WIP: meson build system #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Checks that the tests are passing. | |
| name: Test | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches-ignore: | |
| - 'dependabot/**' | |
| paths: | |
| - 'm4/**' | |
| - 'src/**.c' | |
| - 'src/**.h' | |
| - 'src/**.mk' | |
| - 'src/**Makefile' | |
| - 'test/**' | |
| - .github/workflows/test.yml | |
| - Makefile | |
| - config.mk.in | |
| - config.sh.in | |
| - configure | |
| - configure.ac | |
| - etc/profile-a-l/default.profile | |
| - src/firecfg/firecfg.config | |
| pull_request: | |
| paths: | |
| - 'm4/**' | |
| - 'src/**.c' | |
| - 'src/**.h' | |
| - 'src/**.mk' | |
| - 'src/**Makefile' | |
| - 'test/**' | |
| - .github/workflows/test.yml | |
| - Makefile | |
| - config.mk.in | |
| - config.sh.in | |
| - configure | |
| - configure.ac | |
| - etc/profile-a-l/default.profile | |
| - src/firecfg/firecfg.config | |
| permissions: # added using https://github.com/step-security/secure-workflows | |
| contents: read | |
| # | |
| # Faster tests | |
| # | |
| jobs: | |
| test-main: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| env: | |
| SHELL: /bin/bash | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| azure.archive.ubuntu.com:80 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| packages.microsoft.com:443 | |
| ppa.launchpadcontent.net:443 | |
| pypi.org:443 | |
| - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 | |
| - name: update package information | |
| run: sudo apt-get update -qy | |
| - name: install dependencies | |
| run: > | |
| sudo apt-get install -qy | |
| gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson | |
| - name: print env | |
| run: ./ci/printenv.sh | |
| - name: meson setup | |
| run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true | |
| - name: meson compile | |
| run: meson compile -C _builddir | |
| - name: meson install | |
| run: sudo -E meson install -C _builddir | |
| - name: test main | |
| run: meson test -C _builddir seccomp-extra firecfg capabilities apparmor appimage chroot fcopy | |
| # | |
| # Slower tests | |
| # | |
| test-fs: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| env: | |
| SHELL: /bin/bash | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| azure.archive.ubuntu.com:80 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| packages.microsoft.com:443 | |
| ppa.launchpadcontent.net:443 | |
| pypi.org:443 | |
| - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 | |
| - name: update package information | |
| run: sudo apt-get update -qy | |
| - name: install dependencies | |
| run: > | |
| sudo apt-get install -qy | |
| gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson | |
| - name: print env | |
| run: ./ci/printenv.sh | |
| - name: meson setup | |
| run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true | |
| - name: meson compile | |
| run: meson compile -C _builddir | |
| - name: meson install | |
| run: sudo -E meson install -C _builddir | |
| - name: test fs | |
| run: meson test -C _builddir private-etc fs | |
| test-environment: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| env: | |
| SHELL: /bin/bash | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| azure.archive.ubuntu.com:80 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| packages.microsoft.com:443 | |
| ppa.launchpadcontent.net:443 | |
| pypi.org:443 | |
| - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 | |
| - name: update package information | |
| run: sudo apt-get update -qy | |
| - name: install dependencies | |
| run: > | |
| sudo apt-get install -qy | |
| gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson | |
| - name: print env | |
| run: ./ci/printenv.sh | |
| - name: meson setup | |
| run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true | |
| - name: meson compile | |
| run: meson compile -C _builddir | |
| - name: meson install | |
| run: sudo -E meson install -C _builddir | |
| - name: test environment | |
| run: meson test -C _builddir environment profiles | |
| test-utils: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| env: | |
| SHELL: /bin/bash | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| azure.archive.ubuntu.com:80 | |
| debian.org:80 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| packages.microsoft.com:443 | |
| ppa.launchpadcontent.net:443 | |
| pypi.org:443 | |
| www.debian.org:443 | |
| www.debian.org:80 | |
| - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 | |
| - name: update package information | |
| run: sudo apt-get update -qy | |
| - name: install dependencies | |
| run: > | |
| sudo apt-get install -qy | |
| gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson | |
| - name: print env | |
| run: ./ci/printenv.sh | |
| - name: meson setup | |
| run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true | |
| - name: meson compile | |
| run: meson compile -C _builddir | |
| - name: meson install | |
| run: sudo -E meson install -C _builddir | |
| - name: test utils | |
| run: meson test -C _builddir utils | |
| test-network: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| env: | |
| SHELL: /bin/bash | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| 1.1.1.1:1025 | |
| azure.archive.ubuntu.com:80 | |
| debian.org:80 | |
| dns.quad9.net:53 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| packages.microsoft.com:443 | |
| ppa.launchpadcontent.net:443 | |
| pypi.org:443 | |
| whois.pir.org:43 | |
| www.debian.org:443 | |
| www.debian.org:80 | |
| yahoo.com:1025 | |
| - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 | |
| - name: update package information | |
| run: sudo apt-get update -qy | |
| - name: install dependencies | |
| run: > | |
| sudo apt-get install -qy | |
| gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois | |
| bridge-utils ninja-build meson | |
| - name: print env | |
| run: ./ci/printenv.sh | |
| - name: meson setup | |
| run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true | |
| - name: meson compile | |
| run: meson compile -C _builddir | |
| - name: meson install | |
| run: sudo -E meson install -C _builddir | |
| - name: test network | |
| run: meson test -C _builddir fnetfilter sysutils network |