ci: add arm64 macos runner #721
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
push: | |
branches: | |
- master | |
schedule: | |
- cron: '45 4 * * 3' | |
jobs: | |
test-linux: | |
name: Test ${{matrix.build}} | |
runs-on: ubuntu-22.04 | |
env: | |
RUSTFLAGS: -Dwarnings | |
steps: | |
- name: Install openssl x86 and 32 support for gcc | |
if: ${{ matrix.build == 'linux32' }} | |
run: | | |
sudo dpkg --add-architecture i386 | |
sudo apt update | |
sudo apt install libssl-dev:i386 gcc-multilib libc6:i386 libgcc-s1:i386 | |
echo "OPENSSL_INCLUDE_DIR=/usr/include" >> $GITHUB_ENV | |
echo "OPENSSL_LIB_DIR=/usr/lib/i386-linux-gnu" >> $GITHUB_ENV | |
echo "YARA_OPENSSL_INCLUDE_DIR=/usr/include" >> $GITHUB_ENV | |
- uses: actions/checkout@v4.1.1 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
target: ${{matrix.target}} | |
- name: Build test helpers | |
run: | | |
cd boreal-test-helpers | |
cargo build --target=${{matrix.target}} | |
- name: Run tests | |
env: | |
YARA_CRYPTO_LIB: openssl | |
run: cargo test --target=${{matrix.target}} | |
- name: Run tests with Openssl | |
env: | |
YARA_CRYPTO_LIB: openssl | |
run: cargo test --features authenticode-verify --target=${{matrix.target}} | |
# Some tests need to be super user | |
- name: Run super user tests | |
env: | |
YARA_CRYPTO_LIB: openssl | |
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER: "sudo -E" | |
CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_RUNNER: "sudo -E" | |
run: | | |
cargo test --target=${{matrix.target}} -- --test-threads=1 --ignored | |
- name: Run optional module tests | |
if: ${{ matrix.build == 'linux' }} | |
run: | | |
sudo apt install libjansson-dev | |
cargo test --features magic,cuckoo --target=${{matrix.target}} | |
strategy: | |
fail-fast: false | |
matrix: | |
build: [linux, linux32] | |
include: | |
- build: linux | |
target: x86_64-unknown-linux-gnu | |
- build: linux32 | |
target: i686-unknown-linux-gnu | |
test-windows: | |
name: Test ${{matrix.build}} | |
runs-on: windows-2022 | |
env: | |
RUSTFLAGS: -Dwarnings | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- name: Install OpenSSL on windows | |
uses: lukka/run-vcpkg@v10 | |
id: runvcpkg | |
env: | |
VCPKG_DEFAULT_TRIPLET: ${{matrix.vcpkg_triplet}} | |
VCPKG_INSTALLED_DIR: '${{ runner.workspace }}/vcpkg/installed' | |
with: | |
appendedCacheKey: ${{matrix.vcpkg_triplet}} | |
vcpkgDirectory: '${{ runner.workspace }}/vcpkg' | |
vcpkgGitCommitId: '4cac260c4b7331538d31886f57739fea0bffa27e' | |
runVcpkgInstall: true | |
- name: Export VCPKGRS_TRIPLET and OPENSSL_DIR env var | |
shell: bash | |
run: | | |
echo "VCPKGRS_TRIPLET=${{ matrix.vcpkg_triplet }}" >> $GITHUB_ENV | |
echo "OPENSSL_DIR=${{ runner.workspace }}\\vcpkg\\installed\\${{ matrix.vcpkg_triplet }}" >> $GITHUB_ENV | |
echo "YARA_OPENSSL_DIR=${{ runner.workspace }}\\vcpkg\\installed\\${{ matrix.vcpkg_triplet }}" >> $GITHUB_ENV | |
echo "YARA_CRYPTO_LIB=openssl" >> $GITHUB_ENV | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
target: ${{matrix.target}} | |
- name: Build test helpers | |
run: | | |
cd boreal-test-helpers | |
cargo build --target=${{matrix.target}} | |
- name: Run tests | |
env: | |
YARA_CRYPTO_LIB: openssl | |
run: cargo test --target=${{matrix.target}} | |
- name: Run tests with Openssl | |
env: | |
YARA_CRYPTO_LIB: openssl | |
run: cargo test --features authenticode-verify --target=${{matrix.target}} | |
strategy: | |
fail-fast: false | |
matrix: | |
build: [windows, windows32] | |
include: | |
- build: windows | |
vcpkg_triplet: x64-windows-static | |
target: x86_64-pc-windows-msvc | |
- build: windows32 | |
vcpkg_triplet: x86-windows-static | |
target: i686-pc-windows-msvc | |
test-macos: | |
name: Test ${{matrix.runner}} | |
runs-on: ${{matrix.runner}} | |
env: | |
RUSTFLAGS: -Dwarnings | |
steps: | |
- name: Setup openssl | |
run: | | |
pkg-config --cflags libcrypto | |
pkg-config --libs-only-L libcrypto | |
OPENSSL_INCLUDE_DIR=$(pkg-config --cflags libcrypto | cut -dI -f2-) | |
OPENSSL_LIB_DIR=$(pkg-config --libs-only-L libcrypto | cut -dL -f2-) | |
echo "OPENSSL_INCLUDE_DIR=$OPENSSL_INCLUDE_DIR" >> $GITHUB_ENV | |
echo "OPENSSL_LIB_DIR=$OPENSSL_LIB_DIR" >> $GITHUB_ENV | |
- uses: actions/checkout@v4.1.1 | |
- uses: dtolnay/rust-toolchain@stable | |
- name: Build test helpers | |
run: | | |
cd boreal-test-helpers | |
cargo build | |
- name: Run tests | |
env: | |
YARA_CRYPTO_LIB: openssl | |
run: cargo test | |
- name: Run tests with Openssl | |
env: | |
YARA_CRYPTO_LIB: openssl | |
run: cargo test --features authenticode-verify | |
# Some tests on macos need to be super user | |
- name: Run super user tests | |
env: | |
YARA_CRYPTO_LIB: openssl | |
# --test-threads=1 to avoid a bug that makes the vm_read_overwrite | |
# fail when multiple tests scanning processes are running in parallel. | |
# This is very suspect, and should be investigated and reported. | |
run: | | |
sudo cargo test -- --test-threads=1 --ignored | |
strategy: | |
fail-fast: false | |
matrix: | |
build: [macos-x64, macos-arm64] | |
include: | |
- build: macos-x64 | |
runner: macos-13 | |
- build: macos-arm64 | |
runner: macos-14 | |
clippy: | |
name: Clippy | |
runs-on: ubuntu-22.04 | |
env: | |
RUSTFLAGS: -Dwarnings | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy | |
- name: Install dependencies | |
run: sudo apt install libjansson-dev | |
- run: cargo clippy --tests --all-features | |
rustmt: | |
name: Rustfmt | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: rustfmt | |
- run: cargo fmt --all --check | |
deny: | |
name: Deny | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- uses: EmbarkStudios/cargo-deny-action@v1 | |
coverage: | |
name: Coverage | |
runs-on: ubuntu-22.04 | |
env: | |
CARGO_TERM_COLOR: always | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- uses: dtolnay/rust-toolchain@nightly | |
- name: Install cargo-llvm-cov | |
uses: taiki-e/install-action@cargo-llvm-cov | |
- name: Install dependencies | |
run: sudo apt install libjansson-dev | |
- name: Generate code coverage | |
run: | | |
# Export cargo llvm-cov env stuff so that we can run "cargo test" | |
# and have coverage | |
source <(cargo llvm-cov show-env --export-prefix) | |
cargo build -p boreal-test-helpers | |
# Run the normal tests | |
cargo test --features magic,authenticode-verify,cuckoo | |
# And run the super user tests | |
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER="sudo -E" cargo \ | |
test --features magic,authenticode-verify,cuckoo -- --ignored | |
# Finally, generate the report | |
cargo llvm-cov report --lcov --output-path lcov.info \ | |
--ignore-filename-regex boreal-test-helpers/src/main.rs | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
file: lcov.info | |
fail_ci_if_error: false | |
token: ${{ secrets.CODECOV_TOKEN }} | |
msrv: | |
name: Rust 1.66.0 | |
runs-on: ubuntu-22.04 | |
env: | |
RUSTFLAGS: -Dwarnings | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- uses: dtolnay/rust-toolchain@1.66.0 | |
# Only check boreal (and boreal-parser). | |
# boreal-cli is a useful tool, but MSRV on it is not really useful. | |
- run: | | |
cd boreal | |
cargo check --all-features | |
features-matrix: | |
name: Test features ${{matrix.features}} | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- uses: dtolnay/rust-toolchain@stable | |
- name: Install dependencies | |
run: sudo apt install libjansson-dev | |
- name: Build test helpers | |
run: | | |
cd boreal-test-helpers | |
cargo build | |
- name: Run tests | |
env: | |
YARA_CRYPTO_LIB: openssl | |
run: cargo test ${{matrix.features}} | |
strategy: | |
fail-fast: false | |
matrix: | |
features: [ | |
"--no-default-features", | |
"--no-default-features --features=hash", | |
"--no-default-features --features=object", | |
"--no-default-features --features=process", | |
"--no-default-features --features=hash,object", | |
"--no-default-features --features=object,authenticode", | |
"--no-default-features --features=object,authenticode,authenticode-verify", | |
"--all-features" | |
] |