diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/build.yml | 27 | ||||
-rw-r--r-- | .github/workflows/test.yml | 96 |
2 files changed, 97 insertions, 26 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c898c34f5..1c5fb5f6d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -49,27 +49,18 @@ permissions: # added using https://github.com/step-security/secure-workflows | |||
49 | contents: read | 49 | contents: read |
50 | 50 | ||
51 | jobs: | 51 | jobs: |
52 | build_and_test: | 52 | build: |
53 | runs-on: ubuntu-22.04 | 53 | runs-on: ubuntu-22.04 |
54 | env: | ||
55 | SHELL: /bin/bash | ||
56 | steps: | 54 | steps: |
57 | - name: Harden Runner | 55 | - name: Harden Runner |
58 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | 56 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 |
59 | with: | 57 | with: |
60 | egress-policy: block | 58 | egress-policy: block |
61 | allowed-endpoints: > | 59 | allowed-endpoints: > |
62 | 1.1.1.1:1025 | ||
63 | azure.archive.ubuntu.com:80 | 60 | azure.archive.ubuntu.com:80 |
64 | debian.org:80 | ||
65 | dns.quad9.net:53 | ||
66 | github.com:443 | 61 | github.com:443 |
67 | packages.microsoft.com:443 | 62 | packages.microsoft.com:443 |
68 | ppa.launchpadcontent.net:443 | 63 | ppa.launchpadcontent.net:443 |
69 | whois.pir.org:43 | ||
70 | www.debian.org:443 | ||
71 | www.debian.org:80 | ||
72 | yahoo.com:1025 | ||
73 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 64 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
74 | - name: update package information | 65 | - name: update package information |
75 | run: sudo apt-get update -qy | 66 | run: sudo apt-get update -qy |
@@ -91,19 +82,3 @@ jobs: | |||
91 | run: sudo make install | 82 | run: sudo make install |
92 | - name: print firejail version | 83 | - name: print firejail version |
93 | run: command -V firejail && firejail --version | 84 | run: command -V firejail && firejail --version |
94 | - run: make lab-setup | ||
95 | - run: make test-seccomp-extra | ||
96 | - run: make test-firecfg | ||
97 | - run: make test-capabilities | ||
98 | - run: make test-apparmor | ||
99 | - run: make test-appimage | ||
100 | - run: make test-chroot | ||
101 | - run: make test-sysutils | ||
102 | - run: make test-private-etc | ||
103 | - run: make test-profiles | ||
104 | - run: make test-fcopy | ||
105 | - run: make test-fnetfilter | ||
106 | - run: make test-fs | ||
107 | - run: make test-utils | ||
108 | - run: make test-environment | ||
109 | - run: make test-network | ||
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 000000000..83c9a578a --- /dev/null +++ b/.github/workflows/test.yml | |||
@@ -0,0 +1,96 @@ | |||
1 | name: Test | ||
2 | |||
3 | on: | ||
4 | push: | ||
5 | paths: | ||
6 | - 'm4/**' | ||
7 | - 'src/**.c' | ||
8 | - 'src/**.h' | ||
9 | - 'src/**.mk' | ||
10 | - 'src/**Makefile' | ||
11 | - 'test/**' | ||
12 | - .github/workflows/test.yml | ||
13 | - Makefile | ||
14 | - config.mk.in | ||
15 | - config.sh.in | ||
16 | - configure | ||
17 | - configure.ac | ||
18 | - src/firecfg/firecfg.config | ||
19 | pull_request: | ||
20 | paths: | ||
21 | - 'm4/**' | ||
22 | - 'src/**.c' | ||
23 | - 'src/**.h' | ||
24 | - 'src/**.mk' | ||
25 | - 'src/**Makefile' | ||
26 | - 'test/**' | ||
27 | - .github/workflows/test.yml | ||
28 | - Makefile | ||
29 | - config.mk.in | ||
30 | - config.sh.in | ||
31 | - configure | ||
32 | - configure.ac | ||
33 | - src/firecfg/firecfg.config | ||
34 | |||
35 | permissions: # added using https://github.com/step-security/secure-workflows | ||
36 | contents: read | ||
37 | |||
38 | jobs: | ||
39 | test: | ||
40 | runs-on: ubuntu-22.04 | ||
41 | env: | ||
42 | SHELL: /bin/bash | ||
43 | steps: | ||
44 | - name: Harden Runner | ||
45 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | ||
46 | with: | ||
47 | egress-policy: block | ||
48 | allowed-endpoints: > | ||
49 | 1.1.1.1:1025 | ||
50 | azure.archive.ubuntu.com:80 | ||
51 | debian.org:80 | ||
52 | dns.quad9.net:53 | ||
53 | github.com:443 | ||
54 | packages.microsoft.com:443 | ||
55 | ppa.launchpadcontent.net:443 | ||
56 | whois.pir.org:43 | ||
57 | www.debian.org:443 | ||
58 | www.debian.org:80 | ||
59 | yahoo.com:1025 | ||
60 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
61 | - name: update package information | ||
62 | run: sudo apt-get update -qy | ||
63 | - name: install dependencies | ||
64 | run: > | ||
65 | sudo apt-get install -qy | ||
66 | gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois | ||
67 | bridge-utils | ||
68 | - name: print env | ||
69 | run: ./ci/printenv.sh | ||
70 | - name: configure | ||
71 | run: > | ||
72 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | ||
73 | --enable-analyzer --enable-apparmor --enable-selinux | ||
74 | || (cat config.log; exit 1) | ||
75 | - name: make | ||
76 | run: make | ||
77 | - name: make install | ||
78 | run: sudo make install | ||
79 | - name: print firejail version | ||
80 | run: command -V firejail && firejail --version | ||
81 | - run: make lab-setup | ||
82 | - run: make test-seccomp-extra | ||
83 | - run: make test-firecfg | ||
84 | - run: make test-capabilities | ||
85 | - run: make test-apparmor | ||
86 | - run: make test-appimage | ||
87 | - run: make test-chroot | ||
88 | - run: make test-sysutils | ||
89 | - run: make test-private-etc | ||
90 | - run: make test-profiles | ||
91 | - run: make test-fcopy | ||
92 | - run: make test-fnetfilter | ||
93 | - run: make test-fs | ||
94 | - run: make test-utils | ||
95 | - run: make test-environment | ||
96 | - run: make test-network | ||