Add Github Action for CI

This commit adds a github action to try to run make on every PR for CI purposes. It is meant to replace the travis-ci setup. ### new file: .github/workflows/main.yml * Triggers set to pushes and pull_requests for waf_nginx branch * Logs into Azure Container Registry to fetch build environment container image * Runs make commands inside the docker-compose generated environment ### new file: .github/workflows/tests.yml * Triggers set to pushes and pull requests for waf_nginx branch * Starts IIS and publishes modsec package to IIS * Runs ftw tests on IIS with modsec. * Set ftw version to v1.1.7 specifically in the buildscript ### modified: iis/build_dependencies.bat * Remove hardcoded path for 7-zip. 7zip is dynamically managed by the build. ### modified: iis/build_release_amd64.bat * Change vcvars path for VS 2019 compatibility. Older versions aren't available on Github Actions. ### deleted: appveyor.yml, .travis.yml * Delete files. The contents have been translated to github actions.
2021-10-28 15:03:55 +05:30 · 2021-10-28 15:03:55 +05:30 · 44eb151d6d
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -0,0 +1,42 @@
+name: CI
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the waf_nginx branch
+  push:
+    branches: [ waf_nginx ]
+  pull_request:
+    branches: [ waf_nginx ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v2
+
+      # Runs a single command using the runners shell
+      - name: Run a one-line script
+        run: echo Logging into appgwreg
+      # Logs into Azure Registry
+      - name: Docker Login
+        uses: docker/login-action@v1.10.0
+        with:
+          registry: appgwreg.azurecr.io
+          # Username used to log against the Docker registry
+          username: ${{ secrets.DOCKER_USERNAME }}
+          # Password or personal access token used to log against the Docker registry
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          # Log out from the Docker registry at the end of a job
+          logout: true
+      # Runs make commands
+      - name: Pull Image and Compile
+        run: |
+          docker pull appgwreg.azurecr.io/modsecurity:latest
+          docker-compose run --rm autoconf
+          docker-compose run --rm configure
+          docker-compose run --rm make
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -0,0 +1,86 @@
+name: IIS-tests
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the waf_nginx branch
+  push:
+    branches: [ waf_nginx ]
+  pull_request:
+    branches: [ waf_nginx ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: windows-2019
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v2
+      # Setup Env
+      - name: Install Modsec Dependencies
+        run: cd iis; .\getModSecurityPkgs.ps1 https://modsecurity.blob.core.windows.net/windows-artifacts
+      - name: Pre-Build Preparation
+        run: |
+          cd iis
+          #setup the python virtual env - not a must but still
+          py.exe -2 -m pip install virtualenv
+          py.exe -2 -m virtualenv --version
+          $python_proj_name = "test_crs3"
+          py.exe -2 -m virtualenv $python_proj_name
+          & ".\$python_proj_name\Scripts\activate.ps1"
+      # Build
+      - name: Build Modsec
+        run: cd iis; ./build_release_amd64.bat
+      # Test
+      - name: Pre-Test Config
+        run: |
+          $python_proj_name = "test_crs3"
+          & ".\iis\$python_proj_name\Scripts\activate.ps1"
+          $modsec_repo = "$pwd"
+          $modsec_conf = "$modsec_repo\iis\wix\modsecurity.conf"
+          $modsec_iis_conf = "$modsec_repo\iis\wix\modsecurity_iis.conf"
+          & {iisreset /stop}  #need to stop iis before copy of files that are used by it
+          #copy the xml file to the schema
+          Copy-Item "$modsec_repo\iis\ModSecurity.xml" -Destination "$env:SystemRoot\System32\inetsrv\config\schema" -Force
+          #set modsecurity in applicationhost.cofig
+          [System.Reflection.Assembly]::LoadFrom("$env:systemroot\system32\inetsrv\Microsoft.Web.Administration.dll")
+          $sm = new-object Microsoft.Web.Administration.ServerManager
+          $rootSG = $sm.GetApplicationHostConfiguration().RootSectionGroup
+          $rootSG.SectionGroups["system.webServer"].Sections.Add("ModSecurity")
+          $rootSG.SectionGroups["system.webServer"].Sections["ModSecurity"].OverrideModeDefault = "Deny"
+          $rootSG.SectionGroups["system.webServer"].Sections["ModSecurity"].AllowDefinition = "Everywhere"
+          $sm.CommitChanges()
+          & "$env:SystemRoot\System32\inetsrv\appcmd.exe" install module /name:"ModSecurity" /image:"$modsec_repo\iis\release\amd64\ModSecurityIIS.dll"
+          & "$env:SystemRoot\System32\inetsrv\appcmd.exe" set config /section:"system.webServer/ModSecurity" /"enabled:true" /"configFile:$modsec_iis_conf"
+          #setup the crs repo and the modsec config
+          $crs_path = "$modsec_repo\crs"
+          git clone -b "v3.1.0" -q https://github.com/SpiderLabs/owasp-modsecurity-crs.git $crs_path
+          cd "$modsec_repo\tests"
+          Rename-Item -Path "$crs_path\crs-setup.conf.example" -NewName "crs-setup.conf"
+          Copy-Item "$crs_path\util\regression-tests\requirements.txt" -Destination "$modsec_repo\tests" -Force
+          #setup the test env with depending python pkgs
+          pip install ftw==1.1.7
+          #configure modsec to use crs 3 and set if for the python testing
+          $dbg_file = "$modsec_repo\modsec_debug.log"
+          Add-Content $modsec_conf "SecDebugLog $dbg_file`r`nSecDebugLogLevel 3"
+          Clear-Content $modsec_iis_conf
+          #configure modsecurity_iis.conf for crs 3 and for runnig the python tests
+          Add-Content $modsec_iis_conf "Include modsecurity.conf"
+          Add-Content $modsec_iis_conf "SecAction ""id:900005,\`r`n  phase:1,\`r`n  nolog,\`r`n  pass,\`r`n  ctl:ruleEngine=DetectionOnly,\`r`n  ctl:ruleRemoveById=910000,\"
+          Add-Content $modsec_iis_conf "  setvar:tx.paranoia_level=4,\`r`n  setvar:tx.crs_validate_utf8_encoding=1,\`r`n  setvar:tx.arg_name_length=100,\`r`n  setvar:tx.arg_length=400"""
+          Add-Content $modsec_iis_conf "include $crs_path\crs-setup.conf"
+          Add-Content $modsec_iis_conf "include $crs_path/rules/*.conf"
+          & {iisreset /start}; Start-Service W3SVC # finished all the modsec config, start iis
+      - name: Run Test
+        run: |
+          $modsec_repo = "$pwd"
+          $python_proj_name = "test_crs3"
+          $crs_path = "$modsec_repo\crs"
+          & "$modsec_repo\iis\$python_proj_name\Scripts\Activate.ps1"
+          #usually the first test fail, due to i/o
+          cd tests;
+          py.test.exe -v CRS_Tests_modsec_dbg.py --rule="$crs_path\util\regression-tests\tests\test.yaml"
+          #running all the tests
+          py.test.exe -q CRS_Tests_modsec_dbg.py --ruledir_recurse="$crs_path\util\regression-tests\tests\" --result-log=res.txt --tb=no --junit-xml=res.xml
+          python Parse_test_res.py res.txt
--- a/.travis.yml
+++ b/.travis.yml
@ -1,17 +0,0 @@
-# We are going to run the build in a container. 
-# The reason we run the build in a container is that we have dependency on protobuf when we are building on Linux. 
-# Building protobuf as a build step is quite time consuming, so we want to package the protobuf as a container image with all the dependencies captured and run the build within this container.
-sudo: required
-language: c
-services:
-  - docker
-
-install: 
-# Setting up docker credentials.
-  - echo "$DOCKER_PASSWORD" | docker login appgwreg.azurecr.io -u "$DOCKER_USERNAME" --password-stdin
-  - docker pull appgwreg.azurecr.io/modsecurity:latest
-
-script:
-  - docker-compose run --rm autoconf
-  - docker-compose run --rm configure
-  - docker-compose run --rm make
--- a/appveyor.yml
+++ b/appveyor.yml
@ -1,82 +0,0 @@
-version: 1.0.{build}
-
-services:
-    - iis                 # start IIS
-
-install:
-    - "python --version"
-    - ps: cd iis; .\getModSecurityPkgs.ps1 https://modsecurity.blob.core.windows.net/windows-artifacts
-
-
-before_build:
-    - ps: |
-        # copy the required pkgs from the ModSecurity blob and install them (c++ & ModSecurity)
-        Invoke-WebRequest -Uri https://modsecurity.blob.core.windows.net/windows-artifacts/vcredist_x64.exe -OutFile vcredist_x64.exe
-        Start-Process vcredist_x64.exe -Wait -ArgumentList '/install /passive /norestart'
-        #setup the python virtual env - not a must but still
-        pip install virtualenv
-        virtualenv --version
-        $python_proj_name = "test_crs3"
-        virtualenv $python_proj_name
-        & ".\$python_proj_name\Scripts\activate.ps1"
-
-build_script:
-    - cmd: ./build_release_amd64.bat
-
-before_test:
-    - ps: |
-        $modsec_repo = "C:\projects\ModSecurity"
-        $modsec_conf = "$modsec_repo\iis\wix\modsecurity.conf"
-        $modsec_iis_conf = "$modsec_repo\iis\wix\modsecurity_iis.conf"
-        & {iisreset /stop}  #need to stop iis before copy of files that are used by it
-        #copy the xml file to the schema
-        Copy-Item "$modsec_repo\iis\ModSecurity.xml" -Destination "$env:SystemRoot\System32\inetsrv\config\schema" -Force
-        #set modsecurity in applicationhost.cofig 
-        [System.Reflection.Assembly]::LoadFrom("$env:systemroot\system32\inetsrv\Microsoft.Web.Administration.dll")
-        $sm = new-object Microsoft.Web.Administration.ServerManager
-        $rootSG = $sm.GetApplicationHostConfiguration().RootSectionGroup
-        $rootSG.SectionGroups["system.webServer"].Sections.Add("ModSecurity")
-        $rootSG.SectionGroups["system.webServer"].Sections["ModSecurity"].OverrideModeDefault = "Deny"
-        $rootSG.SectionGroups["system.webServer"].Sections["ModSecurity"].AllowDefinition = "Everywhere"
-        $sm.CommitChanges()
-        & "$env:SystemRoot\System32\inetsrv\appcmd.exe" install module /name:"ModSecurity" /image:"$modsec_repo\iis\release\amd64\ModSecurityIIS.dll"
-        & "$env:SystemRoot\System32\inetsrv\appcmd.exe" set config /section:"system.webServer/ModSecurity" /"enabled:true" /"configFile:$modsec_iis_conf"
-        #setup the crs repo and the modsec config
-        $crs_path = "C:\projects\owasp-modsecurity-crs"
-        git clone -b "v3.1.0" -q https://github.com/SpiderLabs/owasp-modsecurity-crs.git $crs_path
-        cd "$modsec_repo\tests"
-        Rename-Item -Path "$crs_path\crs-setup.conf.example" -NewName "crs-setup.conf"
-        Copy-Item "$crs_path\util\regression-tests\requirements.txt" -Destination "$modsec_repo\tests" -Force
-        #setup the test env with depending python pkgs
-        pip install -r requirements.txt
-        #configure modsec to use crs 3 and set if for the python testing
-        $dbg_file = "$modsec_repo\modsec_debug.log"
-        Add-Content $modsec_conf "SecDebugLog $dbg_file`r`nSecDebugLogLevel 3"
-        Clear-Content $modsec_iis_conf
-        #configure modsecurity_iis.conf for crs 3 and for runnig the python tests
-        Add-Content $modsec_iis_conf "Include modsecurity.conf"
-        Add-Content $modsec_iis_conf "SecAction ""id:900005,\`r`n  phase:1,\`r`n  nolog,\`r`n  pass,\`r`n  ctl:ruleEngine=DetectionOnly,\`r`n  ctl:ruleRemoveById=910000,\"
-        Add-Content $modsec_iis_conf "  setvar:tx.paranoia_level=4,\`r`n  setvar:tx.crs_validate_utf8_encoding=1,\`r`n  setvar:tx.arg_name_length=100,\`r`n  setvar:tx.arg_length=400"""
-        Add-Content $modsec_iis_conf "include $crs_path\crs-setup.conf"
-        Add-Content $modsec_iis_conf "include $crs_path/rules/*.conf"
-        & {iisreset /start}; Start-Service W3SVC # finished all the modsec config, start iis
-
-test_script:
-    - ps: |
-        #usually the first test fail, due to i/o
-        py.test.exe -v CRS_Tests_modsec_dbg.py --rule="$crs_path\util\regression-tests\tests\test.yaml"
-        #running all the tests
-        py.test.exe -q CRS_Tests_modsec_dbg.py --ruledir_recurse="$crs_path\util\regression-tests\tests\" --result-log=res.txt --tb=no --junit-xml=res.xml
-        python Parse_test_res.py res.txt
-
-notifications:
-    - provider: GitHubPullRequest
-      on_build_success: true
-      on_build_failure: true
-      on_build_status_changed: true
-      
-    - provider: Email
-      to:
-        - wafcore@microsoft.com
-        #subject: 'Build {{status}}'                  # optional
-        #message: "{{message}}, {{commitId}}, ..."    # optional
--- a/iis/build_dependencies.bat
+++ b/iis/build_dependencies.bat
@ -23,7 +23,7 @@
@set CMAKE_DIR=%WORK_DIR%\%CMAKE:~0,-4%\bin

 :: Aditional paths.
-@set PATH=%PATH%;%CMAKE_DIR%;"c:\program files\7-zip"
+@set PATH=%PATH%;%CMAKE_DIR%


 :: @set VCARGS32="C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\vcvars32.bat"
--- a/iis/build_release_amd64.bat
+++ b/iis/build_release_amd64.bat
@ -11,7 +11,8 @@ mkdir "%RELEASE_DIR%"

 mkdir "%AMD64%"

-set VCARGS64="C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\vcvarsx86_amd64.bat"
+set VCARGS64="C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvarsx86_amd64.bat"
+

 set SSDEEP_ARCH="x64"
 call build_dependencies.bat %VCARGS64%