1 files changed, 57 insertions, 0 deletions
diff --git a/.github/workflows/check-profiles.yml b/.github/workflows/check-profiles.yml
new file mode 100644
index 000000000..5167516e8
--- /dev/null
+++ b/.github/workflows/check-profiles.yml
@@ -0,0 +1,57 @@
+name: Check-Profiles
+on:
+  push:
+    paths:
+      - 'ci/check/profiles/**'
+      - 'etc/**'
+      - .github/workflows/check-profiles.yml
+      - ci/printenv.sh
+      - contrib/sort.py
+      - src/firecfg/firecfg.config
+  pull_request:
+    paths:
+      - 'ci/check/profiles/**'
+      - 'etc/**'
+      - .github/workflows/check-profiles.yml
+      - ci/printenv.sh
+      - contrib/sort.py
+      - src/firecfg/firecfg.config
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+jobs:
+  profile-checks:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+      with:
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          github.com:443
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+    - name: print env
+      run: ./ci/printenv.sh
+    - run: python3 --version
+#   - name: sort.py
+#     run: >
+#       ./ci/check/profiles/sort.py
+#       etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile
+# Currently broken (see #5610)
+#   - name: private-etc-always-required.sh
+#     run: >
+#       ./ci/check/profiles/private-etc-always-required.sh
+#       etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile
+    - name: sort-disable-programs.sh
+      run: >
+        ./ci/check/profiles/sort-disable-programs.sh
+        etc/inc/disable-programs.inc
+    - name: sort-firecfg.config.sh
+      run: >
+        ./ci/check/profiles/sort-firecfg.config.sh
+        src/firecfg/firecfg.config

diff --git a/.github/workflows/check-profiles.yml b/.github/workflows/check-profiles.yml new file mode 100644 index 000000000..5167516e8 --- /dev/null +++ b/.github/workflows/check-profiles.yml
@@ -0,0 +1,57 @@
	1	name: Check-Profiles
	2
	3	on:
	4	push:
	5	paths:
	6	- 'ci/check/profiles/**'
	7	- 'etc/**'
	8	- .github/workflows/check-profiles.yml
	9	- ci/printenv.sh
	10	- contrib/sort.py
	11	- src/firecfg/firecfg.config
	12	pull_request:
	13	paths:
	14	- 'ci/check/profiles/**'
	15	- 'etc/**'
	16	- .github/workflows/check-profiles.yml
	17	- ci/printenv.sh
	18	- contrib/sort.py
	19	- src/firecfg/firecfg.config
	20
	21	permissions: # added using https://github.com/step-security/secure-workflows
	22	contents: read
	23
	24	jobs:
	25	profile-checks:
	26	runs-on: ubuntu-latest
	27	steps:
	28	- name: Harden Runner
	29	uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
	30	with:
	31	disable-sudo: true
	32	egress-policy: block
	33	allowed-endpoints: >
	34	github.com:443
	35
	36	- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
	37	- name: print env
	38	run: ./ci/printenv.sh
	39	- run: python3 --version
	40
	41	# - name: sort.py
	42	# run: >
	43	# ./ci/check/profiles/sort.py
	44	# etc/inc/.inc etc/{profile-a-l,profile-m-z}/.profile
	45	# Currently broken (see #5610)
	46	# - name: private-etc-always-required.sh
	47	# run: >
	48	# ./ci/check/profiles/private-etc-always-required.sh
	49	# etc/inc/.inc etc/{profile-a-l,profile-m-z}/.profile
	50	- name: sort-disable-programs.sh
	51	run: >
	52	./ci/check/profiles/sort-disable-programs.sh
	53	etc/inc/disable-programs.inc
	54	- name: sort-firecfg.config.sh
	55	run: >
	56	./ci/check/profiles/sort-firecfg.config.sh
	57	src/firecfg/firecfg.config