name: Build CI

on:
  push:
    branches: [ master ]
    paths-ignore:
      - '.github/ISSUE_TEMPLATE/*'
      - .git-blame-ignore-revs
      - .github/dependabot.yml
      - .github/pull_request_template.md
      - .github/workflows/codeql-analysis.yml
      - .gitignore
      - .gitlab-ci.yml
      - CONTRIBUTING.md
      - COPYING
      - README
      - README.md
      - RELNOTES
      - SECURITY.md
  pull_request:
    branches: [ master ]
    paths-ignore:
      - '.github/ISSUE_TEMPLATE/*'
      - .git-blame-ignore-revs
      - .github/dependabot.yml
      - .github/pull_request_template.md
      - .github/workflows/codeql-analysis.yml
      - .gitignore
      - .gitlab-ci.yml
      - CONTRIBUTING.md
      - COPYING
      - README
      - README.md
      - RELNOTES
      - SECURITY.md

permissions:  # added using https://github.com/step-security/secure-workflows
  contents: read

jobs:
  build_and_test:
    runs-on: ubuntu-22.04
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
      with:
        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
    - name: update package information
      run: sudo apt-get update
    - name: install dependencies
      run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec
    - name: configure
      run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr
    - name: make
      run: make
    - name: make install
      run: sudo make install
    - name: print version
      run: command -V firejail && firejail --version
    - name: run tests
      run: SHELL=/bin/bash make test-github