diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/build-extra.yml | 26 | ||||
-rw-r--r-- | .github/workflows/build.yml | 6 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 6 | ||||
-rw-r--r-- | .github/workflows/profile-checks.yml | 2 |
4 files changed, 26 insertions, 14 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index da54c1094..9296062c1 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -34,11 +34,13 @@ on: | |||
34 | 34 | ||
35 | jobs: | 35 | jobs: |
36 | build-clang: | 36 | build-clang: |
37 | runs-on: ubuntu-20.04 | 37 | runs-on: ubuntu-22.04 |
38 | steps: | 38 | steps: |
39 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 39 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
40 | - name: install dependencies | ||
41 | run: sudo apt-get install libapparmor-dev libselinux1-dev | ||
40 | - name: configure | 42 | - name: configure |
41 | run: CC=clang-11 ./configure --enable-fatal-warnings | 43 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux |
42 | - name: make | 44 | - name: make |
43 | run: make | 45 | run: make |
44 | - name: make install | 46 | - name: make install |
@@ -46,16 +48,26 @@ jobs: | |||
46 | - name: print version | 48 | - name: print version |
47 | run: command -V firejail && firejail --version | 49 | run: command -V firejail && firejail --version |
48 | scan-build: | 50 | scan-build: |
49 | runs-on: ubuntu-20.04 | 51 | runs-on: ubuntu-22.04 |
50 | steps: | 52 | steps: |
51 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 53 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
52 | - name: install clang-tools-11 | 54 | - name: install clang-tools-14 and dependencies |
53 | run: sudo apt-get install clang-tools-11 | 55 | run: sudo apt-get install clang-tools-14 libapparmor-dev libselinux1-dev |
54 | - name: configure | 56 | - name: configure |
55 | run: CC=clang-11 ./configure --enable-fatal-warnings | 57 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux |
56 | - name: scan-build | 58 | - name: scan-build |
57 | run: NO_EXTRA_CFLAGS="yes" scan-build-11 --status-bugs make | 59 | run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make |
58 | cppcheck: | 60 | cppcheck: |
61 | runs-on: ubuntu-22.04 | ||
62 | steps: | ||
63 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | ||
64 | - name: install cppcheck | ||
65 | run: sudo apt-get install cppcheck | ||
66 | - name: cppcheck | ||
67 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance -i src/firejail/checkcfg.c -i src/firejail/main.c . | ||
68 | # new cppcheck version currently chokes on checkcfg.c and main.c, therefore scan all files also | ||
69 | # with older cppcheck version from ubuntu 20.04. | ||
70 | cppcheck_old: | ||
59 | runs-on: ubuntu-20.04 | 71 | runs-on: ubuntu-20.04 |
60 | steps: | 72 | steps: |
61 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 73 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7b23ea0b3..3203e0677 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -26,15 +26,15 @@ on: | |||
26 | 26 | ||
27 | jobs: | 27 | jobs: |
28 | build_and_test: | 28 | build_and_test: |
29 | runs-on: ubuntu-20.04 | 29 | runs-on: ubuntu-22.04 |
30 | steps: | 30 | steps: |
31 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 31 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
32 | - name: update package information | 32 | - name: update package information |
33 | run: sudo apt-get update | 33 | run: sudo apt-get update |
34 | - name: install dependencies | 34 | - name: install dependencies |
35 | run: sudo apt-get install gcc-11 libapparmor-dev libselinux1-dev expect xzdec | 35 | run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec |
36 | - name: configure | 36 | - name: configure |
37 | run: CC=gcc-11 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr | 37 | run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr |
38 | - name: make | 38 | - name: make |
39 | run: make | 39 | run: make |
40 | - name: make install | 40 | - name: make install |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index fb5e7f9b3..4a09ad9d8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -53,7 +53,7 @@ jobs: | |||
53 | 53 | ||
54 | # Initializes the CodeQL tools for scanning. | 54 | # Initializes the CodeQL tools for scanning. |
55 | - name: Initialize CodeQL | 55 | - name: Initialize CodeQL |
56 | uses: github/codeql-action/init@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 | 56 | uses: github/codeql-action/init@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 |
57 | with: | 57 | with: |
58 | languages: ${{ matrix.language }} | 58 | languages: ${{ matrix.language }} |
59 | # If you wish to specify custom queries, you can do so here or in a config file. | 59 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -64,7 +64,7 @@ jobs: | |||
64 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 64 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
65 | # If this step fails, then you should remove it and run the build manually (see below) | 65 | # If this step fails, then you should remove it and run the build manually (see below) |
66 | - name: Autobuild | 66 | - name: Autobuild |
67 | uses: github/codeql-action/autobuild@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 | 67 | uses: github/codeql-action/autobuild@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 |
68 | 68 | ||
69 | # âšī¸ Command-line programs to run using the OS shell. | 69 | # âšī¸ Command-line programs to run using the OS shell. |
70 | # đ https://git.io/JvXDl | 70 | # đ https://git.io/JvXDl |
@@ -78,4 +78,4 @@ jobs: | |||
78 | # make release | 78 | # make release |
79 | 79 | ||
80 | - name: Perform CodeQL Analysis | 80 | - name: Perform CodeQL Analysis |
81 | uses: github/codeql-action/analyze@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 | 81 | uses: github/codeql-action/analyze@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 9138e8a57..d235aeb64 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -18,7 +18,7 @@ on: | |||
18 | 18 | ||
19 | jobs: | 19 | jobs: |
20 | profile-checks: | 20 | profile-checks: |
21 | runs-on: ubuntu-20.04 | 21 | runs-on: ubuntu-latest |
22 | steps: | 22 | steps: |
23 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 23 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
24 | - name: sort.py | 24 | - name: sort.py |