diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-08-14 22:30:29 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-08-20 06:21:42 -0300 |
commit | 2f1b352e4e4fcc9c44fa618dfaf7e04b6f972caf (patch) | |
tree | 5c13a4d1b7eeaba1a680c425bae9fa6290f59e41 /.github/workflows/check-profiles.yml | |
parent | ci: use path whitelists instead of blacklists (diff) | |
download | firejail-2f1b352e4e4fcc9c44fa618dfaf7e04b6f972caf.tar.gz firejail-2f1b352e4e4fcc9c44fa618dfaf7e04b6f972caf.tar.zst firejail-2f1b352e4e4fcc9c44fa618dfaf7e04b6f972caf.zip |
ci: rename profile-checks.yml to check-profiles.yml
Diffstat (limited to '.github/workflows/check-profiles.yml')
-rw-r--r-- | .github/workflows/check-profiles.yml | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/.github/workflows/check-profiles.yml b/.github/workflows/check-profiles.yml new file mode 100644 index 000000000..5167516e8 --- /dev/null +++ b/.github/workflows/check-profiles.yml | |||
@@ -0,0 +1,57 @@ | |||
1 | name: Check-Profiles | ||
2 | |||
3 | on: | ||
4 | push: | ||
5 | paths: | ||
6 | - 'ci/check/profiles/**' | ||
7 | - 'etc/**' | ||
8 | - .github/workflows/check-profiles.yml | ||
9 | - ci/printenv.sh | ||
10 | - contrib/sort.py | ||
11 | - src/firecfg/firecfg.config | ||
12 | pull_request: | ||
13 | paths: | ||
14 | - 'ci/check/profiles/**' | ||
15 | - 'etc/**' | ||
16 | - .github/workflows/check-profiles.yml | ||
17 | - ci/printenv.sh | ||
18 | - contrib/sort.py | ||
19 | - src/firecfg/firecfg.config | ||
20 | |||
21 | permissions: # added using https://github.com/step-security/secure-workflows | ||
22 | contents: read | ||
23 | |||
24 | jobs: | ||
25 | profile-checks: | ||
26 | runs-on: ubuntu-latest | ||
27 | steps: | ||
28 | - name: Harden Runner | ||
29 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | ||
30 | with: | ||
31 | disable-sudo: true | ||
32 | egress-policy: block | ||
33 | allowed-endpoints: > | ||
34 | github.com:443 | ||
35 | |||
36 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
37 | - name: print env | ||
38 | run: ./ci/printenv.sh | ||
39 | - run: python3 --version | ||
40 | |||
41 | # - name: sort.py | ||
42 | # run: > | ||
43 | # ./ci/check/profiles/sort.py | ||
44 | # etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | ||
45 | # Currently broken (see #5610) | ||
46 | # - name: private-etc-always-required.sh | ||
47 | # run: > | ||
48 | # ./ci/check/profiles/private-etc-always-required.sh | ||
49 | # etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | ||
50 | - name: sort-disable-programs.sh | ||
51 | run: > | ||
52 | ./ci/check/profiles/sort-disable-programs.sh | ||
53 | etc/inc/disable-programs.inc | ||
54 | - name: sort-firecfg.config.sh | ||
55 | run: > | ||
56 | ./ci/check/profiles/sort-firecfg.config.sh | ||
57 | src/firecfg/firecfg.config | ||