chore(CI): fix broken CI #202
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: codecov | |
| on: [pull_request] | |
| defaults: | |
| run: | |
| shell: bash | |
| # cancel previous runs if new commits are pushed to the PR, but run for each commit on master | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| build_deps: | |
| name: Build dependencies | |
| runs-on: ubuntu-latest | |
| env: | |
| BUILD_CACHE_NONCE: 0 | |
| steps: | |
| - name: Set environment variables | |
| run: | | |
| echo "CACHE_ROOT=$HOME/cache-root" >> $GITHUB_ENV | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Checkout SpiderLabs/ModSecurity | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: SpiderLabs/ModSecurity | |
| path: ModSecurity | |
| - name: Get ModSecurity commit hash | |
| run: | | |
| cd ModSecurity | |
| echo "MODSECURITY_COMMIT_HASH=$(git rev-parse HEAD)" >> $GITHUB_ENV | |
| - name: Lookup build cache | |
| uses: actions/cache@v3 | |
| id: cache-deps | |
| with: | |
| path: ${{ env.CACHE_ROOT }} | |
| key: ${{ env.MODSECURITY_COMMIT_HASH }}-${{ env.BUILD_CACHE_NONCE }} | |
| - name: Install dependencies | |
| if: steps.cache-deps.outputs.cache-hit != 'true' | |
| run: | | |
| sudo apt-get --yes update | |
| sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev libcurl4-openssl-dev | |
| - name: Download and install ModSecurity | |
| if: steps.cache-deps.outputs.cache-hit != 'true' | |
| run: | | |
| cd ModSecurity | |
| ./build.sh | |
| git submodule init | |
| git submodule update | |
| ./configure --prefix=/usr/local/modsecurity | |
| make -j$(nproc) | |
| sudo make install | |
| - name: Package dependencies | |
| if: steps.cache-deps.outputs.cache-hit != 'true' | |
| run: | | |
| mkdir -p ${{ env.CACHE_ROOT }} | |
| mkdir -p /tmp/cache/usr/local | |
| sudo cp -r /usr/local/modsecurity /tmp/cache/usr/local | |
| tar -C /tmp/cache/ -cvzf ${{ env.CACHE_ROOT }}/cache.tar.gz . | |
| codecov: | |
| runs-on: ubuntu-latest | |
| needs: build_deps | |
| env: | |
| BUILD_CACHE_NONCE: 0 | |
| steps: | |
| - name: Set environment variables | |
| run: | | |
| echo "CACHE_ROOT=$HOME/cache-root" >> $GITHUB_ENV | |
| - uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.x' | |
| architecture: 'x64' | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Checkout SpiderLabs/ModSecurity | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: SpiderLabs/ModSecurity | |
| path: ModSecurity | |
| - name: Get ModSecurity commit hash | |
| run: | | |
| cd ModSecurity | |
| echo "MODSECURITY_COMMIT_HASH=$(git rev-parse HEAD)" >> $GITHUB_ENV | |
| - name: Lookup build cache | |
| uses: actions/cache@v3 | |
| id: cache-deps | |
| with: | |
| path: ${{ env.CACHE_ROOT }} | |
| key: ${{ env.MODSECURITY_COMMIT_HASH }}-${{ env.BUILD_CACHE_NONCE }} | |
| - name: Extract the deps | |
| run: sudo tar -C / -xzvf ${{ env.CACHE_ROOT }}/cache.tar.gz | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get --yes update | |
| # https://github.com/actions/runner-images/issues/2139 | |
| sudo apt-get remove nginx-core nginx-full nginx-light nginx-extras | |
| sudo apt-get remove libgd3 | |
| sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev libcurl4-openssl-dev gcovr | |
| - name: Download nginx | |
| run: | | |
| sudo chmod 777 -R /usr/local/src | |
| cd /usr/local/src | |
| sudo pip install lastversion | |
| lastversion download nginx:stable | |
| mkdir nginx | |
| tar zxf nginx-*.tar.gz --directory nginx --strip-components=1 | |
| - name: Download DaveGamble/cJSON.git | |
| run: | | |
| git clone -b v1.7.15 https://github.com/DaveGamble/cJSON.git lib/cjson | |
| - name: Download troydhanson/uthash | |
| run: | | |
| git clone -b v2.3.0 https://github.com/troydhanson/uthash.git lib/uthash | |
| - name: Configure nginx | |
| run: | | |
| cd /usr/local/src/nginx | |
| export LIB_MODSECURITY=/usr/local/modsecurity | |
| ./configure --add-module=${{ github.workspace }} --with-http_realip_module --with-cc-opt='-fprofile-arcs -ftest-coverage -O0 -g3' --with-ld-opt='-lgcov' | |
| - name: Install nginx | |
| run: | | |
| cd /usr/local/src/nginx | |
| make -j$(nproc) | |
| sudo make install | |
| sudo useradd nginx -s /sbin/nologin -M | |
| sudo chmod 777 -R /usr/local/nginx | |
| sudo ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx | |
| - name: Install Test::Nginx | |
| run: | | |
| sudo cpan Test::Nginx | |
| - name: Test | |
| run: | | |
| sudo chmod 777 -R /tmp | |
| cd test/test-nginx | |
| export MODULE_TEST_PATH=/tmp/module_test | |
| sh ./init.sh | |
| exec sudo sh start.sh t/*.t | |
| - name: Generate coverage report | |
| run: | | |
| sudo chmod -R 777 /usr/local/src | |
| cd /usr/local/src/nginx | |
| gcovr -v -r ${{ github.workspace }}/src/ --xml --xml-pretty -o ./coverage.xml /usr/local/src/nginx/objs/addon/src/ | |
| mkdir -p /usr/local/src/empty | |
| sudo chmod -R 777 /usr/local/src | |
| cp ./coverage.xml /usr/local/src/empty/coverage.xml | |
| cat /usr/local/src/empty/coverage.xml | |
| cp ${{ github.workspace }}/src/* /usr/local/src/empty/ | |
| sudo chmod -R 777 ${{ github.workspace }} | |
| sudo chmod -R 777 /usr/local/src | |
| - name: Run codacy-coverage-reporter | |
| uses: codacy/codacy-coverage-reporter-action@v1 | |
| with: | |
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| coverage-reports: /usr/local/src/empty/coverage.xml | |