upgrade cyberchef and prevent %3C in urls (#2821) #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "build" | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
# The branches below must be a subset of the branches above | |
branches: [ "main" ] | |
paths-ignore: | |
- '*.md' | |
- '.*' | |
permissions: | |
contents: read | |
jobs: | |
build: | |
permissions: | |
contents: write | |
concurrency: | |
group: ${{ github.workflow }}-${{ matrix.version }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
strategy: | |
fail-fast: false | |
matrix: | |
version: [el8, el9, ubuntu2004, ubuntu2204, ubuntu2404, arch, al2023, debian12] | |
include: | |
- version: el8 | |
container: andywick/arkime-build-8:5.0.0-2 | |
buildopt: "--kafka --pfring" | |
package: rpm | |
fpmdeps: "-d perl-libwww-perl -d perl-JSON -d ethtool -d libyaml -d perl-LWP-Protocol-https" | |
ja4plus: true | |
- version: el9 | |
container: andywick/arkime-build-9:5.0.0-2 | |
buildopt: "--kafka --pfring" | |
fpmdeps: "-d perl-libwww-perl -d perl-JSON -d ethtool -d libyaml -d perl-LWP-Protocol-https" | |
package: rpm | |
notice: true | |
- version: ubuntu2004 | |
container: andywick/arkime-build-20:5.0.0-2 | |
buildopt: "--kafka --pfring" | |
fpmdeps: "-d libwww-perl -d libjson-perl -d ethtool -d libyaml-dev" | |
package: deb | |
- version: ubuntu2204 | |
container: andywick/arkime-build-22:5.0.0-5 | |
buildopt: "--nothirdparty --kafka --pfring" | |
fpmdeps: "-d libwww-perl -d libjson-perl -d ethtool -d libyaml-dev -d liblua5.4-0 -d libmaxminddb0 -d libcurl4 -d libpcap0.8 -d libglib2.0-0 -d libnghttp2-14 -d libyara8 -d librdkafka1" | |
package: deb | |
sanitize: true | |
- version: ubuntu2404 | |
container: andywick/arkime-build-24:5.0.0-3 | |
buildopt: "--nothirdparty --kafka" | |
fpmdeps: "-d libwww-perl -d libjson-perl -d ethtool -d libyaml-dev -d liblua5.4-0 -d libmaxminddb0 -d libcurl4 -d libpcap0.8 -d libglib2.0-0 -d libnghttp2-14 -d libyara10 -d librdkafka1 -d libpcre3" | |
package: deb | |
- version: arch | |
container: andywick/arkime-build-arch:5.0.0-5 | |
buildopt: "--kafka" | |
fpmdeps: "-d libmaxminddb -d libpcap -d yara -d perl-http-message -d perl-lwp-protocol-https -d perl-json -d libnet -d lua -d zstd -d openssl-1.1 -d pcre" | |
package: arch | |
- version: al2023 | |
container: andywick/arkime-build-al2023:5.0.0-2 | |
buildopt: "--kafka" | |
fpmdeps: "-d perl-libwww-perl -d perl-JSON -d ethtool -d libyaml -d perl-LWP-Protocol-https" | |
package: rpm | |
- version: debian12 | |
container: andywick/arkime-build-d12:5.0.0-3 | |
buildopt: "--nothirdparty --kafka" | |
fpmdeps: "-d libwww-perl -d libjson-perl -d ethtool -d libyaml-dev -d liblua5.4-0 -d libmaxminddb0 -d libcurl4 -d libpcap0.8 -d libglib2.0-0 -d libnghttp2-14 -d libyara9 -d librdkafka1 -d libpcre3" | |
package: deb | |
############# CHANGE version: array above when adding new versions ############# | |
runs-on: ubuntu-latest | |
container: | |
image: ${{ matrix.container }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: thirdparty | |
run: | | |
(cd / ; curl https://raw.githubusercontent.com/arkime/arkime-test-data/main/snfmin.tar.gz | tar -zxvf -) | |
if [ -d "/thirdparty" ]; then | |
ln -s /thirdparty . | |
fi | |
git config --global --add safe.directory `pwd` | |
- name: build and install | |
run: | | |
./easybutton-build.sh ${{ matrix.buildopt }} --rminstall | |
export PATH=/opt/arkime/bin:$PATH | |
INSTALL_BUNDLE=bundle make install | |
- name: lint | |
run: | | |
export PATH=/opt/arkime/bin:$PATH | |
npm run lint | |
cp -r capture/plugins/lua/samples /opt/arkime/lua | |
- name: capture tests | |
run: | | |
(cd tests; ./tests.pl) | |
- name: ui test | |
if: ${{ matrix.version == 'el8' }} | |
run: | | |
export PATH=/opt/arkime/bin:$PATH | |
npm run test | |
- name: viewer test | |
if: ${{ matrix.version == 'arch' }} | |
run: | | |
export PATH=/opt/arkime/bin:$PATH | |
(chown -R opensearch /opensearch-2.7.0; cd /opensearch-2.7.0 ; su opensearch -c "ES_JAVA_OPTS='-Xms1000m -Xmx1000m' bin/opensearch" > /tmp/os &) | |
sleep 30 | |
cat /tmp/os | |
(cd tests ; G_SLICE=always-malloc ./tests.pl --viewer) | |
- name: package arch | |
if: ${{ matrix.package == 'arch' }} | |
run: | | |
gem install --no-document fpm rexml | |
export ARKIME_VERSION=`sed 's/.*"\(.*\)\".*$/\1/' /opt/arkime/common/version.js | head -n 1` | |
/root/.local/share/gem/ruby/3.0.0/bin/fpm -s dir -t pacman -n arkime -x opt/arkime/logs -x opt/arkime/raw -v $ARKIME_VERSION --iteration ${{ github.run_id }} --template-scripts --after-install "release/afterinstall.sh" --url "https://arkime.com" --description "Arkime Full Packet System" ${{ matrix.fpmdeps }} -p arkime-${ARKIME_VERSION}-${{github.run_id}}_${{matrix.version}}-x86_64.pkg.tar.zst /opt/arkime | |
ls -l *.zst | |
mv *.zst arkime-main.${{matrix.version}}-x86_64.pkg.tar.zst | |
- name: package rpm | |
if: ${{ matrix.package == 'rpm' }} | |
run: | | |
export ARKIME_VERSION=`sed 's/.*"\(.*\)\".*$/\1/' /opt/arkime/common/version.js | head -n 1 | tr "-" "_"` | |
fpm -s dir -t rpm --rpm-digest sha256 -n arkime -x opt/arkime/logs -x opt/arkime/raw -v $ARKIME_VERSION --iteration ${{ github.run_id }} --template-scripts --after-install "release/afterinstall.sh" --url "https://arkime.com" --description "Arkime Full Packet System" ${{ matrix.fpmdeps }} -p arkime-${ARKIME_VERSION}-${{github.run_id}}.${{matrix.version}}.x86_64.rpm /opt/arkime | |
mv *.rpm arkime-main.${{matrix.version}}.x86_64.rpm | |
ls -l *.rpm | |
- name: ja4plus | |
if: ${{ matrix.ja4plus }} | |
run: | | |
(cd .. ; git clone https://github.com/arkime/ja4) | |
cp ../ja4/ja4plus.c capture/plugins | |
(cd capture/plugins; make) | |
(cd ../ja4; make) | |
(cd tests; ./tests.pl --extra "-o plugins=ja4plus.so" ../../ja4/pcap/*.pcap) | |
mv capture/plugins/ja4plus.so ja4plus.amd64.so | |
rm -f capture/plugins/ja4plus.c | |
- name: moloch el8 package rpm | |
if: ${{ matrix.version == 'el8' }} | |
run: | | |
export ARKIME_VERSION=`sed 's/.*"\(.*\)\".*$/\1/' /opt/arkime/common/version.js | head -n 1 | tr "-" "_"` | |
rm -rf /data/moloch; mkdir -p /data | |
mv /opt/arkime /data/moloch | |
./easybutton-build.sh ${{ matrix.buildopt }} --dir /data/moloch | |
(cd capture ; make clean; make; make install) | |
(cd release ; make installmoloch) | |
mv /data/moloch/bin/capture /data/moloch/bin/moloch-capture | |
/bin/cp -f common/version.js /data/moloch/common/ | |
fpm -s dir -t rpm -n moloch -x data/moloch/logs -x data/molcoh/raw -v $ARKIME_VERSION --iteration ${{ github.run_id }} --template-scripts --url "https://arkime.com" --description "Moloch Full Packet System" ${{ matrix.fpmdeps }} --rpm-rpmbuild-define "_build_id_links none" -p moloch-${ARKIME_VERSION}-${{github.run_id}}.${{matrix.version}}.x86_64.rpm /data/moloch | |
mv moloch*.rpm moloch-main.${{matrix.version}}.x86_64.rpm | |
ls -l *.rpm | |
- name: package deb | |
if: ${{ matrix.package == 'deb' }} | |
run: | | |
export ARKIME_VERSION=`sed 's/.*"\(.*\)\".*$/\1/' /opt/arkime/common/version.js | head -n 1` | |
fpm -s dir -t deb -n arkime -x opt/arkime/logs -x opt/arkime/raw -v $ARKIME_VERSION --iteration ${{ github.run_id }} --template-scripts --after-install "release/afterinstall.sh" --url "https://arkime.com" --description "Arkime Full Packet System" ${{ matrix.fpmdeps }} -p arkime_${ARKIME_VERSION}-${{github.run_id}}.${{matrix.version}}_amd64.deb /opt/arkime | |
mv *.deb arkime-main_${{matrix.version}}_amd64.deb | |
ls -l *.deb | |
- name: moloch ubuntu2004 package rpm | |
if: ${{ matrix.version == 'ubuntu2004' }} | |
run: | | |
export ARKIME_VERSION=`sed 's/.*"\(.*\)\".*$/\1/' /opt/arkime/common/version.js | head -n 1` | |
rm -rf /data/moloch; mkdir -p /data | |
mv /opt/arkime /data/moloch | |
./easybutton-build.sh ${{ matrix.buildopt }} --dir /data/moloch | |
(cd capture ; make clean; make; make install) | |
(cd release ; make installmoloch) | |
mv /data/moloch/bin/capture /data/moloch/bin/moloch-capture | |
/bin/cp -f common/version.js /data/moloch/common/ | |
fpm -s dir -t deb -n moloch -x data/moloch/logs -x data/moloch/raw -v $ARKIME_VERSION --iteration ${{ github.run_id }} --template-scripts --after-install "release/afterinstall.sh" --url "https://arkime.com" --description "Moloch Full Packet System" ${{ matrix.fpmdeps }} -p moloch_${ARKIME_VERSION}-${{github.run_id}}.${{matrix.version}}_amd64.deb /data/moloch | |
mv moloch*.deb moloch-main_${{matrix.version}}_amd64.deb | |
ls -l *.deb | |
- name: sanitize | |
if: ${{ matrix.sanitize }} | |
run: | | |
(chown -R opensearch /opensearch-2.7.0; cd /opensearch-2.7.0 ; su opensearch -c "ES_JAVA_OPTS='-Xms1000m -Xmx1000m' bin/opensearch" > /tmp/os &) | |
(cd capture ; make sanitize CC=clang-18) | |
(cd tests; ./tests.pl) | |
cat /tmp/os | |
export PATH=/opt/arkime/bin:$PATH | |
(cd tests ; G_SLICE=always-malloc ./tests.pl --viewer) | |
- name: notice | |
if: ${{ matrix.notice }} | |
run: | | |
export PATH=/opt/arkime/bin:$PATH | |
(npm install license-checker; release/notice.txt.pl /opt/arkime NOTICE release/CAPTURENOTICE > NOTICE.txt) | |
ls -l NOT* | |
- name: upload github | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
uses: softprops/[email protected] | |
with: | |
tag_name: last-commit | |
draft: false | |
prerelease: true | |
generate_release_notes: false | |
files: | | |
*.deb | |
*.so | |
*.rpm | |
*.zst | |
NOTICE.txt | |
- name: tag last-commit | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && matrix.version == 'el8' | |
run: | | |
git tag --force last-commit | |
git push --force origin last-commit | |
slack: | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: send | |
env: | |
SLACK_URL: ${{ secrets.SLACK_URL }} | |
run: | | |
echo "Sending msg" | |
export ARKIME_VERSION=`grep AC_INIT configure.ac | sed "s/.*\[\(.*\)\].*$/\1/"` | |
echo ARKIME_VERSION: $ARKIME_VERSION | |
MSG=`git log -1 --format=%s` | |
BODY="{\"icon_emoji\": \":sushi:\", \"username\": \"GitAction\", \"text\":\"X86 worked: $GIT_BRANCH - arkime-$ARKIME_VERSION-$SD_BUILD_ID - $MSG\"}" | |
curl -XPOST -H "Content-type: application/json" --data "$BODY" $SLACK_URL |