forked from greenbone/openvas-scanner
-
Notifications
You must be signed in to change notification settings - Fork 0
154 lines (150 loc) · 4.4 KB
/
rustification.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: rs
on:
push:
branches: [ main, stable, oldstable ]
pull_request:
env:
CARGO_TERM_COLOR: always
jobs:
unittests:
runs-on: ubuntu-latest
defaults:
run:
working-directory: rust
strategy:
matrix:
toolchain:
- stable
- beta
- nightly
steps:
- uses: actions/checkout@v3
- run: sudo apt update && sudo apt-get install -y libpcap-dev
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }}
- run: cargo test
clippy:
runs-on: ubuntu-latest
defaults:
run:
working-directory: rust
steps:
- uses: actions/checkout@v3
- run: rustup update stable && rustup default stable && rustup component add clippy
- run: cargo clippy -- -D warnings
audit:
runs-on: ubuntu-latest
defaults:
run:
working-directory: rust
steps:
- uses: actions/checkout@v3
- run: rustup update stable && rustup default stable
- run: cargo install cargo-audit
- run: cargo audit
typos:
runs-on: ubuntu-latest
defaults:
run:
working-directory: rust
steps:
- uses: actions/checkout@v3
- run: rustup update stable && rustup default stable
- run: cargo install typos-cli
- run: typos
formatting:
runs-on: ubuntu-latest
defaults:
run:
working-directory: rust
strategy:
matrix:
crates:
# we verify each dir separately to make it easier to verify formatting issues or even ignore
# crates we deem not important for checking (e.g. feed-verifier)
- nasl-syntax
- storage
- nasl-interpreter
- redis-storage
- json-storage
- nasl-cli
steps:
- uses: actions/checkout@v3
releases:
runs-on:
- ubuntu-20.04
defaults:
run:
working-directory: rust
steps:
# install rustup
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
rust/target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- run: sudo apt update && sudo apt-get install -y libpcap-dev
- run: rustup update stable && rustup default stable
- run: cargo build --lib --release
- run: cargo build --bins --release
- name: archive nasl-cli
uses: actions/upload-artifact@v3
with:
name: nasl-cli
path: rust/target/release/nasl-cli
retention-days: 1
- name: archive feed-verifier
uses: actions/upload-artifact@v3
with:
name: feed-verifier
path: rust/target/release/feed-verifier
retention-days: 1
verify-syntax:
runs-on: ubuntu-latest
needs: [releases]
steps:
- uses: actions/checkout@v3
- run: FEED_DIR="feed/" sh .github/prepare-feed.sh
- uses: actions/[email protected]
with:
name: nasl-cli
- name: verify syntax parsing
run: chmod a+x ./nasl-cli && ./nasl-cli syntax --quiet feed/
verify-feed-update:
runs-on: ubuntu-latest
needs: [releases]
container:
# maybe better to use builder, build openvas to have
# the version of this checkout rather than a dataed official one?
image: greenbone/openvas-scanner:unstable
options: --privileged
services:
redis:
image: redis
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v3
- run: apt-get update && apt-get install -y docker.io
- run: FEED_DIR="feed/" sh .github/prepare-feed.sh
- uses: actions/[email protected]
with:
name: nasl-cli
- uses: actions/[email protected]
with:
name: feed-verifier
- name: prepare setup
run: |
install -m 755 feed-verifier /usr/local/bin/
install -m 755 nasl-cli /usr/local/bin/
echo "db_address = tcp://redis:6379" >> /etc/openvas/openvas.conf
mv ./feed/* "$(openvas -s | grep plugins_folder | sed 's/plugins_folder = //')/"
- run: openvas -s
- run: feed-verifier || (cat /var/log/gvm/openvas.log && false)