diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/build-extra.yml | 26 | ||||
-rw-r--r-- | .github/workflows/build.yml | 6 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 6 | ||||
-rw-r--r-- | .github/workflows/profile-checks.yml | 2 |
4 files changed, 26 insertions, 14 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 6f9a4bc2c..ff812ca32 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -28,11 +28,13 @@ on: | |||
28 | 28 | ||
29 | jobs: | 29 | jobs: |
30 | build-clang: | 30 | build-clang: |
31 | runs-on: ubuntu-20.04 | 31 | runs-on: ubuntu-22.04 |
32 | steps: | 32 | steps: |
33 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 33 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
34 | - name: install dependencies | ||
35 | run: sudo apt-get install libapparmor-dev libselinux1-dev | ||
34 | - name: configure | 36 | - name: configure |
35 | run: CC=clang-11 ./configure --enable-fatal-warnings | 37 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux |
36 | - name: make | 38 | - name: make |
37 | run: make | 39 | run: make |
38 | - name: make install | 40 | - name: make install |
@@ -40,16 +42,26 @@ jobs: | |||
40 | - name: print version | 42 | - name: print version |
41 | run: command -V firejail && firejail --version | 43 | run: command -V firejail && firejail --version |
42 | scan-build: | 44 | scan-build: |
43 | runs-on: ubuntu-20.04 | 45 | runs-on: ubuntu-22.04 |
44 | steps: | 46 | steps: |
45 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 47 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
46 | - name: install clang-tools-11 | 48 | - name: install clang-tools-14 and dependencies |
47 | run: sudo apt-get install clang-tools-11 | 49 | run: sudo apt-get install clang-tools-14 libapparmor-dev libselinux1-dev |
48 | - name: configure | 50 | - name: configure |
49 | run: CC=clang-11 ./configure --enable-fatal-warnings | 51 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux |
50 | - name: scan-build | 52 | - name: scan-build |
51 | run: NO_EXTRA_CFLAGS="yes" scan-build-11 --status-bugs make | 53 | run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make |
52 | cppcheck: | 54 | cppcheck: |
55 | runs-on: ubuntu-22.04 | ||
56 | steps: | ||
57 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | ||
58 | - name: install cppcheck | ||
59 | run: sudo apt-get install cppcheck | ||
60 | - name: cppcheck | ||
61 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance -i src/firejail/checkcfg.c -i src/firejail/main.c . | ||
62 | # new cppcheck version currently chokes on checkcfg.c and main.c, therefore scan all files also | ||
63 | # with older cppcheck version from ubuntu 20.04. | ||
64 | cppcheck_old: | ||
53 | runs-on: ubuntu-20.04 | 65 | runs-on: ubuntu-20.04 |
54 | steps: | 66 | steps: |
55 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 67 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cc7893305..75811d83a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -20,15 +20,15 @@ on: | |||
20 | 20 | ||
21 | jobs: | 21 | jobs: |
22 | build_and_test: | 22 | build_and_test: |
23 | runs-on: ubuntu-20.04 | 23 | runs-on: ubuntu-22.04 |
24 | steps: | 24 | steps: |
25 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 25 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
26 | - name: update package information | 26 | - name: update package information |
27 | run: sudo apt-get update | 27 | run: sudo apt-get update |
28 | - name: install dependencies | 28 | - name: install dependencies |
29 | run: sudo apt-get install gcc-11 libapparmor-dev libselinux1-dev expect xzdec | 29 | run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec |
30 | - name: configure | 30 | - name: configure |
31 | run: CC=gcc-11 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr | 31 | run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr |
32 | - name: make | 32 | - name: make |
33 | run: make | 33 | run: make |
34 | - name: make install | 34 | - name: make install |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d34a48aa3..4a8663124 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -47,7 +47,7 @@ jobs: | |||
47 | 47 | ||
48 | # Initializes the CodeQL tools for scanning. | 48 | # Initializes the CodeQL tools for scanning. |
49 | - name: Initialize CodeQL | 49 | - name: Initialize CodeQL |
50 | uses: github/codeql-action/init@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 | 50 | uses: github/codeql-action/init@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 |
51 | with: | 51 | with: |
52 | languages: ${{ matrix.language }} | 52 | languages: ${{ matrix.language }} |
53 | # If you wish to specify custom queries, you can do so here or in a config file. | 53 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -58,7 +58,7 @@ jobs: | |||
58 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 58 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
59 | # If this step fails, then you should remove it and run the build manually (see below) | 59 | # If this step fails, then you should remove it and run the build manually (see below) |
60 | - name: Autobuild | 60 | - name: Autobuild |
61 | uses: github/codeql-action/autobuild@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 | 61 | uses: github/codeql-action/autobuild@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 |
62 | 62 | ||
63 | # âšī¸ Command-line programs to run using the OS shell. | 63 | # âšī¸ Command-line programs to run using the OS shell. |
64 | # đ https://git.io/JvXDl | 64 | # đ https://git.io/JvXDl |
@@ -72,4 +72,4 @@ jobs: | |||
72 | # make release | 72 | # make release |
73 | 73 | ||
74 | - name: Perform CodeQL Analysis | 74 | - name: Perform CodeQL Analysis |
75 | uses: github/codeql-action/analyze@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 | 75 | uses: github/codeql-action/analyze@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 9138e8a57..d235aeb64 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -18,7 +18,7 @@ on: | |||
18 | 18 | ||
19 | jobs: | 19 | jobs: |
20 | profile-checks: | 20 | profile-checks: |
21 | runs-on: ubuntu-20.04 | 21 | runs-on: ubuntu-latest |
22 | steps: | 22 | steps: |
23 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 23 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
24 | - name: sort.py | 24 | - name: sort.py |