Certs #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: rs | |
on: | |
push: | |
branches: [main, stable, oldstable] | |
pull_request: | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
unittests: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: rust | |
strategy: | |
matrix: | |
toolchain: | |
- stable | |
- beta | |
- nightly | |
steps: | |
- uses: actions/checkout@v4 | |
- run: sudo apt update && sudo apt-get install -y libpcap-dev | |
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} || rustup default ${{ matrix.toolchain }} | |
# Run unittests and integration test, but excludes the smoketest since it depends on a running openvasd server. | |
- run: cargo test --lib --tests --workspace --exclude smoketest | |
clippy: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: rust | |
steps: | |
- uses: actions/checkout@v4 | |
- run: rustup update stable && rustup default stable && rustup component add clippy | |
- run: cargo clippy -- -D warnings | |
audit: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: rust | |
steps: | |
- uses: actions/checkout@v4 | |
- run: rustup update stable && rustup default stable | |
- run: cargo install cargo-audit | |
- run: cargo audit | |
typos: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: rust | |
steps: | |
- uses: actions/checkout@v4 | |
- run: rustup update stable && rustup default stable | |
- run: cargo install typos-cli | |
- run: typos | |
formatting: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: rust | |
strategy: | |
matrix: | |
crates: | |
# we verify each dir separately to make it easier to verify formatting issues or even ignore | |
# crates we deem not important for checking (e.g. feed-verifier) | |
- nasl-syntax | |
- storage | |
- nasl-interpreter | |
- redis-storage | |
- json-storage | |
- nasl-cli | |
steps: | |
- uses: actions/checkout@v4 | |
rs-build-binaries: | |
uses: ./.github/workflows/build-rust.yml | |
verify-syntax: | |
runs-on: ubuntu-latest | |
needs: [rs-build-binaries] | |
steps: | |
- uses: actions/checkout@v4 | |
- run: FEED_DIR="feed/" sh .github/prepare-feed.sh | |
- uses: actions/download-artifact@v3 | |
with: | |
name: rs-binaries | |
path: assets | |
- run: mv assets/nasl-cli-x86_64-unknown-linux-gnu ./nasl-cli | |
- run: chmod +x ./nasl-cli | |
- name: verify syntax parsing | |
run: ./nasl-cli syntax --quiet feed/ | |
verify-feed-update: | |
runs-on: ubuntu-latest | |
needs: [rs-build-binaries] | |
container: | |
# maybe better to use builder, build openvas to have | |
# the version of this checkout rather than a dataed official one? | |
image: greenbone/openvas-scanner:unstable | |
options: --privileged | |
services: | |
redis: | |
image: redis | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- uses: actions/checkout@v4 | |
- run: apt-get update && apt-get install -y docker.io | |
- run: FEED_DIR="feed/" sh .github/prepare-feed.sh | |
- uses: actions/download-artifact@v3 | |
with: | |
name: rs-binaries | |
path: assets | |
- run: mv assets/nasl-cli-x86_64-unknown-linux-gnu ./nasl-cli | |
- run: mv assets/feed-verifier-x86_64-unknown-linux-gnu ./feed-verifier | |
- name: prepare setup | |
run: | | |
install -m 755 feed-verifier /usr/local/bin/ | |
install -m 755 nasl-cli /usr/local/bin/ | |
echo "db_address = tcp://redis:6379" >> /etc/openvas/openvas.conf | |
mv ./feed/* "$(openvas -s | grep plugins_folder | sed 's/plugins_folder = //')/" | |
- run: openvas -s | |
- run: feed-verifier || (cat /var/log/gvm/openvas.log && false) |