From 82d28795a78fd0786fb833ebf7d3b4fe9c86d390 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Mon, 14 Aug 2023 19:42:33 -0300
Subject: ci: split build and test into separate workflows

Testing takes significantly longer than building, so this makes the
default build check faster.
---
 .github/workflows/build.yml | 27 +------------
 .github/workflows/test.yml  | 96 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+), 26 deletions(-)
 create mode 100644 .github/workflows/test.yml

(limited to '.github/workflows')

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c898c34f5..1c5fb5f6d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -49,27 +49,18 @@ permissions:  # added using https://github.com/step-security/secure-workflows
   contents: read
 
 jobs:
-  build_and_test:
+  build:
     runs-on: ubuntu-22.04
-    env:
-      SHELL: /bin/bash
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
         egress-policy: block
         allowed-endpoints: >
-          1.1.1.1:1025
           azure.archive.ubuntu.com:80
-          debian.org:80
-          dns.quad9.net:53
           github.com:443
           packages.microsoft.com:443
           ppa.launchpadcontent.net:443
-          whois.pir.org:43
-          www.debian.org:443
-          www.debian.org:80
-          yahoo.com:1025
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
     - name: update package information
       run: sudo apt-get update -qy
@@ -91,19 +82,3 @@ jobs:
       run: sudo make install
     - name: print firejail version
       run: command -V firejail && firejail --version
-    - run: make lab-setup
-    - run: make test-seccomp-extra
-    - run: make test-firecfg
-    - run: make test-capabilities
-    - run: make test-apparmor
-    - run: make test-appimage
-    - run: make test-chroot
-    - run: make test-sysutils
-    - run: make test-private-etc
-    - run: make test-profiles
-    - run: make test-fcopy
-    - run: make test-fnetfilter
-    - run: make test-fs
-    - run: make test-utils
-    - run: make test-environment
-    - run: make test-network
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 000000000..83c9a578a
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,96 @@
+name: Test
+
+on:
+  push:
+    paths:
+      - 'm4/**'
+      - 'src/**.c'
+      - 'src/**.h'
+      - 'src/**.mk'
+      - 'src/**Makefile'
+      - 'test/**'
+      - .github/workflows/test.yml
+      - Makefile
+      - config.mk.in
+      - config.sh.in
+      - configure
+      - configure.ac
+      - src/firecfg/firecfg.config
+  pull_request:
+    paths:
+      - 'm4/**'
+      - 'src/**.c'
+      - 'src/**.h'
+      - 'src/**.mk'
+      - 'src/**Makefile'
+      - 'test/**'
+      - .github/workflows/test.yml
+      - Makefile
+      - config.mk.in
+      - config.sh.in
+      - configure
+      - configure.ac
+      - src/firecfg/firecfg.config
+
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-22.04
+    env:
+      SHELL: /bin/bash
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+      with:
+        egress-policy: block
+        allowed-endpoints: >
+          1.1.1.1:1025
+          azure.archive.ubuntu.com:80
+          debian.org:80
+          dns.quad9.net:53
+          github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+          whois.pir.org:43
+          www.debian.org:443
+          www.debian.org:80
+          yahoo.com:1025
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+    - name: update package information
+      run: sudo apt-get update -qy
+    - name: install dependencies
+      run: >
+        sudo apt-get install -qy
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
+        bridge-utils
+    - name: print env
+      run: ./ci/printenv.sh
+    - name: configure
+      run: >
+        CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings
+        --enable-analyzer --enable-apparmor --enable-selinux
+        || (cat config.log; exit 1)
+    - name: make
+      run: make
+    - name: make install
+      run: sudo make install
+    - name: print firejail version
+      run: command -V firejail && firejail --version
+    - run: make lab-setup
+    - run: make test-seccomp-extra
+    - run: make test-firecfg
+    - run: make test-capabilities
+    - run: make test-apparmor
+    - run: make test-appimage
+    - run: make test-chroot
+    - run: make test-sysutils
+    - run: make test-private-etc
+    - run: make test-profiles
+    - run: make test-fcopy
+    - run: make test-fnetfilter
+    - run: make test-fs
+    - run: make test-utils
+    - run: make test-environment
+    - run: make test-network
-- 
cgit v1.2.3-54-g00ecf