout@v4 + - name: install dependencies + run: | + sh .github/install-openvas-dependencies.sh + - name: Formatting + run: | + clang-format -i -style=file {src,misc,nasl}/*.{c,h} + git diff --exit-code + - name: unit-tests + run: | + cmake -Bbuild -DCMAKE_BUILD_TYPE=Release + CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test + OpenVAS Daemon: + runs-on: ubuntu-latest + defaults: + run: + working-directory: rust + - uses: actions/checkout@v4 + - run: sudo apt update && sudo apt-get install -y libpcap-dev + - run: rustup update stable && rustup default stable || rustup default stable + - run: cargo install cargo-audit + - run: cargo install typos-cli + - name: unit-tests + run: cargo test --lib --tests --workspace + - run: cargo clippy -- -D warnings + - run: cargo audit + - run: typos + formatting: + runs-on: ubuntu-latest + defaults: + run: + working-directory: rust + strategy: + matrix: + crates: + # we verify each dir separately to make it easier to verify formatting issues or even ignore + # crates we deem not important for checking (e.g. feed-verifier) + - nasl-syntax + - storage + - nasl-interpreter + - redis-storage + - json-storage + - nasl-cli + steps: + - uses: actions/checkout@v4 + rs-build-binaries: + uses: ./.github/workflows/build-rust.yml + verify-syntax: + runs-on: ubuntu-latest + needs: [rs-build-binaries] + steps: + - uses: actions/checkout@v4 + - run: FEED_DIR="feed/" sh .github/prepare-feed.sh + - uses: actions/download-artifact@v3 + with: + name: rs-binaries + path: assets + - run: mv assets/nasl-cli-x86_64-unknown-linux-gnu ./nasl-cli + - run: chmod +x ./nasl-cli + - name: verify syntax parsing + run: ./nasl-cli syntax --quiet feed/ + verify-feed-update: + runs-on: ubuntu-latest + needs: [rs-build-binaries] + container: + # maybe better to use builder, build openvas to have + # the version of this checkout rather than a dataed official one? + image: greenbone/openvas-scanner:unstable + options: --privileged + services: + redis: + image: redis + options: >- + --health-cmd "redis-cli ping" + --health-interval 10s + --health-timeout 5s + --health-retries 5 + steps: + - uses: actions/checkout@v4 + - run: apt-get update && apt-get install -y docker.io + - run: FEED_DIR="feed/" sh .github/prepare-feed.sh + - uses: actions/download-artifact@v3 + with: + name: rs-binaries + path: assets + - run: mv assets/nasl-cli-x86_64-unknown-linux-gnu ./nasl-cli + - run: mv assets/feed-verifier-x86_64-unknown-linux-gnu ./feed-verifier + - name: prepare setup + run: | + install -m 755 feed-verifier /usr/local/bin/ + install -m 755 nasl-cli /usr/local/bin/ + echo "db_address = tcp://redis:6379" >> /etc/openvas/openvas.conf + mv ./feed/* "$(openvas -s | grep plugins_folder | sed 's/plugins_folder = //')/" + - run: openvas -s + - run: feed-verifier || (cat /var/log/gvm/openvas.log && false) diff --git a/.github/workflows/codeql-analysis-c.yml b/.github/workflows/codeql.yml similarity index 100% rename from .github/workflows/codeql-analysis-c.yml rename to .github/workflows/codeql.yml diff --git a/.github/workflows/ddependabot.yml b/.github/workflows/ddependabot.yml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000000..e69de29bb2