Skip to content

Search system DLLs for hooking via VADs (not via PEB) #2257

Search system DLLs for hooking via VADs (not via PEB)

Search system DLLs for hooking via VADs (not via PEB) #2257

Workflow file for this run

name: Build package
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
concurrency:
group: deb-${{ github.ref }}
cancel-in-progress: true
jobs:
deb:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
container:
- "debian:bullseye"
- "debian:bookworm"
- "ubuntu:focal"
- "ubuntu:jammy"
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Generate variables
id: gen_vars
run: |
XEN_COMMIT=$(git ls-tree HEAD xen | cut -f3 '-d ' | cut -f1 -d$'\t')
echo "Xen commit: $XEN_COMMIT"
echo xen_commit=${XEN_COMMIT} >> $GITHUB_OUTPUT
CONTAINER=$(echo ${{ matrix.container }} | tr -d ":")
echo "container=$CONTAINER" >> $GITHUB_OUTPUT
DRAKVUFVERSION=$(./scripts/version.sh --dev)
echo "DRAKVUF version: $DRAKVUFVERSION"
echo "drakvufversion=$DRAKVUFVERSION" >> $GITHUB_OUTPUT
XENVERSION=$(./xen/version.sh --full ./xen/xen/Makefile)
echo "Xen version: $XENVERSION"
echo "xenversion=$XENVERSION" >> $GITHUB_OUTPUT
- name: Cache Xen intermediate
uses: actions/cache@v3
with:
path: |
package/cache
key: xen-${{ matrix.container }}-${{ steps.gen_vars.outputs.xen_commit }}-v6
- name: Build package
id: build_drakvuf_deb
run: |
sh package/build.sh "${{ matrix.container }}" "${{ steps.gen_vars.outputs.drakvufversion }}" "${{ steps.gen_vars.outputs.xenversion }}"
DRAKVUF_DEB_PATH=$(find package/out/drakvuf*.deb | head -n1)
XEN_DEB_PATH=$(find package/out/xen*.deb | head -n1)
if [ ! -z $DRAKVUF_DEB_PATH ]; then
cp $DRAKVUF_DEB_PATH ${{ github.workspace}}
fi
if [ ! -z $XEN_DEB_PATH ]; then
cp $XEN_DEB_PATH ${{ github.workspace }}
fi
- uses: actions/upload-artifact@v3
with:
name: ${{ steps.gen_vars.outputs.container }}-debs
path: ${{ github.workspace }}/*.deb
release:
needs: [deb]
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/download-artifact@v3
- name: Generate variables
id: gen_vars
run: |
echo short_sha=$(echo ${GITHUB_SHA} | cut -c1-8) >> $GITHUB_OUTPUT
echo cur_datetime=$(date '+%Y-%m-%d %H:%M:%S') >> $GITHUB_OUTPUT
- name: Delete old release
uses: dev-drprasad/delete-older-releases@653dc03d96473ac9e585c68c8bf5aaccb0dadb61 # pin 0.2.1
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
with:
repo: tklengyel/drakvuf-builds
keep_latest: 0
delete_tags: true
- name: Create a Release
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
run: |
release_tag="build-${{ github.sha }}"
title="DRAKVUF ${{ steps.gen_vars.outputs.cur_datetime }} ${{ steps.gen_vars.outputs.short_sha }}"
gh release create $release_tag --notes "Automated build" -R tklengyel/drakvuf-builds -t "$title"
for deb in $(find . -name "*.deb"); do
gh release upload $release_tag $deb -R tklengyel/drakvuf-builds
done
install:
needs: [deb]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
container:
- "debian:bullseye"
- "debian:bookworm"
- "ubuntu:focal"
- "ubuntu:jammy"
container:
image: ${{ matrix.container}}
steps:
- uses: actions/checkout@v3
- id: gen_vars
run: |
CONTAINER=$(echo ${{ matrix.container }} | tr -d ":")
echo "container=$CONTAINER" >> $GITHUB_OUTPUT
- uses: actions/download-artifact@v3
with:
name: ${{ steps.gen_vars.outputs.container }}-debs
path: ~/debs
- name: install
run: ./scripts/install.sh ~/debs
registry:
needs: [deb]
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: actions/download-artifact@v3
with:
name: debianbullseye-debs
path: debs
- name: remove xen
run: rm debs/*xen*
- name: Build and push
uses: docker/build-push-action@v3
with:
context: .
file: package/Dockerfile-registry
push: true
tags: tklengyel/drakvuf:latest
cache-from: type=gha
cache-to: type=gha,mode=max