diff options
Diffstat (limited to '.github/workflows/build-extra.yml')
| -rw-r--r-- | .github/workflows/build-extra.yml | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index b6e8e902b..b538fde68 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
| @@ -68,82 +68,3 @@ jobs: | |||
| 68 | run: sudo make install | 68 | run: sudo make install |
| 69 | - name: print version | 69 | - name: print version |
| 70 | run: command -V firejail && firejail --version | 70 | run: command -V firejail && firejail --version |
| 71 | scan-build: | ||
| 72 | runs-on: ubuntu-22.04 | ||
| 73 | steps: | ||
| 74 | - name: Harden Runner | ||
| 75 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | ||
| 76 | with: | ||
| 77 | egress-policy: block | ||
| 78 | allowed-endpoints: > | ||
| 79 | archive.ubuntu.com:80 | ||
| 80 | azure.archive.ubuntu.com:80 | ||
| 81 | github.com:443 | ||
| 82 | packages.microsoft.com:443 | ||
| 83 | ppa.launchpadcontent.net:443 | ||
| 84 | security.ubuntu.com:80 | ||
| 85 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
| 86 | - name: update package information | ||
| 87 | run: sudo apt-get update -qy | ||
| 88 | - name: install clang-tools-14 and dependencies | ||
| 89 | run: > | ||
| 90 | sudo apt-get install -qy | ||
| 91 | clang-tools-14 libapparmor-dev libselinux1-dev | ||
| 92 | - name: print env | ||
| 93 | run: ./ci/printenv.sh | ||
| 94 | - name: configure | ||
| 95 | run: > | ||
| 96 | CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor | ||
| 97 | --enable-selinux | ||
| 98 | || (cat config.log; exit 1) | ||
| 99 | - name: scan-build | ||
| 100 | run: scan-build-14 --status-bugs make | ||
| 101 | cppcheck: | ||
| 102 | runs-on: ubuntu-22.04 | ||
| 103 | steps: | ||
| 104 | - name: Harden Runner | ||
| 105 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | ||
| 106 | with: | ||
| 107 | egress-policy: block | ||
| 108 | allowed-endpoints: > | ||
| 109 | archive.ubuntu.com:80 | ||
| 110 | azure.archive.ubuntu.com:80 | ||
| 111 | github.com:443 | ||
| 112 | packages.microsoft.com:443 | ||
| 113 | ppa.launchpadcontent.net:443 | ||
| 114 | security.ubuntu.com:80 | ||
| 115 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
| 116 | - name: update package information | ||
| 117 | run: sudo apt-get update -qy | ||
| 118 | - name: install cppcheck | ||
| 119 | run: sudo apt-get install -qy cppcheck | ||
| 120 | - run: cppcheck --version | ||
| 121 | - name: cppcheck | ||
| 122 | run: > | ||
| 123 | cppcheck -q --force --error-exitcode=1 --enable=warning,performance | ||
| 124 | -i src/firejail/checkcfg.c -i src/firejail/main.c . | ||
| 125 | # new cppcheck version currently chokes on checkcfg.c and main.c, therefore | ||
| 126 | # scan all files also with older cppcheck version from ubuntu 20.04. | ||
| 127 | cppcheck_old: | ||
| 128 | runs-on: ubuntu-20.04 | ||
| 129 | steps: | ||
| 130 | - name: Harden Runner | ||
| 131 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | ||
| 132 | with: | ||
| 133 | egress-policy: block | ||
| 134 | allowed-endpoints: > | ||
| 135 | archive.ubuntu.com:80 | ||
| 136 | azure.archive.ubuntu.com:80 | ||
| 137 | github.com:443 | ||
| 138 | packages.microsoft.com:443 | ||
| 139 | ppa.launchpad.net:80 | ||
| 140 | ppa.launchpadcontent.net:443 | ||
| 141 | security.ubuntu.com:80 | ||
| 142 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
| 143 | - name: update package information | ||
| 144 | run: sudo apt-get update -qy | ||
| 145 | - name: install cppcheck | ||
| 146 | run: sudo apt-get install -qy cppcheck | ||
| 147 | - run: cppcheck --version | ||
| 148 | - name: cppcheck | ||
| 149 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance . | ||