ci: split build and test into separate workflows

Testing takes significantly longer than building, so this makes the default build check faster.
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-08-14 19:42:33 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-08-22 04:52:55 -0300
commit: 82d28795a78fd0786fb833ebf7d3b4fe9c86d390 (patch)
tree: 5ab9fb6d41b30aca4d27edc2f9159c843023d1c0 /.github
parent: ci: remove "CI" from workflow names (diff)
download: firejail-82d28795a78fd0786fb833ebf7d3b4fe9c86d390.tar.gz
firejail-82d28795a78fd0786fb833ebf7d3b4fe9c86d390.tar.zst
firejail-82d28795a78fd0786fb833ebf7d3b4fe9c86d390.zip
2 files changed, 97 insertions, 26 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c898c34f5..1c5fb5f6d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -49,27 +49,18 @@ permissions:  # added using https://github.com/step-security/secure-workflows
  contents: read
 jobs:
-  build_and_test:
+  build:
    runs-on: ubuntu-22.04
-    env:
-      SHELL: /bin/bash
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
      with:
        egress-policy: block
        allowed-endpoints: >
-          1.1.1.1:1025
          azure.archive.ubuntu.com:80
-          debian.org:80
-          dns.quad9.net:53
          github.com:443
          packages.microsoft.com:443
          ppa.launchpadcontent.net:443
-          whois.pir.org:43
-          www.debian.org:443
-          www.debian.org:80
-          yahoo.com:1025
    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
    - name: update package information
      run: sudo apt-get update -qy
@@ -91,19 +82,3 @@ jobs:
      run: sudo make install
    - name: print firejail version
      run: command -V firejail && firejail --version
-    - run: make lab-setup
-    - run: make test-seccomp-extra
-    - run: make test-firecfg
-    - run: make test-capabilities
-    - run: make test-apparmor
-    - run: make test-appimage
-    - run: make test-chroot
-    - run: make test-sysutils
-    - run: make test-private-etc
-    - run: make test-profiles
-    - run: make test-fcopy
-    - run: make test-fnetfilter
-    - run: make test-fs
-    - run: make test-utils
-    - run: make test-environment
-    - run: make test-network
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 000000000..83c9a578a
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,96 @@
+name: Test
+on:
+  push:
+    paths:
+      - 'm4/**'
+      - 'src/**.c'
+      - 'src/**.h'
+      - 'src/**.mk'
+      - 'src/**Makefile'
+      - 'test/**'
+      - .github/workflows/test.yml
+      - Makefile
+      - config.mk.in
+      - config.sh.in
+      - configure
+      - configure.ac
+      - src/firecfg/firecfg.config
+  pull_request:
+    paths:
+      - 'm4/**'
+      - 'src/**.c'
+      - 'src/**.h'
+      - 'src/**.mk'
+      - 'src/**Makefile'
+      - 'test/**'
+      - .github/workflows/test.yml
+      - Makefile
+      - config.mk.in
+      - config.sh.in
+      - configure
+      - configure.ac
+      - src/firecfg/firecfg.config
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+jobs:
+  test:
+    runs-on: ubuntu-22.04
+    env:
+      SHELL: /bin/bash
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+      with:
+        egress-policy: block
+        allowed-endpoints: >
+          1.1.1.1:1025
+          azure.archive.ubuntu.com:80
+          debian.org:80
+          dns.quad9.net:53
+          github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+          whois.pir.org:43
+          www.debian.org:443
+          www.debian.org:80
+          yahoo.com:1025
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+    - name: update package information
+      run: sudo apt-get update -qy
+    - name: install dependencies
+      run: >
+        sudo apt-get install -qy
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
+        bridge-utils
+    - name: print env
+      run: ./ci/printenv.sh
+    - name: configure
+      run: >
+        CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings
+        --enable-analyzer --enable-apparmor --enable-selinux
+        || (cat config.log; exit 1)
+    - name: make
+      run: make
+    - name: make install
+      run: sudo make install
+    - name: print firejail version
+      run: command -V firejail && firejail --version
+    - run: make lab-setup
+    - run: make test-seccomp-extra
+    - run: make test-firecfg
+    - run: make test-capabilities
+    - run: make test-apparmor
+    - run: make test-appimage
+    - run: make test-chroot
+    - run: make test-sysutils
+    - run: make test-private-etc
+    - run: make test-profiles
+    - run: make test-fcopy
+    - run: make test-fnetfilter
+    - run: make test-fs
+    - run: make test-utils
+    - run: make test-environment
+    - run: make test-network
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-08-14 19:42:33 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-08-22 04:52:55 -0300
commit	82d28795a78fd0786fb833ebf7d3b4fe9c86d390 (patch)
tree	5ab9fb6d41b30aca4d27edc2f9159c843023d1c0 /.github
parent	ci: remove "CI" from workflow names (diff)
download	firejail-82d28795a78fd0786fb833ebf7d3b4fe9c86d390.tar.gz firejail-82d28795a78fd0786fb833ebf7d3b4fe9c86d390.tar.zst firejail-82d28795a78fd0786fb833ebf7d3b4fe9c86d390.zip

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c898c34f5..1c5fb5f6d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml
@@ -49,27 +49,18 @@ permissions: # added using https://github.com/step-security/secure-workflows
49	contents: read	49	contents: read
50		50
51	jobs:	51	jobs:
52	build_and_test:	52	build:
53	runs-on: ubuntu-22.04	53	runs-on: ubuntu-22.04
54	env:
55	SHELL: /bin/bash
56	steps:	54	steps:
57	- name: Harden Runner	55	- name: Harden Runner
58	uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09	56	uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
59	with:	57	with:
60	egress-policy: block	58	egress-policy: block
61	allowed-endpoints: >	59	allowed-endpoints: >
62	1.1.1.1:1025
63	azure.archive.ubuntu.com:80	60	azure.archive.ubuntu.com:80
64	debian.org:80
65	dns.quad9.net:53
66	github.com:443	61	github.com:443
67	packages.microsoft.com:443	62	packages.microsoft.com:443
68	ppa.launchpadcontent.net:443	63	ppa.launchpadcontent.net:443
69	whois.pir.org:43
70	www.debian.org:443
71	www.debian.org:80
72	yahoo.com:1025
73	- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9	64	- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
74	- name: update package information	65	- name: update package information
75	run: sudo apt-get update -qy	66	run: sudo apt-get update -qy
@@ -91,19 +82,3 @@ jobs:
91	run: sudo make install	82	run: sudo make install
92	- name: print firejail version	83	- name: print firejail version
93	run: command -V firejail && firejail --version	84	run: command -V firejail && firejail --version
94	- run: make lab-setup
95	- run: make test-seccomp-extra
96	- run: make test-firecfg
97	- run: make test-capabilities
98	- run: make test-apparmor
99	- run: make test-appimage
100	- run: make test-chroot
101	- run: make test-sysutils
102	- run: make test-private-etc
103	- run: make test-profiles
104	- run: make test-fcopy
105	- run: make test-fnetfilter
106	- run: make test-fs
107	- run: make test-utils
108	- run: make test-environment
109	- run: make test-network


diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 000000000..83c9a578a --- /dev/null +++ b/.github/workflows/test.yml
@@ -0,0 +1,96 @@
		1	name: Test
		2
		3	on:
		4	push:
		5	paths:
		6	- 'm4/**'
		7	- 'src/**.c'
		8	- 'src/**.h'
		9	- 'src/**.mk'
		10	- 'src/**Makefile'
		11	- 'test/**'
		12	- .github/workflows/test.yml
		13	- Makefile
		14	- config.mk.in
		15	- config.sh.in
		16	- configure
		17	- configure.ac
		18	- src/firecfg/firecfg.config
		19	pull_request:
		20	paths:
		21	- 'm4/**'
		22	- 'src/**.c'
		23	- 'src/**.h'
		24	- 'src/**.mk'
		25	- 'src/**Makefile'
		26	- 'test/**'
		27	- .github/workflows/test.yml
		28	- Makefile
		29	- config.mk.in
		30	- config.sh.in
		31	- configure
		32	- configure.ac
		33	- src/firecfg/firecfg.config
		34
		35	permissions: # added using https://github.com/step-security/secure-workflows
		36	contents: read
		37
		38	jobs:
		39	test:
		40	runs-on: ubuntu-22.04
		41	env:
		42	SHELL: /bin/bash
		43	steps:
		44	- name: Harden Runner
		45	uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
		46	with:
		47	egress-policy: block
		48	allowed-endpoints: >
		49	1.1.1.1:1025
		50	azure.archive.ubuntu.com:80
		51	debian.org:80
		52	dns.quad9.net:53
		53	github.com:443
		54	packages.microsoft.com:443
		55	ppa.launchpadcontent.net:443
		56	whois.pir.org:43
		57	www.debian.org:443
		58	www.debian.org:80
		59	yahoo.com:1025
		60	- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
		61	- name: update package information
		62	run: sudo apt-get update -qy
		63	- name: install dependencies
		64	run: >
		65	sudo apt-get install -qy
		66	gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
		67	bridge-utils
		68	- name: print env
		69	run: ./ci/printenv.sh
		70	- name: configure
		71	run: >
		72	CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings
		73	--enable-analyzer --enable-apparmor --enable-selinux
		74	\|\| (cat config.log; exit 1)
		75	- name: make
		76	run: make
		77	- name: make install
		78	run: sudo make install
		79	- name: print firejail version
		80	run: command -V firejail && firejail --version
		81	- run: make lab-setup
		82	- run: make test-seccomp-extra
		83	- run: make test-firecfg
		84	- run: make test-capabilities
		85	- run: make test-apparmor
		86	- run: make test-appimage
		87	- run: make test-chroot
		88	- run: make test-sysutils
		89	- run: make test-private-etc
		90	- run: make test-profiles
		91	- run: make test-fcopy
		92	- run: make test-fnetfilter
		93	- run: make test-fs
		94	- run: make test-utils
		95	- run: make test-environment
		96	- run: make test-network