From f7d18eeb9ec6ce0cfae9574940f4c0a8ba8f9eee Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Wed, 3 Nov 2021 13:40:22 -0700
Subject: [PATCH 1/3] Add Fedora 35 to CI

---
 .cirrus.yml             |  7 +++++++
 ci/fedora-35/Dockerfile | 23 +++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 ci/fedora-35/Dockerfile

diff --git a/.cirrus.yml b/.cirrus.yml
index 6157b8fb5d..04420c306d 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -93,6 +93,13 @@ env:
 # Linux EOL timelines: https://linuxlifecycle.com/
 # Fedora (~13 months): https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle
 
+fedora35_task:
+  container:
+    # Fedora 35 EOL: Around Dec 2022
+    dockerfile: ci/fedora-35/Dockerfile
+    << : *RESOURCES_TEMPLATE
+  << : *CI_TEMPLATE
+
 fedora34_task:
   container:
     # Fedora 34 EOL: Around May 2022
diff --git a/ci/fedora-35/Dockerfile b/ci/fedora-35/Dockerfile
new file mode 100644
index 0000000000..a168642ff3
--- /dev/null
+++ b/ci/fedora-35/Dockerfile
@@ -0,0 +1,23 @@
+FROM fedora:35
+
+RUN dnf -y install \
+    bison \
+    cmake \
+    diffutils \
+    findutils \
+    flex \
+    git \
+    gcc \
+    gcc-c++ \
+    libpcap-devel \
+    make \
+    openssl-devel \
+    python3-devel \
+    python3-pip\
+    sqlite \
+    swig \
+    which \
+    zlib-devel \
+  && dnf clean all && rm -rf /var/cache/dnf
+
+RUN pip3 install junit2html

From bac833a2f9facd0034214b5ab1b30e3ef469159d Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Wed, 3 Nov 2021 13:52:40 -0700
Subject: [PATCH 2/3] Add macOS Monterey and drop Catalina in CI

---
 .cirrus.yml | 8 ++++----
 ci/build.sh | 5 +++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.cirrus.yml b/.cirrus.yml
index 04420c306d..3b0b6bc8d9 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -219,16 +219,16 @@ alpine_task:
 
 # Apple doesn't publish official long-term support timelines.
 # We aim to support both the current and previous macOS release.
-macos_big_sur_task:
+macos_monterey_task:
   macos_instance:
-    image: big-sur-xcode-12.5
+    image: monterey-xcode-13.1
   prepare_script: ./ci/macos/prepare.sh
   << : *CI_TEMPLATE
   << : *MACOS_RESOURCES_TEMPLATE
 
-macos_catalina_task:
+macos_big_sur_task:
   macos_instance:
-    image: catalina-xcode
+    image: big-sur-xcode-12.5
   prepare_script: ./ci/macos/prepare.sh
   << : *CI_TEMPLATE
   << : *MACOS_RESOURCES_TEMPLATE
diff --git a/ci/build.sh b/ci/build.sh
index 20ca3237cc..051d119f62 100755
--- a/ci/build.sh
+++ b/ci/build.sh
@@ -10,6 +10,11 @@ set -x
 # some problems with Catalina specifically, but it doesn't break anything on Big Sur either.
 if [[ "${CIRRUS_OS}" == "darwin" ]]; then
     export ZEEK_CI_CONFIGURE_FLAGS="${ZEEK_CI_CONFIGURE_FLAGS} --osx-sysroot=$(xcrun --show-sdk-path)"
+
+    # Starting with Monterey & Xcode 13.1 we need to help it find OpenSSL
+    if [ -d /usr/local/opt/openssl@1.1/lib/pkgconfig ]; then
+        export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/opt/openssl@1.1/lib/pkgconfig
+    fi
 fi
 
 if [[ "${ZEEK_CI_CREATE_ARTIFACT}" != "1" ]]; then

From c1ebb279cad11d25f0d0255c73b697d1c44c0a01 Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Wed, 3 Nov 2021 15:22:20 -0700
Subject: [PATCH 3/3] Only push CI's Docker images when we're on the main repo

---
 .github/workflows/docker.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 8253d3d4e8..459e81e417 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -27,6 +27,7 @@ jobs:
       # Create and boot a loader. This will e.g., provide caching
       # so we avoid rebuilds of the same image after this step.
       - uses: docker/setup-buildx-action@v1
+
       - name: Build
         uses: docker/build-push-action@v2
         with:
@@ -43,6 +44,7 @@ jobs:
       - name: Get version
         id: version
         run: echo "::set-output name=RELEASE_VERSION::$(cat VERSION)"
+
       - name: Compute target tag
         id: target
         env:
@@ -65,15 +67,16 @@ jobs:
 
       - name: Login to DockerHub
         uses: docker/login-action@v1
-        # Secrets for the login are not available for pull requests.
-        if: github.event_name == 'push'
+        # Don't publish on forks. Also note that secrets for the login are not
+        # available for pull requests, so trigger on pushes only.
+        if: github.repository == 'zeek/zeek' && github.event_name == 'push'
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Push
         # Only publish if we did compute a tag.
-        if: github.event_name == 'push' && steps.target.outputs.tag != ''
+        if: github.repository == 'zeek/zeek' && github.event_name == 'push' && steps.target.outputs.tag != ''
         uses: docker/build-push-action@v2
         with:
           context: ./