name: Test on: push: paths: - 'm4/**' - 'src/**.c' - 'src/**.h' - 'src/**.mk' - 'src/**Makefile' - 'test/**' - .github/workflows/test.yml - Makefile - config.mk.in - config.sh.in - configure - configure.ac - src/firecfg/firecfg.config pull_request: paths: - 'm4/**' - 'src/**.c' - 'src/**.h' - 'src/**.mk' - 'src/**Makefile' - 'test/**' - .github/workflows/test.yml - Makefile - config.mk.in - config.sh.in - configure - configure.ac - src/firecfg/firecfg.config permissions: # added using https://github.com/step-security/secure-workflows contents: read # # Faster tests # jobs: test-main: runs-on: ubuntu-22.04 env: SHELL: /bin/bash steps: - name: Harden Runner uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: block allowed-endpoints: > azure.archive.ubuntu.com:80 github.com:443 packages.microsoft.com:443 ppa.launchpadcontent.net:443 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: update package information run: sudo apt-get update -qy - name: install dependencies run: > sudo apt-get install -qy gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils - name: print env run: ./ci/printenv.sh - name: configure run: > CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux || (cat config.log; exit 1) - name: make run: make -j "$(nproc)" - name: make install run: sudo make install - name: print firejail version run: command -V firejail && firejail --version - run: make lab-setup - run: make test-seccomp-extra - run: make test-firecfg - run: make test-capabilities - run: make test-apparmor - run: make test-appimage - run: make test-chroot - run: make test-fcopy # # Slower tests # test-fs: runs-on: ubuntu-22.04 env: SHELL: /bin/bash steps: - name: Harden Runner uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: block allowed-endpoints: > azure.archive.ubuntu.com:80 github.com:443 packages.microsoft.com:443 ppa.launchpadcontent.net:443 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: update package information run: sudo apt-get update -qy - name: install dependencies run: > sudo apt-get install -qy gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils - name: print env run: ./ci/printenv.sh - name: configure run: > CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux || (cat config.log; exit 1) - name: make run: make -j "$(nproc)" - name: make install run: sudo make install - name: print firejail version run: command -V firejail && firejail --version - run: make lab-setup - run: make test-private-etc - run: make test-fs test-environment: runs-on: ubuntu-22.04 env: SHELL: /bin/bash steps: - name: Harden Runner uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: block allowed-endpoints: > azure.archive.ubuntu.com:80 github.com:443 packages.microsoft.com:443 ppa.launchpadcontent.net:443 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: update package information run: sudo apt-get update -qy - name: install dependencies run: > sudo apt-get install -qy gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils - name: print env run: ./ci/printenv.sh - name: configure run: > CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux || (cat config.log; exit 1) - name: make run: make -j "$(nproc)" - name: make install run: sudo make install - name: print firejail version run: command -V firejail && firejail --version - run: make lab-setup - run: make test-environment - run: make test-profiles test-utils: runs-on: ubuntu-22.04 env: SHELL: /bin/bash steps: - name: Harden Runner uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: block allowed-endpoints: > azure.archive.ubuntu.com:80 debian.org:80 github.com:443 packages.microsoft.com:443 ppa.launchpadcontent.net:443 www.debian.org:443 www.debian.org:80 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: update package information run: sudo apt-get update -qy - name: install dependencies run: > sudo apt-get install -qy gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils - name: print env run: ./ci/printenv.sh - name: configure run: > CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux || (cat config.log; exit 1) - name: make run: make -j "$(nproc)" - name: make install run: sudo make install - name: print firejail version run: command -V firejail && firejail --version - run: make lab-setup - run: make test-utils test-network: runs-on: ubuntu-22.04 env: SHELL: /bin/bash steps: - name: Harden Runner uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: block allowed-endpoints: > 1.1.1.1:1025 azure.archive.ubuntu.com:80 debian.org:80 dns.quad9.net:53 github.com:443 packages.microsoft.com:443 ppa.launchpadcontent.net:443 whois.pir.org:43 www.debian.org:443 www.debian.org:80 yahoo.com:1025 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: update package information run: sudo apt-get update -qy - name: install dependencies run: > sudo apt-get install -qy gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois bridge-utils - name: print env run: ./ci/printenv.sh - name: configure run: > CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux || (cat config.log; exit 1) - name: make run: make -j "$(nproc)" - name: make install run: sudo make install - name: print firejail version run: command -V firejail && firejail --version - run: make lab-setup - run: make test-fnetfilter - run: make test-sysutils - run: make test-network