diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/test.yml | 183 |
1 files changed, 169 insertions, 14 deletions
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e716c32cf..771e7ce4c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml | |||
@@ -35,8 +35,175 @@ on: | |||
35 | permissions: # added using https://github.com/step-security/secure-workflows | 35 | permissions: # added using https://github.com/step-security/secure-workflows |
36 | contents: read | 36 | contents: read |
37 | 37 | ||
38 | # | ||
39 | # Faster tests | ||
40 | # | ||
41 | |||
38 | jobs: | 42 | jobs: |
39 | test: | 43 | test-main: |
44 | runs-on: ubuntu-22.04 | ||
45 | env: | ||
46 | SHELL: /bin/bash | ||
47 | steps: | ||
48 | - name: Harden Runner | ||
49 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | ||
50 | with: | ||
51 | egress-policy: block | ||
52 | allowed-endpoints: > | ||
53 | azure.archive.ubuntu.com:80 | ||
54 | github.com:443 | ||
55 | packages.microsoft.com:443 | ||
56 | ppa.launchpadcontent.net:443 | ||
57 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
58 | - name: update package information | ||
59 | run: sudo apt-get update -qy | ||
60 | - name: install dependencies | ||
61 | run: > | ||
62 | sudo apt-get install -qy | ||
63 | gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils | ||
64 | - name: print env | ||
65 | run: ./ci/printenv.sh | ||
66 | - name: configure | ||
67 | run: > | ||
68 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | ||
69 | --enable-analyzer --enable-apparmor --enable-selinux | ||
70 | || (cat config.log; exit 1) | ||
71 | - name: make | ||
72 | run: make -j "$(nproc)" | ||
73 | - name: make install | ||
74 | run: sudo make install | ||
75 | - name: print firejail version | ||
76 | run: command -V firejail && firejail --version | ||
77 | - run: make lab-setup | ||
78 | - run: make test-seccomp-extra | ||
79 | - run: make test-firecfg | ||
80 | - run: make test-capabilities | ||
81 | - run: make test-apparmor | ||
82 | - run: make test-appimage | ||
83 | - run: make test-chroot | ||
84 | - run: make test-fcopy | ||
85 | |||
86 | # | ||
87 | # Slower tests | ||
88 | # | ||
89 | |||
90 | test-fs: | ||
91 | runs-on: ubuntu-22.04 | ||
92 | env: | ||
93 | SHELL: /bin/bash | ||
94 | steps: | ||
95 | - name: Harden Runner | ||
96 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | ||
97 | with: | ||
98 | egress-policy: block | ||
99 | allowed-endpoints: > | ||
100 | azure.archive.ubuntu.com:80 | ||
101 | github.com:443 | ||
102 | packages.microsoft.com:443 | ||
103 | ppa.launchpadcontent.net:443 | ||
104 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
105 | - name: update package information | ||
106 | run: sudo apt-get update -qy | ||
107 | - name: install dependencies | ||
108 | run: > | ||
109 | sudo apt-get install -qy | ||
110 | gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils | ||
111 | - name: print env | ||
112 | run: ./ci/printenv.sh | ||
113 | - name: configure | ||
114 | run: > | ||
115 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | ||
116 | --enable-analyzer --enable-apparmor --enable-selinux | ||
117 | || (cat config.log; exit 1) | ||
118 | - name: make | ||
119 | run: make -j "$(nproc)" | ||
120 | - name: make install | ||
121 | run: sudo make install | ||
122 | - name: print firejail version | ||
123 | run: command -V firejail && firejail --version | ||
124 | - run: make lab-setup | ||
125 | - run: make test-private-etc | ||
126 | - run: make test-fs | ||
127 | |||
128 | test-environment: | ||
129 | runs-on: ubuntu-22.04 | ||
130 | env: | ||
131 | SHELL: /bin/bash | ||
132 | steps: | ||
133 | - name: Harden Runner | ||
134 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | ||
135 | with: | ||
136 | egress-policy: block | ||
137 | allowed-endpoints: > | ||
138 | azure.archive.ubuntu.com:80 | ||
139 | github.com:443 | ||
140 | packages.microsoft.com:443 | ||
141 | ppa.launchpadcontent.net:443 | ||
142 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
143 | - name: update package information | ||
144 | run: sudo apt-get update -qy | ||
145 | - name: install dependencies | ||
146 | run: > | ||
147 | sudo apt-get install -qy | ||
148 | gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils | ||
149 | - name: print env | ||
150 | run: ./ci/printenv.sh | ||
151 | - name: configure | ||
152 | run: > | ||
153 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | ||
154 | --enable-analyzer --enable-apparmor --enable-selinux | ||
155 | || (cat config.log; exit 1) | ||
156 | - name: make | ||
157 | run: make -j "$(nproc)" | ||
158 | - name: make install | ||
159 | run: sudo make install | ||
160 | - name: print firejail version | ||
161 | run: command -V firejail && firejail --version | ||
162 | - run: make lab-setup | ||
163 | - run: make test-environment | ||
164 | - run: make test-profiles | ||
165 | |||
166 | test-utils: | ||
167 | runs-on: ubuntu-22.04 | ||
168 | env: | ||
169 | SHELL: /bin/bash | ||
170 | steps: | ||
171 | - name: Harden Runner | ||
172 | uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 | ||
173 | with: | ||
174 | egress-policy: block | ||
175 | allowed-endpoints: > | ||
176 | azure.archive.ubuntu.com:80 | ||
177 | debian.org:80 | ||
178 | github.com:443 | ||
179 | packages.microsoft.com:443 | ||
180 | ppa.launchpadcontent.net:443 | ||
181 | www.debian.org:443 | ||
182 | www.debian.org:80 | ||
183 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
184 | - name: update package information | ||
185 | run: sudo apt-get update -qy | ||
186 | - name: install dependencies | ||
187 | run: > | ||
188 | sudo apt-get install -qy | ||
189 | gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils | ||
190 | - name: print env | ||
191 | run: ./ci/printenv.sh | ||
192 | - name: configure | ||
193 | run: > | ||
194 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | ||
195 | --enable-analyzer --enable-apparmor --enable-selinux | ||
196 | || (cat config.log; exit 1) | ||
197 | - name: make | ||
198 | run: make -j "$(nproc)" | ||
199 | - name: make install | ||
200 | run: sudo make install | ||
201 | - name: print firejail version | ||
202 | run: command -V firejail && firejail --version | ||
203 | - run: make lab-setup | ||
204 | - run: make test-utils | ||
205 | |||
206 | test-network: | ||
40 | runs-on: ubuntu-22.04 | 207 | runs-on: ubuntu-22.04 |
41 | env: | 208 | env: |
42 | SHELL: /bin/bash | 209 | SHELL: /bin/bash |
@@ -79,18 +246,6 @@ jobs: | |||
79 | - name: print firejail version | 246 | - name: print firejail version |
80 | run: command -V firejail && firejail --version | 247 | run: command -V firejail && firejail --version |
81 | - run: make lab-setup | 248 | - run: make lab-setup |
82 | - run: make test-seccomp-extra | ||
83 | - run: make test-firecfg | ||
84 | - run: make test-capabilities | ||
85 | - run: make test-apparmor | ||
86 | - run: make test-appimage | ||
87 | - run: make test-chroot | ||
88 | - run: make test-sysutils | ||
89 | - run: make test-private-etc | ||
90 | - run: make test-profiles | ||
91 | - run: make test-fcopy | ||
92 | - run: make test-fnetfilter | 249 | - run: make test-fnetfilter |
93 | - run: make test-fs | 250 | - run: make test-sysutils |
94 | - run: make test-utils | ||
95 | - run: make test-environment | ||
96 | - run: make test-network | 251 | - run: make test-network |