@@ -30,26 +30,121 @@ jobs:
3030 -H "Accept: application/vnd.github.v3+json" \
3131 https://api.github.com/repos/ADD-SP/ngx_waf/actions/workflows/${{ github.workflow }}.yml/dispatches \
3232 -d '{"ref":"refs/heads/current"}'
33+
34+ build_deps :
35+ name : Build dependencies
36+ runs-on : ubuntu-latest
37+
38+ env :
39+ BUILD_CACHE_NONCE : 0
40+
41+ steps :
42+ - name : Set environment variables
43+ run : |
44+ echo "CACHE_ROOT=$HOME/cache-root" >> $GITHUB_ENV
45+
46+ uses : actions/checkout@v2
47+ with :
48+ ref : ${{ github.ref }}
49+
50+ - name : Checkout SpiderLabs/ModSecurity
51+ uses : actions/checkout@v3
52+ with :
53+ repository : SpiderLabs/ModSecurity
54+ path : ModSecurity
55+
56+ - name : Get ModSecurity commit hash
57+ run : |
58+ cd ModSecurity
59+ echo "MODSECURITY_COMMIT_HASH=$(git rev-parse HEAD)" >> $GITHUB_ENV
60+
61+ name : Lookup build cache
62+ uses : actions/cache@v3
63+ id : cache-deps
64+ with :
65+ path : ${{ env.CACHE_ROOT }}
66+ key : ${{ env.MODSECURITY_COMMIT_HASH }}-${{ env.BUILD_CACHE_NONCE }}
67+
68+ - name : Install dependencies
69+ if : steps.cache-deps.outputs.cache-hit != 'true'
70+ run : |
71+ sudo apt-get --yes update
72+ sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev libcurl4-openssl-dev
73+
74+ name : Download and install ModSecurity
75+ if : steps.cache-deps.outputs.cache-hit != 'true'
76+ run : |
77+ cd ModSecurity
78+ ./build.sh
79+ git submodule init
80+ git submodule update
81+ ./configure --prefix=/usr/local/modsecurity
82+ make -j$(nproc)
83+ sudo make install
84+
85+ name : Package dependencies
86+ if : steps.cache-deps.outputs.cache-hit != 'true'
87+ run : |
88+ mkdir -p ${{ env.CACHE_ROOT }}
89+ mkdir -p /tmp/cache/usr/local
90+ sudo cp -r /usr/local/modsecurity /tmp/cache/usr/local
91+ tar -C /tmp/cache/ -cvzf ${{ env.CACHE_ROOT }}/cache.tar.gz .
92+
93+
3394native :
3495 runs-on : ubuntu-latest
3596 if : ${{ github.event_name != 'schedule' }}
97+ needs : build_deps
98+
99+ env :
100+ BUILD_CACHE_NONCE : 0
101+
36102 strategy :
37103 matrix :
38104 nginx-version : ['stable', 'mainline']
39105 module-type : ['static', 'dynamic']
40106 pcre-version : ['pcre', 'pcre2']
107+
41108 steps :
42- - uses : actions/checkout@v2
43- with :
44- ref : ${{ github.ref }}
109+ - name : Set environment variables
110+ run : |
111+ echo "CACHE_ROOT=$HOME/cache-root" >> $GITHUB_ENV
112+
45113uses : actions/setup-python@v2
46114 with :
47115 python-version : ' 3.x'
48116 architecture : ' x64'
117+
118+ - uses : actions/checkout@v2
119+ with :
120+ ref : ${{ github.ref }}
121+
122+ - name : Checkout SpiderLabs/ModSecurity
123+ uses : actions/checkout@v3
124+ with :
125+ repository : SpiderLabs/ModSecurity
126+ path : ModSecurity
127+
128+ - name : Get ModSecurity commit hash
129+ run : |
130+ cd ModSecurity
131+ echo "MODSECURITY_COMMIT_HASH=$(git rev-parse HEAD)" >> $GITHUB_ENV
132+
133+ name : Lookup build cache
134+ uses : actions/cache@v3
135+ id : cache-deps
136+ with :
137+ path : ${{ env.CACHE_ROOT }}
138+ key : ${{ env.MODSECURITY_COMMIT_HASH }}-${{ env.BUILD_CACHE_NONCE }}
139+
140+ - name : Extract the deps
141+ run : sudo tar -C / -xzvf ${{ env.CACHE_ROOT }}/cache.tar.gz
142+
49143 - name : Install dependencies
50144 run : |
51145 sudo apt-get --yes update
52146 sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev libcurl4-openssl-dev
147+
53148name : Download nginx-${{ matrix.nginx-version }}
54149 run : |
55150 sudo chmod 777 -R /usr/local/src
58153 lastversion download nginx:${{ matrix.nginx-version }}
59154 mkdir nginx
60155 tar zxf nginx-*.tar.gz --directory nginx --strip-components=1
156+
61157name : Download PCRE
62158 if : ${{ matrix.pcre-version == 'pcre' || (matrix.pcre-version == 'pcre2' && matrix.nginx-version == 'stable') }}
63159 run : |
67163 mkdir pcre
68164 tar zxf pcre.tar.gz --directory pcre --strip-components=1
69165 sudo chmod 777 -R /usr/local/src
166+
70167name : Download PCRE2
71168 if : ${{ matrix.pcre-version == 'pcre2' && matrix.nginx-version == 'mainline' }}
72169 run : |
@@ -76,25 +173,15 @@ jobs:
76173 mkdir pcre
77174 tar zxf pcre.tar.gz --directory pcre --strip-components=1
78175 sudo chmod 777 -R /usr/local/src
79- name : Download and install modsecurity
80- run : |
81- sudo chmod 777 -R /usr/local/src
82- cd /usr/local/src
83- git clone https://github.com/SpiderLabs/ModSecurity.git
84- sudo chmod 777 -R /usr/local/src
85- cd ModSecurity
86- ./build.sh
87- git submodule init
88- git submodule update
89- ./configure --prefix=/usr/local/modsecurity
90- make -j$(nproc)
91- sudo make install
176+
92177name : Download cjson
93178 run : |
94179 git clone -b v1.7.15 https://github.com/DaveGamble/cJSON.git lib/cjson
180+
95181name : Download uthash
96182 run : |
97183 git clone -b v2.3.0 https://github.com/troydhanson/uthash.git lib/uthash
184+
98185name : Configure ${{ matrix.module-type }}
99186 run : |
100187 cd /usr/local/src/nginx
@@ -105,6 +192,7 @@ jobs:
105192 fi
106193 export LIB_MODSECURITY=/usr/local/modsecurity
107194 ./configure ${opt}=${{ github.workspace }} --with-pcre=/usr/local/src/pcre --with-http_realip_module --with-cc-opt='-Wno-unused-but-set-variable -Wno-unused-function -fstack-protector-strong'
195+
108196name : Install nginx-${{ matrix.nginx-version }}
109197 run : |
110198 cd /usr/local/src/nginx
@@ -113,9 +201,11 @@ jobs:
113201 sudo useradd nginx -s /sbin/nologin -M
114202 sudo chmod 777 -R /usr/local/nginx
115203 sudo ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
204+
116205name : Install Test::Nginx
117206 run : |
118207 sudo cpan Test::Nginx
208+
119209name : Test
120210 run : |
121211 sudo chmod 777 -R /tmp
0 commit comments