diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 88b392d4..2dfe99d4 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -1,11 +1,16 @@ name: codecov -on: [push] +on: [pull_request] defaults: run: shell: bash +# cancel previous runs if new commits are pushed to the PR, but run for each commit on master +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: build_deps: name: Build dependencies @@ -19,7 +24,7 @@ jobs: run: | echo "CACHE_ROOT=$HOME/cache-root" >> $GITHUB_ENV - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} @@ -45,6 +50,9 @@ jobs: if: steps.cache-deps.outputs.cache-hit != 'true' run: | sudo apt-get --yes update + # https://github.com/actions/runner-images/issues/2139 + sudo apt-get remove nginx-core nginx-full nginx-light nginx-extras + sudo apt-get remove libgd3 sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev libcurl4-openssl-dev - name: Download and install ModSecurity @@ -83,7 +91,7 @@ jobs: python-version: '3.x' architecture: 'x64' - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} @@ -111,6 +119,9 @@ jobs: - name: Install dependencies run: | sudo apt-get --yes update + # https://github.com/actions/runner-images/issues/2139 + sudo apt-get remove nginx-core nginx-full nginx-light nginx-extras + sudo apt-get remove libgd3 sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev libcurl4-openssl-dev gcovr - name: Download nginx diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2be753d8..cc3338fe 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -25,13 +25,13 @@ jobs: matrix: target: ['glibc', 'musl'] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -67,13 +67,13 @@ jobs: matrix: target: ['glibc', 'musl'] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -109,13 +109,13 @@ jobs: matrix: target: ['glibc', 'musl'] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -151,13 +151,13 @@ jobs: matrix: target: ['glibc', 'musl'] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v1 with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 14f0c959..2a4da7fe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,8 +1,6 @@ name: test -on: - push: - branches: +on: pull_request: schedule: - cron: '0 0 * * SUN' @@ -13,6 +11,11 @@ defaults: run: shell: bash +# cancel previous runs if new commits are pushed to the PR, but run for each commit on master +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: self-trigger: runs-on: ubuntu-latest @@ -43,7 +46,7 @@ jobs: run: | echo "CACHE_ROOT=$HOME/cache-root" >> $GITHUB_ENV - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} @@ -69,6 +72,9 @@ jobs: if: steps.cache-deps.outputs.cache-hit != 'true' run: | sudo apt-get --yes update + # https://github.com/actions/runner-images/issues/2139 + sudo apt-get remove nginx-core nginx-full nginx-light nginx-extras + sudo apt-get remove libgd3 sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev libcurl4-openssl-dev - name: Download and install ModSecurity @@ -115,7 +121,7 @@ jobs: python-version: '3.x' architecture: 'x64' - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} @@ -143,6 +149,9 @@ jobs: - name: Install dependencies run: | sudo apt-get --yes update + # https://github.com/actions/runner-images/issues/2139 + sudo apt-get remove nginx-core nginx-full nginx-light nginx-extras + sudo apt-get remove libgd3 sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev libcurl4-openssl-dev - name: Download nginx-${{ matrix.nginx-version }} @@ -222,13 +231,13 @@ jobs: version: ['stable', 'mainline'] target: ['glibc', 'musl'] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Build module run: docker build --file docker/Dockerfile.${{ matrix.target }} --build-arg=NGX_VER=${{ matrix.version }} . triger: @@ -236,7 +245,7 @@ jobs: if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && (github.ref == 'refs/heads/lts' || github.ref == 'refs/heads/current')) }} needs: ['native', 'docker'] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: ref: ${{ github.ref }} - uses: actions/setup-python@v2 diff --git a/docker/Dockerfile.glibc b/docker/Dockerfile.glibc index 9a16fc13..5d49b744 100644 --- a/docker/Dockerfile.glibc +++ b/docker/Dockerfile.glibc @@ -1,6 +1,6 @@ ARG NGX_VER=stable FROM nginx:${NGX_VER} as base -ARG CHANGE_SOURCE=false +ARG CN_MIRROR=false ARG NGX_VER=stable ARG LIB_SODIUM_VER=1.0.18-RELEASE @@ -9,7 +9,7 @@ COPY . ./ngx_waf SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN set -xe \ - && if [ ${CHANGE_SOURCE} == true ] ; then \ + && if [ ${CN_MIRROR} == true ] ; then \ cp ./ngx_waf/docker/sources.list /etc/apt/sources.list ; \ apt-get clean all ; \ fi \ @@ -30,7 +30,7 @@ RUN set -xe \ libgd-dev \ libperl-dev \ libcurl4-openssl-dev \ - python3 \ + python3-full \ python3-pip \ libtool \ autoconf \ @@ -41,10 +41,10 @@ RUN set -xe \ libmodsecurity3 \ flex \ bison \ - && if [ ${CHANGE_SOURCE} == true ] ; then \ - pip3 config set global.index-url https://mirrors.cloud.tencent.com/pypi/simple ; \ + && if [ ${CN_MIRROR} == true ] ; then \ + pip config set global.index-url https://mirrors.cloud.tencent.com/pypi/simple ; \ fi \ - && pip3 install lastversion + && pip3 install lastversion || pip3 install lastversion --break-system-packages RUN set -xe \ && git clone -b v1.7.15 https://github.com/DaveGamble/cJSON.git ngx_waf/lib/cjson diff --git a/docker/Dockerfile.musl b/docker/Dockerfile.musl index 4ec0f405..cf19bcc7 100644 --- a/docker/Dockerfile.musl +++ b/docker/Dockerfile.musl @@ -4,7 +4,7 @@ FROM owasp/modsecurity:3.0.5-alpine AS modsecurity ARG NGX_VER=stable FROM nginx:${NGX_VER}-alpine as base -ARG CHANGE_SOURCE=false +ARG CN_MIRROR=false ARG NGX_VER=stable ARG LIB_SODIUM_VER=1.0.18-RELEASE ARG MODSEC_VERSION=v3.0.5 @@ -17,7 +17,7 @@ COPY --from=modsecurity /usr/local/modsecurity/ /usr/local/modsecurity/ SHELL ["/bin/sh", "-o", "pipefail", "-c"] RUN set -xe \ - && if [ ${CHANGE_SOURCE} = true ]; then \ + && if [ ${CN_MIRROR} = true ]; then \ sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories ; \ fi \ && apk update \ @@ -46,10 +46,10 @@ RUN set -xe \ libmaxminddb \ flex \ bison \ - && if [ ${CHANGE_SOURCE} = true ]; then \ + && if [ ${CN_MIRROR} = true ]; then \ pip3 config set global.index-url https://mirrors.cloud.tencent.com/pypi/simple ; \ fi \ - && pip3 install lastversion + && pip3 install lastversion || pip3 install lastversion --break-system-packages RUN set -xe \ && git clone https://github.com/DaveGamble/cJSON.git --branch ${CJSON_VERSION} ngx_waf/lib/cjson