diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/ISSUE_TEMPLATE/bug_report.md | 19 | ||||
-rw-r--r-- | .github/workflows/build.yml | 51 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 71 |
3 files changed, 131 insertions, 10 deletions
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index ae7b1089a..d36dd32e4 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md | |||
@@ -12,9 +12,9 @@ Write clear, concise and in textual form. | |||
12 | - Describe the bug. | 12 | - Describe the bug. |
13 | - What did you expect to happen? | 13 | - What did you expect to happen? |
14 | 14 | ||
15 | **No profile or disabling firejail** | 15 | **No profile and disabling firejail** |
16 | - What changed calling `firejail --noprofile PROGRAM` in a shell? | 16 | - What changed calling `firejail --noprofile /path/to/program` in a terminal? |
17 | - What changed calling the program *by path*=without firejail (check `whereis PROGRAM`, `firejail --list`, `stat $programpath`)? | 17 | - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? |
18 | 18 | ||
19 | **Reproduce** | 19 | **Reproduce** |
20 | Steps to reproduce the behavior: | 20 | Steps to reproduce the behavior: |
@@ -24,19 +24,18 @@ Steps to reproduce the behavior: | |||
24 | 4. Scroll down to '....' | 24 | 4. Scroll down to '....' |
25 | 25 | ||
26 | **Environment** | 26 | **Environment** |
27 | - Linux distribution and version (ie output of `lsb_release -a`) | 27 | - Linux distribution and version (ie output of `lsb_release -a`, `screenfetch` or `cat /etc/os-release`) |
28 | - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) | 28 | - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) |
29 | - What other programs interact with the affected program for the functionality? | ||
30 | - Are these listed in the profile? | ||
31 | 29 | ||
32 | **Additional context** | 30 | **Additional context** |
33 | Other context about the problem like related errors to understand the problem. | 31 | Other context about the problem like related errors to understand the problem. |
34 | 32 | ||
35 | **Checklist** | 33 | **Checklist** |
36 | - [ ] The upstream profile (and redirect profile if exists) have no changes fixing it. | 34 | - [ ] The upstream profile (and redirect profile if exists) have no changes fixing it. |
37 | - [ ] The upstream profile exists (`find / -name 'firejail' 2>/dev/null`/`fd firejail` to locate profiles ie in `/usr/local/etc/firejail/PROGRAM.profile`) | 35 | - [ ] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) |
38 | - [ ] Programs needed for interaction are listed. | 36 | - [ ] Programs needed for interaction are listed in the profile. |
39 | - [ ] Error was checked in search engine and on issue list without success. | 37 | - [ ] A short search for duplicates was performed. |
38 | - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. | ||
40 | 39 | ||
41 | 40 | ||
42 | <details><summary> debug output </summary> | 41 | <details><summary> debug output </summary> |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..56b38cb71 --- /dev/null +++ b/.github/workflows/build.yml | |||
@@ -0,0 +1,51 @@ | |||
1 | name: Build CI | ||
2 | |||
3 | on: | ||
4 | push: | ||
5 | branches: [ master ] | ||
6 | pull_request: | ||
7 | branches: [ master ] | ||
8 | |||
9 | jobs: | ||
10 | build: | ||
11 | runs-on: ubuntu-20.04 | ||
12 | steps: | ||
13 | - uses: actions/checkout@v2 | ||
14 | - name: install dependencies | ||
15 | run: sudo apt-get install gcc-10 libapparmor-dev libselinux1-dev | ||
16 | - name: configure | ||
17 | run: CC=gcc-10 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux | ||
18 | - name: make | ||
19 | run: make | ||
20 | build-clang: | ||
21 | runs-on: ubuntu-20.04 | ||
22 | steps: | ||
23 | - uses: actions/checkout@v2 | ||
24 | - name: configure | ||
25 | run: CC=clang-10 ./configure --enable-fatal-warnings | ||
26 | - name: make | ||
27 | run: make | ||
28 | scan-build: | ||
29 | runs-on: ubuntu-20.04 | ||
30 | steps: | ||
31 | - uses: actions/checkout@v2 | ||
32 | - name: install clang-tools-10 | ||
33 | run: sudo apt-get install clang-tools-10 | ||
34 | - name: configure | ||
35 | run: CC=clang-10 ./configure --enable-fatal-warnings | ||
36 | - name: scan-build | ||
37 | run: NO_EXTRA_CFLAGS="yes" scan-build-10 --status-bugs make | ||
38 | cppcheck: | ||
39 | runs-on: ubuntu-20.04 | ||
40 | steps: | ||
41 | - uses: actions/checkout@v2 | ||
42 | - name: install cppcheck | ||
43 | run: sudo apt-get install cppcheck | ||
44 | - name: cppcheck | ||
45 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance . | ||
46 | profile-sort: | ||
47 | runs-on: ubuntu-20.04 | ||
48 | steps: | ||
49 | - uses: actions/checkout@v2 | ||
50 | - name: check profiles | ||
51 | run: ./contrib/sort.py etc/*/{*.inc,*.net,*.profile} | ||
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000..a37bbb5c7 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -0,0 +1,71 @@ | |||
1 | # For most projects, this workflow file will not need changing; you simply need | ||
2 | # to commit it to your repository. | ||
3 | # | ||
4 | # You may wish to alter this file to override the set of languages analyzed, | ||
5 | # or to provide custom queries or build logic. | ||
6 | name: "CodeQL" | ||
7 | |||
8 | on: | ||
9 | push: | ||
10 | branches: [master] | ||
11 | pull_request: | ||
12 | # The branches below must be a subset of the branches above | ||
13 | branches: [master] | ||
14 | schedule: | ||
15 | - cron: '0 7 * * 2' | ||
16 | |||
17 | jobs: | ||
18 | analyze: | ||
19 | name: Analyze | ||
20 | runs-on: ubuntu-latest | ||
21 | |||
22 | strategy: | ||
23 | fail-fast: false | ||
24 | matrix: | ||
25 | # Override automatic language detection by changing the below list | ||
26 | # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] | ||
27 | language: ['cpp', 'python'] | ||
28 | # Learn more... | ||
29 | # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection | ||
30 | |||
31 | steps: | ||
32 | - name: Checkout repository | ||
33 | uses: actions/checkout@v2 | ||
34 | with: | ||
35 | # We must fetch at least the immediate parents so that if this is | ||
36 | # a pull request then we can checkout the head. | ||
37 | fetch-depth: 2 | ||
38 | |||
39 | # If this run was triggered by a pull request event, then checkout | ||
40 | # the head of the pull request instead of the merge commit. | ||
41 | - run: git checkout HEAD^2 | ||
42 | if: ${{ github.event_name == 'pull_request' }} | ||
43 | |||
44 | # Initializes the CodeQL tools for scanning. | ||
45 | - name: Initialize CodeQL | ||
46 | uses: github/codeql-action/init@v1 | ||
47 | with: | ||
48 | languages: ${{ matrix.language }} | ||
49 | # If you wish to specify custom queries, you can do so here or in a config file. | ||
50 | # By default, queries listed here will override any specified in a config file. | ||
51 | # Prefix the list here with "+" to use these queries and those in the config file. | ||
52 | # queries: ./path/to/local/query, your-org/your-repo/queries@main | ||
53 | |||
54 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
55 | # If this step fails, then you should remove it and run the build manually (see below) | ||
56 | - name: Autobuild | ||
57 | uses: github/codeql-action/autobuild@v1 | ||
58 | |||
59 | # âšī¸ Command-line programs to run using the OS shell. | ||
60 | # đ https://git.io/JvXDl | ||
61 | |||
62 | # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines | ||
63 | # and modify them (or add more) to build your code if your project | ||
64 | # uses a compiled language | ||
65 | |||
66 | #- run: | | ||
67 | # make bootstrap | ||
68 | # make release | ||
69 | |||
70 | - name: Perform CodeQL Analysis | ||
71 | uses: github/codeql-action/analyze@v1 | ||