blob: 2e6a462f241ae4b114be82b78f738a1e17c6ffa6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
name: Build CI
on:
push:
branches: [ master ]
paths-ignore:
- '.github/ISSUE_TEMPLATE/*'
- .git-blame-ignore-revs
- .github/dependabot.yml
- .github/pull_request_template.md
- .github/workflows/codeql-analysis.yml
- .github/workflows/profile-checks.yml
- .gitignore
- .gitlab-ci.yml
- CONTRIBUTING.md
- COPYING
- README
- README.md
- RELNOTES
- SECURITY.md
pull_request:
branches: [ master ]
paths-ignore:
- '.github/ISSUE_TEMPLATE/*'
- .git-blame-ignore-revs
- .github/dependabot.yml
- .github/pull_request_template.md
- .github/workflows/codeql-analysis.yml
- .github/workflows/profile-checks.yml
- .gitignore
- .gitlab-ci.yml
- CONTRIBUTING.md
- COPYING
- README
- README.md
- RELNOTES
- SECURITY.md
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
build_and_test:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57
with:
egress-policy: block
allowed-endpoints: >
azure.archive.ubuntu.com:80
debian.org:80
github.com:443
packages.microsoft.com:443
ppa.launchpadcontent.net:443
www.debian.org:443
www.debian.org:80
yahoo.com:1025
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: update package information
run: sudo apt-get update
- name: install dependencies
run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois bridge-utils
- name: configure
run: CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux
- name: make
run: make
- name: make install
run: sudo make install
- name: print firejail version
run: command -V firejail && firejail --version
- name: lab setup
run: SHELL=/bin/bash make lab-setup
- name: run firecfg tests
run: SHELL=/bin/bash make test-firecfg
- name: run capabilities tests
run: SHELL=/bin/bash make test-capabilities
- name: run apparmor tests
run: SHELL=/bin/bash make test-apparmor
- name: run appimage tests
run: SHELL=/bin/bash make test-appimage
- name: run chroot tests
run: SHELL=/bin/bash make test-chroot
- name: run sysutils tests
run: SHELL=/bin/bash make test-sysutils
- name: run private-etc tests
run: SHELL=/bin/bash make test-private-etc
- name: run profile tests
run: SHELL=/bin/bash make test-profiles
- name: run fcopy tests
run: SHELL=/bin/bash make test-fcopy
- name: run fnetfilter tests
run: SHELL=/bin/bash make test-fnetfilter
- name: run fs tests
run: SHELL=/bin/bash make test-fs
- name: run utils tests
run: SHELL=/bin/bash make test-utils
- name: run environment tests
run: SHELL=/bin/bash make test-environment
- name: run network tests
run: SHELL=/bin/bash make test-network
|