diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/CODEOWNERS | 12 | ||||
-rw-r--r-- | .github/CONTRIBUTING.md | 53 | ||||
-rw-r--r-- | .github/PULL_REQUEST_TEMPLATE.md | 16 | ||||
-rw-r--r-- | .github/workflows/tests.yml | 242 |
4 files changed, 323 insertions, 0 deletions
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..0a23353 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,12 @@ +# https://help.github.com/articles/about-codeowners/ +# +# last match wins, so put more specific matches towards the end +# +# only ppl with push rights in the repo can be owners +# https://github.com/isaacs/github/issues/989#issuecomment-320475904 +# +# additionally, it seems only the directoy syntax works. +# e.g. '/src/source-*.[ch] @regit' seems to have no effect. + +* @jasonish @OISF/core-team + diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..934a9d1 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,53 @@ +Contributing to Suricata +======================== + +We're happily taking patches and other contributions. The process is +documented at +https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing +Please have a look at this document before submitting. + +Contribution Agreement +---------------------- + +Before accepting your pull requests we need you or your organization +to sign our contribution agreement. + +We do this to keep the ownership of Suricata in one hand: the Open +Information Security Foundation. See +https://suricata-ids.org/about/open-source/ and +https://suricata-ids.org/about/contribution-agreement/ + +Contribution Process +-------------------- + +Suricata is a complex piece of software dealing with mostly untrusted +input. Mishandling this input will have serious consequences: + +* in IPS mode a crash may knock a network offline; +* in passive mode a compromise of the IDS may lead to loss of critical + and confidential data; +* missed detection may lead to undetected compromise of the network. + +In other words, we think the stakes are pretty high, especially since +in many common cases the IDS/IPS will be directly reachable by an +attacker. + +For this reason, we have developed a QA process that is quite +extensive. A consequence is that contributing to Suricata can be a +somewhat lengthy process. + +On a high level, the steps are: + +1. Travis-CI based build & unit testing. This runs automatically when + a pull request is made. + +2. Review by devs from the team and community + +3. QA runs trigged by the team + +Questions +--------- + +If you have questions about contributing, please contact us via +https://suricata-ids.org/support/ + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..5bf7005 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +Make sure these boxes are signed before submitting your Pull Request +-- thank you. + +- [ ] I have read the contributing guide lines at + https://docs.suricata.io/en/latest/devguide/codebase/contributing/contribution-process.html +- [ ] I have signed the Open Information Security Foundation + contribution agreement at https://suricata.io/about/contribution-agreement/ +- [ ] I have updated the user guide (in doc/userguide/) to reflect the + changes made (if applicable) + +Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: + +Describe changes: +- +- +- diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..22a19f3 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,242 @@ +name: Distribution Checks + +on: + - push + - pull_request + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: read-all + +jobs: + + alma-9: + # At the time of adding this test, tox and pytest don't install + # cleanly using system packages, so just run the integration tests + # for now. + name: AlmaLinux 9 + runs-on: ubuntu-latest + container: almalinux:9 + steps: + - run: | + dnf -y install \ + python3 \ + python3-pyyaml + - uses: actions/checkout@v1 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + alma-8: + name: AlmaLinux 8 + runs-on: ubuntu-latest + container: almalinux:8 + steps: + - run: | + yum -y install \ + python2-pytest \ + python2-pyyaml \ + python3 \ + python3-pytest \ + python3-pyyaml + - uses: actions/checkout@v1 + + - name: Python 2 unit tests + run: PYTHONPATH=. pytest-2 + - name: Python 2 integration tests + run: PYTHONPATH=. python2 ./tests/integration_tests.py + + - name: Python 3 unit tests + run: PYTHONPATH=. pytest-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + centos-7: + name: CentOS 7 + runs-on: ubuntu-latest + container: centos:7 + steps: + - run: yum -y install epel-release + - run: | + yum -y install \ + python2-pytest \ + python2-pyyaml \ + python36-pytest \ + python36-yaml + - uses: actions/checkout@v1 + + - name: Python 2 unit tests + run: PYTHONPATH=. py.test-2.7 + - name: Python 2 integration tests + run: PYTHONPATH=. python2 ./tests/integration_tests.py + + - name: Python 3 unit tests + run: PYTHONPATH=. py.test-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + fedora-39: + name: Fedora 39 + runs-on: ubuntu-latest + container: fedora:39 + steps: + - run: | + dnf -y install \ + python3 \ + python3-pytest \ + python3-pyyaml + - uses: actions/checkout@v4 + - name: Python 3 unit tests + run: PYTHONPATH=. pytest-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + fedora-38: + name: Fedora 38 + runs-on: ubuntu-latest + container: fedora:38 + steps: + - run: | + dnf -y install \ + python3 \ + python3-pytest \ + python3-pyyaml + - uses: actions/checkout@v2 + - name: Python 3 unit tests + run: PYTHONPATH=. pytest-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + ubuntu-2204: + name: Ubuntu 22.04 + runs-on: ubuntu-latest + container: ubuntu:22.04 + steps: + - run: apt update + - run: | + apt -y install \ + python3-pytest \ + python3-yaml + - uses: actions/checkout@v1 + - name: Python 3 unit tests + run: PYTHONPATH=. pytest-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + ubuntu-2004: + name: Ubuntu 20.04 + runs-on: ubuntu-latest + container: ubuntu:20.04 + steps: + - run: apt update + - run: | + apt -y install \ + python-pytest \ + python-yaml \ + python3-pytest \ + python3-yaml + - uses: actions/checkout@v1 + + - name: Python 2 unit tests + run: PYTHONPATH=. pytest + - name: Python 2 integration tests + run: PYTHONPATH=. python2 ./tests/integration_tests.py + + - name: Python 3 unit tests + run: PYTHONPATH=. pytest-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + ubuntu-1804: + name: Ubuntu 18.04 + runs-on: ubuntu-latest + container: ubuntu:18.04 + steps: + - run: apt update + - run: | + apt -y install \ + python-pytest \ + python-yaml \ + python3-pytest \ + python3-yaml + - uses: actions/checkout@v1 + + - name: Python 2 unit tests + run: PYTHONPATH=. pytest + - name: Python 2 integration tests + run: PYTHONPATH=. python2 ./tests/integration_tests.py + + - name: Python 3 unit tests + run: PYTHONPATH=. pytest-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + debian-12: + name: Debian 12 + runs-on: ubuntu-latest + container: debian:12 + steps: + - run: apt update + - run: | + apt -y install \ + python3-pytest \ + python3-yaml + - uses: actions/checkout@v1 + + - name: Python 3 unit tests + run: PYTHONPATH=. pytest-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + debian-11: + name: Debian 11 + runs-on: ubuntu-latest + container: debian:11 + steps: + - run: apt update + - run: | + apt -y install \ + python3-pytest \ + python3-yaml + - uses: actions/checkout@v1 + + - name: Python 3 unit tests + run: PYTHONPATH=. pytest-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + debian-10: + name: Debian 10 + runs-on: ubuntu-latest + container: debian:10 + steps: + - run: apt update + - run: | + apt -y install \ + python-pytest \ + python-yaml \ + python3-pytest \ + python3-yaml + - uses: actions/checkout@v1 + + - name: Python 2 unit tests + run: PYTHONPATH=. pytest + - name: Python 2 integration tests + run: PYTHONPATH=. python2 ./tests/integration_tests.py + + - name: Python 3 unit tests + run: PYTHONPATH=. pytest-3 + - name: Python 3 integration tests + run: PYTHONPATH=. python3 ./tests/integration_tests.py + + macos-latest: + name: MacOS Latest + runs-on: macos-latest + steps: + - run: brew install python + - run: pip3 install PyYAML + - run: pip3 install pytest + - uses: actions/checkout@v1 + - run: PYTHONPATH=. python3 -m pytest + - run: PYTHONPATH=. python3 ./tests/integration_tests.py |