Skip to content

Decouple stream bypass from TLS encrypted bypass v8.1 #9338

Decouple stream bypass from TLS encrypted bypass v8.1

Decouple stream bypass from TLS encrypted bypass v8.1 #9338

Workflow file for this run

name: formatting-check
on:
push:
# Only run on pushes to pull request branches
branches-ignore:
- 'master'
- 'master-*'
paths-ignore:
- "doc/**"
pull_request:
paths-ignore:
- "doc/**"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: read-all
env:
DEBIAN_FRONTEND: "noninteractive"
jobs:
# Checking for correct formatting of branch for C code changes
check-formatting:
name: Formatting Check (clang 14)
runs-on: ubuntu-22.04
container: ubuntu:22.04
continue-on-error: false
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
cargo \
cbindgen \
clang-format-14 \
git \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libhiredis-dev \
libjansson-dev \
make \
rustc \
python-is-python3 \
python3 \
software-properties-common \
wget \
zlib1g \
zlib1g-dev
# Checking out the branch is not as simple as "checking out".
#
# In case master has any new commits since we branched off, github will
# automatically add a "merge commit" from our branch to master and check
# this out instead of the original last commit on the branch.
#
# This screws up git clang-format as it'll also format the "merge commit"
# and essentially report any formatting issues in the "merge commit".
# However, we really don't care about any of the new commits on master.
#
# There are supposed to be ways to use with/ref to fix that and while
# they work perfectly well for pull requests within the forked repo, none
# of the ones tried worked for pull requests from forks to the OISF repo.
#
# My patience simply ran too short to keep on looking. See follow-on
# action to manually fix this up.
- name: Checkout - might be merge commit!
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
# Use last commit of branch, not potential merge commit!
#
# This works perfectly well on pull requests within forked repos, but
# not for pull requests from forks to the OISF repo as the latter one
# does not know the branch (from the forked repo). Argh.
# with:
# ref: ${{ github.head_ref }} # check out branch
# The action above is supposed to do this for us, but it doesn't appear to stick.
- run: /usr/bin/git config --global --add safe.directory /__w/suricata/suricata
# Manually ignore the merge commit as none of the with/ref things tried
# with actions/checkout seemed to work for pull requests from forks into
# the OISF repo.
- name: Peel off potential merge request
run: |
# The "merge commit" has a distinct subject that we can look for.
# If we find it, ignore it by checking out the "real last commit".
#
# Note, github uses the non-abbreviated sha for the commit subject.
#
# Commit history example in case github added merge, i.e. if you did
# git log --pretty=oneline -2:
# sha_1 Merge sha_2 into latest_sha_on_master
# sha_2 This is the real last commit on branch
echo "Last two commits on checkout:"
git log --pretty=oneline -2
last_commit_subject=$(git log --pretty=%s -1)
second_last_commit_sha=$(git log --pretty=%H -2 |tail -1)
echo "$last_commit_subject" | grep -e "^Merge $second_last_commit_sha into [0-9a-fA-F]*$" > /dev/null 2>&1
if [ $? -eq 0 ]; then
# Last commit was a merge to master - ignore
echo "Found github merge commit - checking out real last commit instead..."
git checkout $second_last_commit_sha
else
echo "No github merge commit found"
fi
shell: bash {0}
- run: git clone https://github.com/OISF/libhtp -b 0.5.x
- run: ./autogen.sh
- run: ./configure --enable-warnings --enable-unittests
- name: Check formatting
run: |
./scripts/clang-format.sh check-branch --diffstat --show-commits >> check_formatting_log.txt 2>&1
rc=$?
if [ $rc -eq 0 ]; then
cat check_formatting_log.txt
echo "Formatting is following code style guide"
elif [ $rc -eq 1 ]; then
# limit output as it might be a lot in the worst case
tail -n 100 check_formatting_log.txt
echo "::error ::Formatting is not following code style guide!"
exit 1
else
cat check_formatting_log.txt
# use last output line as error
last_line=$(tail -n 1 check_formatting_log.txt)
echo "::error ::$last_line"
exit 1
fi
shell: bash {0}