100 Days of Yara in 2024: Day 02
My first post for #100DaysofYARA showed how to contribute to YARA-X, the open source tool written in Rust that we all know and love. There’s a lot of fun in thinking up ideas and implementing new features for tools, especially in the open source community. However, I think a spotlight needs to be put on the maintenance and chore aspect as well, because it takes a lot of effort in that regard to (shoutout to Victor M. Alvarez, author and maintainer of YARA and its lovely ecosystem). This post just highlights some of the maintenance work required in a repository like this, as I found some chores to do yesterday!
Motivation
There’s a LOT of moving parts in a project, open source or not. However, there’s not always folks being paid to maintain the software that we know and love. In YARA’s case, I believe it is worked on as part of @plusvic’s role at Google/VirusTotal, which is awesome. However, if you want to get into contributing to open source, you can do that in more ways than just new features :).
Assisting in the maintenance and upkeep of a project can also allow others to focus on newer features and implementations while someone else keeps the other aspects running behind the scenes: tests, continuous integration/continuous deployment (CI/CD), bug fixes, updates, etc.
Doing the Thing
In my case, I was looking at the tests for my PR from yesterday’s post, and I saw some deprecation warnings:
As with any warnings, they’re like there for a reason! If you can fix them without breaking anything, it’s a good idea to do so. In this case, the specific warning is that node version 12 is no longer supported in GitHub Actions, and we see this warning because certain Actions in the YARA-X workflows are using them. In the warnings themselves, we can see it’s a specific action called actions-rs/cargo
. Once we get to the repository for this specific action, we can already see it’s been archived, so it is no longer under development or actively maintained.
Knowing this, it’s probably a good idea to see if we can get the repository off the use of this action just in case any other issues may arise in the future. Further in the README for actions-rs/cargo
, we see a specific section about use-cases and why one may want to use this, instead of just calling run: cargo test
in a step:
Evaluating the use-cases listed above, the purpose of this action in YARA-X’s case is to run the tests. We have other workflows and steps to check warnings, errors, and formatting. As such, I made a change to alter the workflow to just use run: cargo test
instead of using the deprecated and archived action.
Old Step
- name: Run cargo test
uses: actions-rs/cargo@v1
with:
command: test
args: --all-targets ${{ matrix.args }}
env:
RUSTFLAGS: -Awarnings # Allow all warnings
New Step
- name: Run cargo test
run: cargo test --all-targets ${{ matrix.args }}
env:
RUSTFLAGS: -Awarnings # Allow all warnings
Checking the Work
As with anything, we need to ensure everything still functions the same as before, minus the warnings about deprecation.
In GitHub Actions, when you make a change to the workflows, it’ll run those workflows if applicable on the PR. In our case, we will be able to see right away if the deprecation warnings are gone:
Voila! No more deprecation warnings for YARA-X’s test framework in Github Actions.
Finished Work
As with yesterday, we finished today up with a fresh pull request:
- #66 on YARA-X