Slips v1.0.10 #70
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI-production | |
on: | |
pull_request: | |
branches: | |
- 'master' | |
- '!develop' | |
jobs: | |
test_slips_locally: | |
# runs the tests on a GH VM | |
runs-on: ubuntu-20.04 | |
# 2 hours timeout | |
timeout-minutes: 7200 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: 'develop' | |
# Fetch all history for all tags and branches | |
fetch-depth: '' | |
- name: Install slips dependencies | |
run: sudo apt-get update --fix-missing && sudo apt-get -y --no-install-recommends install python3 redis-server python3-pip python3-certifi python3-dev build-essential file lsof net-tools iproute2 iptables python3-tzlocal nfdump tshark git whois golang nodejs notify-osd yara libnotify-bin | |
- name: Install Zeek | |
run: | | |
sudo echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list | |
curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null | |
sudo apt update | |
sudo apt install -y --no-install-recommends zeek | |
sudo ln -s /opt/zeek/bin/zeek /usr/local/bin/bro | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v2 | |
with: | |
python-version: "3.8" | |
- name: Install Python dependencies | |
run: | |
python -m pip install --upgrade pip | |
pip install -r install/requirements.txt | |
- name: Start redis server | |
run: redis-server --daemonize yes | |
- name: Run unit tests | |
run: python3 -m pytest tests/ --ignore="tests/test_database.py" --ignore="tests/integration_tests" -n 7 -p no:warnings -vv -s | |
- name: Run database unit tests | |
run: python3 -m pytest tests/test_database.py -p no:warnings -vv | |
- name: Clear redis cache | |
run: ./slips.py -cc | |
- name: Portscan tests | |
run: python3 -m pytest -s tests/integration_tests/test_portscans.py -p no:warnings -vv | |
- name: Integration tests | |
run: python3 -m pytest -s tests/integration_tests/test_dataset.py -p no:warnings -vv | |
- name: Config file tests | |
run: python3 -m pytest -s tests/integration_tests/test_config_files.py -p no:warnings -vv | |
- name: Upload Artifact | |
# run this job whether the above jobs failed or passed | |
if: success() || failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test_slips_locally-integration-tests-output | |
path: | | |
output/integration_tests | |
test_slips_in_docker: | |
# runs the tests in a docker(built by this job) on stop of a GH VM | |
runs-on: ubuntu-20.04 | |
# 2 hours timeout | |
timeout-minutes: 7200 | |
strategy: | |
matrix: | |
include: | |
- type: ubuntu-image | |
name: ubuntu-image | |
image_name: slips | |
path: ./docker/ubuntu-image/Dockerfile | |
# | |
# #TODO our unit tests dont support macos yet | |
# - type: macosm1-image | |
# name: macosm1-image | |
# image_name: slips_macos_m1 | |
# path: ./docker/macosm1-image/Dockerfile | |
steps: | |
# clone slips and checkout branch | |
# By default it checks out only one commit | |
- uses: actions/checkout@v3 | |
with: | |
ref: 'develop' | |
# build slips from target dockerfile, but don't push | |
- name: Build our ${{ matrix.name }} from dockerfile | |
id: docker_build_slips | |
uses: docker/build-push-action@v2 | |
with: | |
context: ./ | |
file: ${{ matrix.path }} | |
tags: stratosphereips/${{ matrix.image_name }}:latest | |
push: false | |
# use the built image to run unit tests inside docker | |
# we ignore the blocking module unit tests because we cannot run | |
# docker with -cap-add=NET_ADMIN and use iptables in GH actions | |
- name: Run unit tests inside docker | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: stratosphereips/slips:latest | |
run: | | |
git reset --hard | |
git pull & git checkout origin/develop | |
redis-server --daemonize yes | |
python3 -m pytest tests/ --ignore="tests/test_database.py" --ignore="tests/integration_tests" -n 7 -p no:warnings -vv -s | |
- name: Run database tests inside docker | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: stratosphereips/slips:latest | |
run: | | |
git reset --hard | |
git pull & git checkout origin/develop | |
redis-server --daemonize yes | |
python3 -m pytest tests/test_database.py -p no:warnings -vv | |
- name: Run integration tests inside docker | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: stratosphereips/slips:latest | |
# mount the host's output/ dir to docker's output/ dir, the goal is to access integration | |
# tests output in docker from the host to upload it later | |
options: -v ${{ github.workspace }}/output:/StratosphereLinuxIPS/output | |
run: | | |
git reset --hard | |
git pull & git checkout -f origin/develop | |
redis-server --daemonize yes | |
python3 -m pytest -s tests/integration_tests/test_dataset.py -p no:warnings -vv | |
- name: Run config file integration tests inside docker | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: stratosphereips/slips:latest | |
# mount the host's output/ dir to docker's output/ dir, the goal is to access integration | |
# tests output in docker from the host to upload it later | |
options: -v ${{ github.workspace }}/output:/StratosphereLinuxIPS/output | |
run: | | |
git reset --hard | |
git pull & git checkout -f origin/develop | |
redis-server --daemonize yes | |
python3 -m pytest -s tests/integration_tests/test_config_files.py -p no:warnings -vv | |
- name: Upload Artifact | |
# run this job whether the above jobs failed or passed | |
if: success() || failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test_slips_in_docker-integration-tests-output | |
path: | | |
${{ github.workspace }}/output/integration_tests |