diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/build-extra.yml | 26 | ||||
| -rw-r--r-- | .github/workflows/build.yml | 6 | ||||
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 6 | ||||
| -rw-r--r-- | .github/workflows/profile-checks.yml | 2 |
4 files changed, 26 insertions, 14 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index da54c1094..9296062c1 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
| @@ -34,11 +34,13 @@ on: | |||
| 34 | 34 | ||
| 35 | jobs: | 35 | jobs: |
| 36 | build-clang: | 36 | build-clang: |
| 37 | runs-on: ubuntu-20.04 | 37 | runs-on: ubuntu-22.04 |
| 38 | steps: | 38 | steps: |
| 39 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 39 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
| 40 | - name: install dependencies | ||
| 41 | run: sudo apt-get install libapparmor-dev libselinux1-dev | ||
| 40 | - name: configure | 42 | - name: configure |
| 41 | run: CC=clang-11 ./configure --enable-fatal-warnings | 43 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux |
| 42 | - name: make | 44 | - name: make |
| 43 | run: make | 45 | run: make |
| 44 | - name: make install | 46 | - name: make install |
| @@ -46,16 +48,26 @@ jobs: | |||
| 46 | - name: print version | 48 | - name: print version |
| 47 | run: command -V firejail && firejail --version | 49 | run: command -V firejail && firejail --version |
| 48 | scan-build: | 50 | scan-build: |
| 49 | runs-on: ubuntu-20.04 | 51 | runs-on: ubuntu-22.04 |
| 50 | steps: | 52 | steps: |
| 51 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 53 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
| 52 | - name: install clang-tools-11 | 54 | - name: install clang-tools-14 and dependencies |
| 53 | run: sudo apt-get install clang-tools-11 | 55 | run: sudo apt-get install clang-tools-14 libapparmor-dev libselinux1-dev |
| 54 | - name: configure | 56 | - name: configure |
| 55 | run: CC=clang-11 ./configure --enable-fatal-warnings | 57 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux |
| 56 | - name: scan-build | 58 | - name: scan-build |
| 57 | run: NO_EXTRA_CFLAGS="yes" scan-build-11 --status-bugs make | 59 | run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make |
| 58 | cppcheck: | 60 | cppcheck: |
| 61 | runs-on: ubuntu-22.04 | ||
| 62 | steps: | ||
| 63 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | ||
| 64 | - name: install cppcheck | ||
| 65 | run: sudo apt-get install cppcheck | ||
| 66 | - name: cppcheck | ||
| 67 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance -i src/firejail/checkcfg.c -i src/firejail/main.c . | ||
| 68 | # new cppcheck version currently chokes on checkcfg.c and main.c, therefore scan all files also | ||
| 69 | # with older cppcheck version from ubuntu 20.04. | ||
| 70 | cppcheck_old: | ||
| 59 | runs-on: ubuntu-20.04 | 71 | runs-on: ubuntu-20.04 |
| 60 | steps: | 72 | steps: |
| 61 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 73 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7b23ea0b3..3203e0677 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
| @@ -26,15 +26,15 @@ on: | |||
| 26 | 26 | ||
| 27 | jobs: | 27 | jobs: |
| 28 | build_and_test: | 28 | build_and_test: |
| 29 | runs-on: ubuntu-20.04 | 29 | runs-on: ubuntu-22.04 |
| 30 | steps: | 30 | steps: |
| 31 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 31 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
| 32 | - name: update package information | 32 | - name: update package information |
| 33 | run: sudo apt-get update | 33 | run: sudo apt-get update |
| 34 | - name: install dependencies | 34 | - name: install dependencies |
| 35 | run: sudo apt-get install gcc-11 libapparmor-dev libselinux1-dev expect xzdec | 35 | run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec |
| 36 | - name: configure | 36 | - name: configure |
| 37 | run: CC=gcc-11 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr | 37 | run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr |
| 38 | - name: make | 38 | - name: make |
| 39 | run: make | 39 | run: make |
| 40 | - name: make install | 40 | - name: make install |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index fb5e7f9b3..4a09ad9d8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
| @@ -53,7 +53,7 @@ jobs: | |||
| 53 | 53 | ||
| 54 | # Initializes the CodeQL tools for scanning. | 54 | # Initializes the CodeQL tools for scanning. |
| 55 | - name: Initialize CodeQL | 55 | - name: Initialize CodeQL |
| 56 | uses: github/codeql-action/init@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 | 56 | uses: github/codeql-action/init@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 |
| 57 | with: | 57 | with: |
| 58 | languages: ${{ matrix.language }} | 58 | languages: ${{ matrix.language }} |
| 59 | # If you wish to specify custom queries, you can do so here or in a config file. | 59 | # If you wish to specify custom queries, you can do so here or in a config file. |
| @@ -64,7 +64,7 @@ jobs: | |||
| 64 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 64 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
| 65 | # If this step fails, then you should remove it and run the build manually (see below) | 65 | # If this step fails, then you should remove it and run the build manually (see below) |
| 66 | - name: Autobuild | 66 | - name: Autobuild |
| 67 | uses: github/codeql-action/autobuild@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 | 67 | uses: github/codeql-action/autobuild@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 |
| 68 | 68 | ||
| 69 | # âšī¸ Command-line programs to run using the OS shell. | 69 | # âšī¸ Command-line programs to run using the OS shell. |
| 70 | # đ https://git.io/JvXDl | 70 | # đ https://git.io/JvXDl |
| @@ -78,4 +78,4 @@ jobs: | |||
| 78 | # make release | 78 | # make release |
| 79 | 79 | ||
| 80 | - name: Perform CodeQL Analysis | 80 | - name: Perform CodeQL Analysis |
| 81 | uses: github/codeql-action/analyze@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 | 81 | uses: github/codeql-action/analyze@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 9138e8a57..d235aeb64 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
| @@ -18,7 +18,7 @@ on: | |||
| 18 | 18 | ||
| 19 | jobs: | 19 | jobs: |
| 20 | profile-checks: | 20 | profile-checks: |
| 21 | runs-on: ubuntu-20.04 | 21 | runs-on: ubuntu-latest |
| 22 | steps: | 22 | steps: |
| 23 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 23 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
| 24 | - name: sort.py | 24 | - name: sort.py |