Updated workflows and docs/packaging-naxsi.md (#166)

* Fix typo and updated instruction for Arch Linux
* Updated reuse and jobs
* Run CodeQL only when there is changes in the source code.

Author: wargio

.github/workflows/ci.yaml

@@ -29,7 +29,7 @@ jobs:
     container: ${{ matrix.container }}
     steps:
       - name: Checkout repository without submodule
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install system libinjection
         run: |
           sudo dnf -y install libinjection \
@@ -62,7 +62,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: recursive
           persist-credentials: false
@@ -75,7 +75,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: recursive
           persist-credentials: false

.github/workflows/codeql-analysis.yml

@@ -2,10 +2,14 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - main
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "main" ]
+    branches:
+      - main
+    paths:
+      - 'naxsi_src/**'
   schedule:
     - cron: '42 17 * * 2'
 
@@ -28,7 +32,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
         persist-credentials: false

.github/workflows/distros.yaml

@@ -26,7 +26,7 @@ jobs:
     name: "Release Tarball"
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
         persist-credentials: false
@@ -56,7 +56,7 @@ jobs:
     name: "Release Zip"
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
         persist-credentials: false
@@ -134,7 +134,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # APK package
     - name: Install required dependencies

.github/workflows/linter.yml

@@ -16,15 +16,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Check debug logs are disabled
       run: /bin/bash .scripts/ci-debug-check.sh
 
   distro-ci-check:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
         persist-credentials: false
@@ -35,9 +35,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Reuse Compliance Check
-      uses: fsfe/reuse-action@v2
+      uses: fsfe/reuse-action@v5
       with:
         args: --suppress-deprecation lint
 
@@ -46,7 +46,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Install wget, software-properties-common, lsb-release (dependencies of LLVM install script)
       run: sudo apt --assume-yes install wget software-properties-common lsb-release
     - name: Install automatic LLVM 16
@@ -60,7 +60,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Install python3
       run: sudo apt --assume-yes install python3
     - name: Format check rules

.github/workflows/windows.yml

@@ -31,7 +31,7 @@ jobs:
         shell: cmd
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
         persist-credentials: false

.reuse/dep5

@@ -0,0 +1,64 @@
+version = 1
+SPDX-PackageName = "Naxsi WAF"
+SPDX-PackageSupplier = "deroad <[email protected]>"
+SPDX-PackageDownloadLocation = "https://github.com/wargio/naxsi"
+
+[[annotations]]
+path = ".github/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2022 deroad <[email protected]>"
+SPDX-License-Identifier = "LGPL-3.0-only"
+
+[[annotations]]
+path = ".clang-format"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2022 deroad <[email protected]>"
+SPDX-License-Identifier = "LGPL-3.0-only"
+
+[[annotations]]
+path = [".gitignore", ".gitmodules"]
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2022 deroad <[email protected]>"
+SPDX-License-Identifier = "LGPL-3.0-only"
+
+[[annotations]]
+path = "distros/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2022 deroad <[email protected]>"
+SPDX-License-Identifier = "LGPL-3.0-only"
+
+[[annotations]]
+path = "naxsi_rules/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2022 deroad <[email protected]>"
+SPDX-License-Identifier = "LGPL-3.0-only"
+
+[[annotations]]
+path = ["README.md", ".gitattributes", "logo.png"]
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2019 nbs-system <[email protected]>"
+SPDX-License-Identifier = "GPL-3.0-or-later"
+
+[[annotations]]
+path = "naxsi_rules/naxsi_core.rules"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2019 nbs-system <[email protected]>"
+SPDX-License-Identifier = "GPL-3.0-or-later"
+
+[[annotations]]
+path = "unit-tests/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = ["2019 nbs-system <[email protected]> \\", "2022 deroad <[email protected]>"]
+SPDX-License-Identifier = "GPL-3.0-or-later"
+
+[[annotations]]
+path = "docs/**.md"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2022 deroad <[email protected]>"
+SPDX-License-Identifier = "LGPL-3.0-only"
+
+[[annotations]]
+path = "docs/old**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2019 nbs-system <[email protected]>"
+SPDX-License-Identifier = "GPL-3.0-or-later"

REUSE.toml

@@ -2,15 +2,11 @@
 
 This section describes how to build naxsi from source and package it for various distros.
 
-## Packaging for Ubuntu and Debian
+## Packaging for Ubuntu and Debian Linux.
 
 > ℹ️ Info
 >
-> Ubuntu Mantic uses **`libpcre2-dev`** instad of `libpcre3-dev`.
-
-> ℹ️ Info
->
-> Debian bookworm uses **`libpcre2-dev`** and requires also **`libperl-dev`**
+> Some Ubuntu & Debian releases, like *Mantic* and *Bookworm*, uses **`libpcre2-dev`** instead of `libpcre3-dev`.
 
 ```bash
 # first fetch all required dependencies
@@ -82,13 +78,12 @@ sed -i "s/@NAXSI_VERSION@/$NAXSI_VERSION/" "$DEB_PKG/control.install"
 
 ```bash
 # fetch the needed dependencies
-pacman -Syy --needed --noconfirm sudo base-devel git
+pacman -Syy --needed --noconfirm sudo wget base-devel git
 
-# clone the repo with all submodules
-git clone --recurse-submodules https://github.com/wargio/naxsi.git
+# fetch PKGBUILD (you can also use tags) instead of the main branch
+wget https://raw.githubusercontent.com/wargio/naxsi/refs/heads/main/distros/arch/PKGBUILD
 
 # build the package
-cd naxsi/distros/arch
 makepkg -s
 ```