Fix: Overhaul NSRL workflow: streaming build, SHA1 verification, optional filter, download on install #538
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: buildstatus | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'README.md' | |
| - 'LICENSE' | |
| - 'database_schema.dbml' | |
| - 'workflows' | |
| - 'SECURITY.md' | |
| pull_request: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'README.md' | |
| - 'LICENSE' | |
| - 'database_schema.dbml' | |
| - 'workflows' | |
| - 'SECURITY.md' | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| fail-fast: false | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up Rust | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 | |
| with: | |
| toolchain: stable | |
| - name: Cache Rust | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| path: | | |
| ~/.cargo/bin | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo- | |
| - name: Install cargo-c (Linux/macOS) | |
| if: runner.os != 'Windows' | |
| run: command -v cargo-cinstall >/dev/null 2>&1 || cargo install cargo-c | |
| - name: Install cargo-c (Windows) | |
| if: runner.os == 'Windows' | |
| run: if (-not (Get-Command cargo-cinstall -ErrorAction SilentlyContinue)) { cargo install cargo-c } | |
| - name: Set up Go | |
| uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 | |
| with: | |
| go-version: '1.26.1' | |
| cache: true | |
| - name: Install Task | |
| uses: go-task/setup-task@70f2430ad412f838533de8c0515c749ffb2b8bd3 # v1.1.0 | |
| with: | |
| version: "3.x" | |
| - name: Clone YARA-X | |
| run: git clone --depth 1 --branch v1.14.0 https://github.com/VirusTotal/yara-x.git | |
| - name: Build YARA-X C API (Linux/macOS) | |
| if: runner.os != 'Windows' | |
| run: | | |
| cd yara-x | |
| cargo cinstall -p yara-x-capi --release --destdir=$HOME/yara_install | |
| PC_FILE=$(find $HOME/yara_install -name yara_x_capi.pc | head -1) | |
| PC_DIR=$(dirname "$PC_FILE") | |
| LIB_DIR=$(find $HOME/yara_install -name "libyara_x_capi*" -exec dirname {} \; | head -1) | |
| PREFIX=$(PKG_CONFIG_PATH=$PC_DIR pkg-config --variable=prefix yara_x_capi) | |
| echo "PKG_CONFIG_PATH=$PC_DIR" >> $GITHUB_ENV | |
| echo "CGO_CFLAGS=-I$HOME/yara_install$PREFIX/include" >> $GITHUB_ENV | |
| echo "CGO_LDFLAGS=-L$LIB_DIR" >> $GITHUB_ENV | |
| echo "CGO_ENABLED=1" >> $GITHUB_ENV | |
| - name: Build YARA-X C API (Windows) | |
| if: runner.os == 'Windows' | |
| run: | | |
| cd yara-x | |
| rustup target add x86_64-pc-windows-gnu | |
| cargo cinstall -p yara-x-capi --release --target=x86_64-pc-windows-gnu --destdir=$env:USERPROFILE\yara_install | |
| $PC_FILE = Get-ChildItem -Recurse -Filter "yara_x_capi.pc" $env:USERPROFILE\yara_install | Select-Object -First 1 | |
| $PC_DIR = Split-Path $PC_FILE.FullName | |
| echo "PKG_CONFIG_PATH=$PC_DIR" >> $env:GITHUB_ENV | |
| echo "CGO_CFLAGS=-I$env:USERPROFILE\yara_install\include" >> $env:GITHUB_ENV | |
| echo "CGO_LDFLAGS=-L$env:USERPROFILE\yara_install\lib" >> $env:GITHUB_ENV | |
| echo "CGO_ENABLED=1" >> $env:GITHUB_ENV | |
| - name: Build | |
| run: task ftrove |