chore: build deps using Bazel

.bazelrc

@@ -0,0 +1,12 @@
+# Enable Bzlmod for every Bazel command
+common --enable_bzlmod
+common --verbose_failures
+common --registry=https://bcr.bazel.build
+
+build --compilation_mode=dbg
+build --copt="-g3"
+build --strip=never
+
+build:release --compilation_mode=opt
+build:release --copt="-g3"
+build:release --strip=never

.bazelversion

@@ -0,0 +1 @@
+7.0.2

.github/workflows/docker.yml

@@ -25,13 +25,13 @@ jobs:
       matrix:
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:
@@ -68,13 +68,13 @@ jobs:
       matrix:
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:
@@ -111,13 +111,13 @@ jobs:
       matrix:
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:
@@ -154,13 +154,13 @@ jobs:
       matrix:
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:

.github/workflows/test.yml

@@ -1,8 +1,6 @@
 name: test
 
 on: 
-  push:
-    branches:
   pull_request:
   schedule:
     - cron: '0 0 * * SUN'
@@ -13,6 +11,11 @@ defaults:
   run:
     shell: bash
 
+# cancel previous runs if new commits are pushed to the PR, but run for each commit on master
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   self-trigger:
     runs-on: ubuntu-latest
@@ -38,24 +41,44 @@ jobs:
         nginx-version: ['stable nginx', 'mainline nginx']
         install-type:  ['static module', 'dynamic module']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
-      - uses: actions/setup-python@v2
+          submodules: true
+      - uses: actions/setup-python@v4
         with:
           python-version: '3.x'
           architecture: 'x64'
       - name: Install dependencies
         run: |
           sudo apt-get --yes update
-          sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev uthash-dev flex bison
+          # https://github.com/actions/runner-images/issues/2139
+          sudo apt-get remove \
+            libgd3 \
+            nginx-core \
+            nginx-full \
+            nginx-light \
+            nginx-extras
+          sudo apt-get install --yes \
+            build-essential \
+            zlib1g-dev \
+            libpcre3 \
+            libpcre3-dev \
+            libssl-dev \
+            libxslt1-dev \
+            libxml2-dev \
+            libgeoip-dev \
+            libgd-dev \
+            libperl-dev \
+            flex \
+            bison \
+            autoconf \
+            libtool \
+            automake
           sudo pip install lastversion
       - name: Download ${{ matrix.nginx-version }}
         run: |
-          chmod 777 -R ${{ github.workspace }}
-          sudo make parser
-          sudo git clone https://github.com/libinjection/libinjection.git inc/libinjection
-          if [ ${{ matrix.nginx-version }} = 'stable nginx' ] ; then  \
+          if [ '${{ matrix.nginx-version }}' = 'stable nginx' ] ; then  \
             version='stable' ;\
           else  \
             version='mainline' ;\
@@ -65,8 +88,20 @@ jobs:
           tar zxf nginx-*.tar.gz --directory nginx-src --strip-components=1
       - name: Configure ${{ matrix.install-type }}
         run: |
+          make parser
+          bazel build --config release --registry=file://$(realpath ngx_waf_deps) //:deps
+          pushd bazel-bin
+            tar -zxf deps.tar.gz
+            echo "$(realpath deps/libinjection/lib)" | sudo tee -a /etc/ld.so.conf.d/ngx_waf.conf
+            echo "$(realpath deps/libsodium/lib)"    | sudo tee -a /etc/ld.so.conf.d/ngx_waf.conf
+            sudo ldconfig
+            export LIB_INJECTION=$(realpath deps/libinjection)
+            export LIB_SODIUM=$(realpath deps/libsodium)
+            export LIB_UTHASH=$(realpath deps/uthash)
+          popd
+
           cd nginx-src
-          if [ ${{ matrix.install-type }} = 'static module' ] ; then \
+          if [ '${{ matrix.install-type }}' = 'static module' ] ; then \
             opt='--add-module' ;\
           else \
             opt='--add-dynamic-module' ;\
@@ -93,30 +128,30 @@ jobs:
       
   docker:
     runs-on: ubuntu-latest
-    if: ${{ github.event_name	!= 'schedule' }}
+    if: false
     strategy:
       matrix:
         version: ['stable', 'mainline']
         target: ['glibc', 'musl']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Build module
         run: docker build --file docker/Dockerfile.${{ matrix.target }} --build-arg=VERSION=${{ matrix.version }} .
   triger:
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && (github.ref == 'refs/heads/lts' || github.ref == 'refs/heads/current')) }}
     needs: ['native', 'docker']
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with: 
           ref: ${{ github.ref }}
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
           python-version: '3.x'
       - name: Set up lastversion

.gitignore

@@ -11,4 +11,5 @@ inc/ngx_http_waf_module_lexer.h
 inc/ngx_http_waf_module_parser.tab.h
 src/ngx_http_waf_module_lexer.c
 src/ngx_http_waf_module_parser.tab.c
-*.so
+*.so
+bazel-*

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "ngx_waf_deps"]
+	path = ngx_waf_deps
+	url = https://github.com/ADD-SP/ngx_waf_deps.git

BUILD

@@ -0,0 +1,53 @@
+genrule(
+    name = "deps",
+    srcs = [
+        "@libinjection",
+        "@libinjection//:src/libinjection.h",
+        "@libinjection//:src/libinjection_sqli.h",
+        "@libinjection//:src/libinjection_sqli_data.h",
+        "@libinjection//:src/libinjection_xss.h",
+        "@libinjection//:src/libinjection_html5.h",
+        "@uthash//:include/utarray.h",
+        "@uthash//:include/uthash.h",
+        "@uthash//:include/utlist.h",
+        "@uthash//:include/utringbuffer.h",
+        "@uthash//:include/utstack.h",
+        "@uthash//:include/utstring.h",
+        "@libsodium",
+    ],
+    outs = [
+        "deps.tar.gz"
+    ],
+    cmd = """
+        mkdir -p deps/libinjection/include
+        mkdir -p deps/libinjection/lib
+        mkdir -p deps/libsodium/include
+        mkdir -p deps/libsodium/lib
+        mkdir -p deps/uthash/include
+
+        for f in $(locations @libinjection); do
+            cp -Lr $$f deps/libinjection/lib
+        done
+
+        cp -Lr $(location @libinjection//:src/libinjection.h) deps/libinjection/include
+        cp -Lr $(location @libinjection//:src/libinjection_sqli.h) deps/libinjection/include
+        cp -Lr $(location @libinjection//:src/libinjection_sqli_data.h) deps/libinjection/include
+        cp -Lr $(location @libinjection//:src/libinjection_xss.h) deps/libinjection/include
+        cp -Lr $(location @libinjection//:src/libinjection_html5.h) deps/libinjection/include
+
+        cp -Lr $(location @uthash//:include/utarray.h) deps/uthash/include
+        cp -Lr $(location @uthash//:include/uthash.h) deps/uthash/include
+        cp -Lr $(location @uthash//:include/utlist.h) deps/uthash/include
+        cp -Lr $(location @uthash//:include/utringbuffer.h) deps/uthash/include
+        cp -Lr $(location @uthash//:include/utstack.h) deps/uthash/include
+        cp -Lr $(location @uthash//:include/utstring.h) deps/uthash/include
+        
+        libsodium_base=$$(dirname $$(echo '$(locations @libsodium)' | awk '{print $$1}'))
+        cp -Lr $$libsodium_base/include/* deps/libsodium/include
+        cp -Lr $$libsodium_base/lib/* deps/libsodium/lib
+
+        rm -f $(RULEDIR)/deps.tar.gz
+        tar -zcvf $(RULEDIR)/deps.tar.gz deps
+        rm -rf deps
+    """,
+)

MODULE.bazel

@@ -0,0 +1,13 @@
+"""
+TODO
+"""
+
+module(
+    name = "ngx_waf",
+    repo_name = "ngx_waf",
+)
+
+bazel_dep(name = "rules_foreign_cc", version = "0.10.1")
+bazel_dep(name = "uthash", version = "2.3.0")
+bazel_dep(name = "libinjection", version = "3.10.0")
+bazel_dep(name = "libsodium", version = "1.0.19")