v1.62.0

.github/workflows/ci.yml

@@ -1,47 +1,121 @@
 name: CI Pull Request
 
 on:
-  pull_request:
-  branches:
-  - main
+ pull_request:
+ branches:
+ - main
 
 env:
+ VCPKG_ROOT: C:\vcpkg
+ VCPKG_DOWNLOADS: C:\vcpkg\downloads
+ VCPKG_FEATURE_FLAGS: binarycaching
+ VCPKG_BINARY_SOURCES: clear;x-gha,readwrite
  RUST_TOOLCHAIN: "1.90"
 
-# This workflow runs on pull requests to the main branch
-# It builds the project for 2 platforms, Linux arm64 and macOS arm64,
-# and runs tests for each platform. All platforms tested on merge to main
 jobs:
- linux-arm64:
- name: Linux arm64
- runs-on: ubuntu-24.04-arm
- steps:
- - uses: actions/checkout@v4
- - uses: actions-rs/toolchain@v1
- with:
- toolchain: ${{ env.RUST_TOOLCHAIN }}
- profile: minimal
- override: true
- - uses: swatinem/rust-cache@v2
- - name: Build (Makefile linux-arm64)
- run: make ubuntu-arm64
- - name: Run tests
- run: make tests
- env:
- CARGO_BUILD_JOBS: 1
-
- macos-arm64:
- name: macOS arm64
- runs-on: macos-14
- steps:
- - uses: actions/checkout@v4
- - uses: actions-rs/toolchain@v1
- with:
- toolchain: ${{ env.RUST_TOOLCHAIN }}
- profile: minimal
- override: true
- - uses: swatinem/rust-cache@v2
- - name: Build (Makefile darwin-arm64)
- run: make darwin-arm64
- - name: Run tests
- run: make tests
+ linux-arm64:
+ name: Linux arm64
+ runs-on: ubuntu-24.04-arm
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions-rs/toolchain@v1
+ with:
+ toolchain: ${{ env.RUST_TOOLCHAIN }}
+ profile: minimal
+ override: true
+ - uses: swatinem/rust-cache@v2
+ - name: Build (Makefile linux-arm64)
+ run: make ubuntu-arm64
+ - name: Run tests
+ run: make tests
+ env:
+ CARGO_BUILD_JOBS: 1
+
+ macos-arm64:
+ name: macOS arm64
+ runs-on: macos-14
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions-rs/toolchain@v1
+ with:
+ toolchain: ${{ env.RUST_TOOLCHAIN }}
+ profile: minimal
+ override: true
+ - uses: swatinem/rust-cache@v2
+ - name: Build (Makefile darwin-arm64)
+ run: make darwin-arm64
+ - name: Run tests
+ run: make tests
+
+ windows:
+ name: Windows x64
+ runs-on: windows-latest
+
+ # Windows-only env to keep vcpkg consistent and enable caching
+ env:
+ VCPKG_ROOT: C:\vcpkg
+ VCPKG_DOWNLOADS: C:\vcpkg\downloads
+ VCPKG_FEATURE_FLAGS: binarycaching
+ VCPKG_BINARY_SOURCES: clear;x-gha,readwrite
+
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions-rs/toolchain@v1
+ with:
+ toolchain: ${{ env.RUST_TOOLCHAIN }}
+ profile: minimal
+ override: true
+
+ # Cache vcpkg artifacts & downloads (so we only fetch PCRE once)
+ - name: Cache vcpkg artifacts
+ uses: actions/cache@v4
+ with:
+ path: |
+ C:\vcpkg\buildtrees
+ C:\vcpkg\packages
+ C:\vcpkg\installed
+ C:\vcpkg\downloads
+ C:\vcpkg\archives
+ C:\Users\runneradmin\AppData\Local\vcpkg\archives
+ key: ${{ runner.os }}-vcpkg-hyperscan-542
+ restore-keys: |
+ ${{ runner.os }}-vcpkg-
+
+ # Ensure downloads dir exists and seed PCRE 8.45 zip from a working mirror
+ - name: Pre-seed PCRE 8.45 for vcpkg (bypass SourceForge redirect)
+ shell: pwsh
+ run: |
+ New-Item -ItemType Directory -Force -Path "$env:VCPKG_DOWNLOADS" | Out-Null
+ $dst = Join-Path $env:VCPKG_DOWNLOADS "pcre-8.45.zip"
+ if (-not (Test-Path $dst)) {
+ Invoke-WebRequest `
+ -Uri "https://versaweb.dl.sourceforge.net/project/pcre/pcre/8.45/pcre-8.45.zip" `
+ -OutFile $dst -UseBasicParsing
+ }
+ Get-ChildItem $env:VCPKG_DOWNLOADS
+
+ - uses: swatinem/rust-cache@v2
+
+ - name: Build
+ run: .\buildwin.bat
+ shell: cmd
+
+ - name: Run tests
+ shell: pwsh
+ run: |
+ if (-not (Get-Command cargo-nextest -ErrorAction SilentlyContinue)) {
+ cargo install --locked cargo-nextest
+ }
+ Write-Host "▶ cargo nextest run --release --workspace --all-targets"
+ cargo nextest run --release --workspace --all-targets
+
+ - name: Move artifact to dist
+ shell: bash
+ run: |
+ mkdir -p dist
+ cp target/release/kingfisher-windows-x64.zip dist/
+
+ - uses: actions/upload-artifact@v4
+ with:
+ name: kingfisher-windows-x64
+ path: dist/kingfisher-*windows-x64*.*

.github/workflows/release.yml

@@ -5,6 +5,10 @@ on:
  branches:
  - main
 env:
+ VCPKG_ROOT: C:\vcpkg
+ VCPKG_DOWNLOADS: C:\vcpkg\downloads
+ VCPKG_FEATURE_FLAGS: binarycaching
+ VCPKG_BINARY_SOURCES: clear;x-gha,readwrite
  RUST_TOOLCHAIN: "1.90"
 
 jobs:
@@ -198,13 +202,16 @@ jobs:
  C:\vcpkg\buildtrees
  C:\vcpkg\packages
  C:\vcpkg\installed
- key: ${{ runner.os }}-vcpkg-${{ hashFiles('vcpkg.json', 'vcpkg-configuration.cmake') }}
+ C:\vcpkg\downloads
+ C:\vcpkg\archives
+ C:\Users\runneradmin\AppData\Local\vcpkg\archives
+ key: ${{ runner.os }}-vcpkg-hyperscan-542
  restore-keys: |
  ${{ runner.os }}-vcpkg-
 
- - uses: Swatinem/rust-cache@v2 
+ - uses: Swatinem/rust-cache@v2
  - name: Build
- run: .\buildwin.bat -force
+ run: .\buildwin.bat
  shell: cmd
 
  - name: Run tests

CHANGELOG.md

@@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file.
 - Improved OpsGenie validation.
 - Automatically enable `--no-dedup` when `--manage-baseline` is supplied so baseline management keeps every finding.
 - This release is focused on further improving detection accuracy, before even attempting to validate findings.
+- Updated GitHub Actions CI for Windows and buildwin.bat script
 
 ## [v1.61.0]
 - Fixed local filesystem scans to keep `open_path_as_is` enabled when opening Git repositories and only disable it for diff-based scans.