name: Build CI on: push: branches: [ master ] paths-ignore: - '.github/ISSUE_TEMPLATE/*' - .git-blame-ignore-revs - .github/dependabot.yml - .github/pull_request_template.md - .github/workflows/codeql-analysis.yml - .github/workflows/profile-checks.yml - .gitignore - .gitlab-ci.yml - CONTRIBUTING.md - COPYING - README - README.md - RELNOTES - SECURITY.md pull_request: branches: [ master ] paths-ignore: - '.github/ISSUE_TEMPLATE/*' - .git-blame-ignore-revs - .github/dependabot.yml - .github/pull_request_template.md - .github/workflows/codeql-analysis.yml - .github/workflows/profile-checks.yml - .gitignore - .gitlab-ci.yml - CONTRIBUTING.md - COPYING - README - README.md - RELNOTES - SECURITY.md permissions: # added using https://github.com/step-security/secure-workflows contents: read jobs: build_and_test: runs-on: ubuntu-22.04 steps: - name: Harden Runner uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 with: egress-policy: block allowed-endpoints: > azure.archive.ubuntu.com:80 debian.org:80 github.com:443 packages.microsoft.com:443 ppa.launchpadcontent.net:443 www.debian.org:443 www.debian.org:80 yahoo.com:1025 - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - name: update package information run: sudo apt-get update - name: install dependencies run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec - name: configure run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr - name: make run: make - name: make install run: sudo make install - name: print version run: command -V firejail && firejail --version - name: run tests run: SHELL=/bin/bash make test-github