build(deps): bump microsoft/msvc-code-analysis-action from 04825f6d9e00f87422d6bf04e1a38b1f3ed60d99 to 96315324a485db21449515180214ecb78c16a1c5 #159
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| pull_request: | |
| branches: [ master ] | |
| release: | |
| types: [edited, published] | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| name: PyInstaller for ${{ matrix.os }} / Py ${{ matrix.python_version }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| # set to false for debugging | |
| fail-fast: true | |
| matrix: | |
| # using Python 3.8 to support running across multiple operating systems including Windows 7 | |
| include: | |
| - os: ubuntu-20.04 | |
| # use old linux so that the shared library versioning is more portable | |
| artifact_name: capa | |
| asset_name: linux | |
| python_version: 3.8 | |
| - os: ubuntu-20.04 | |
| artifact_name: capa | |
| asset_name: linux-py311 | |
| python_version: 3.11 | |
| - os: windows-2019 | |
| artifact_name: capa.exe | |
| asset_name: windows | |
| python_version: 3.8 | |
| - os: macos-11 | |
| # use older macOS for assumed better portability | |
| artifact_name: capa | |
| asset_name: macos | |
| python_version: 3.8 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout capa | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| submodules: true | |
| - name: Set up Python ${{ matrix.python_version }} | |
| uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | |
| with: | |
| python-version: ${{ matrix.python_version }} | |
| - if: matrix.os == 'ubuntu-20.04' | |
| run: sudo apt-get install -y libyaml-dev | |
| - name: Upgrade pip, setuptools | |
| run: python -m pip install --upgrade pip setuptools | |
| - name: Install capa with build requirements | |
| run: pip install -e .[build] | |
| - name: Cache the rule set | |
| run: python ./scripts/cache-ruleset.py ./rules/ ./cache/ | |
| - name: Build standalone executable | |
| run: pyinstaller --log-level DEBUG .github/pyinstaller/pyinstaller.spec | |
| - name: Does it run (PE)? | |
| run: dist/capa -d "tests/data/Practical Malware Analysis Lab 01-01.dll_" | |
| - name: Does it run (Shellcode)? | |
| run: dist/capa -d "tests/data/499c2a85f6e8142c3f48d4251c9c7cd6.raw32" | |
| - name: Does it run (ELF)? | |
| run: dist/capa -d "tests/data/7351f8a40c5450557b24622417fc478d.elf_" | |
| - name: Does it run (CAPE)? | |
| run: | | |
| 7z e "tests/data/dynamic/cape/v2.2/d46900384c78863420fb3e297d0a2f743cd2b6b3f7f82bf64059a168e07aceb7.json.gz" | |
| dist/capa -d "d46900384c78863420fb3e297d0a2f743cd2b6b3f7f82bf64059a168e07aceb7.json" | |
| - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 | |
| with: | |
| name: ${{ matrix.asset_name }} | |
| path: dist/${{ matrix.artifact_name }} | |
| test_run: | |
| name: Test run on ${{ matrix.os }} / ${{ matrix.asset_name }} | |
| runs-on: ${{ matrix.os }} | |
| needs: [build] | |
| strategy: | |
| matrix: | |
| include: | |
| # OSs not already tested above | |
| - os: ubuntu-22.04 | |
| artifact_name: capa | |
| asset_name: linux | |
| - os: ubuntu-22.04 | |
| artifact_name: capa | |
| asset_name: linux-py311 | |
| - os: windows-2022 | |
| artifact_name: capa.exe | |
| asset_name: windows | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - name: Download ${{ matrix.asset_name }} | |
| uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 | |
| with: | |
| name: ${{ matrix.asset_name }} | |
| - name: Set executable flag | |
| if: matrix.os != 'windows-2022' | |
| run: chmod +x ${{ matrix.artifact_name }} | |
| - name: Run capa | |
| run: ./${{ matrix.artifact_name }} -h | |
| zip_and_upload: | |
| # upload zipped binaries to Release page | |
| if: github.event_name == 'release' | |
| name: zip and upload ${{ matrix.asset_name }} | |
| runs-on: ubuntu-20.04 | |
| needs: [build] | |
| strategy: | |
| matrix: | |
| include: | |
| - asset_name: linux | |
| artifact_name: capa | |
| - asset_name: linux-py311 | |
| artifact_name: capa | |
| - asset_name: windows | |
| artifact_name: capa.exe | |
| - asset_name: macos | |
| artifact_name: capa | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - name: Download ${{ matrix.asset_name }} | |
| uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 | |
| with: | |
| name: ${{ matrix.asset_name }} | |
| - name: Set executable flag | |
| run: chmod +x ${{ matrix.artifact_name }} | |
| - name: Set zip name | |
| run: echo "zip_name=capa-${GITHUB_REF#refs/tags/}-${{ matrix.asset_name }}.zip" >> $GITHUB_ENV | |
| - name: Zip ${{ matrix.artifact_name }} into ${{ env.zip_name }} | |
| run: zip ${{ env.zip_name }} ${{ matrix.artifact_name }} | |
| - name: Upload ${{ env.zip_name }} to GH Release | |
| uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN}} | |
| file: ${{ env.zip_name }} | |
| tag: ${{ github.ref }} |