Skip to content
Build

ci: use path whitelist instead of blacklist #126

Sign in to view logs

ci: use path whitelist instead of blacklist

ci: use path whitelist instead of blacklist #126

Workflow file for this run

.github/workflows/build.yml at 794aa66
name: Build
# Note: Keep this list in sync with DISTFILES in ../../Makefile.
on:
push:
paths:
- 'contrib/**'
- 'etc/**'
- 'm4/**'
- 'platform/**'
- 'src/**'
- 'test/**'
- .github/workflows/build.yml
- COPYING
- Makefile
- README
- RELNOTES
- config.mk.in
- config.sh.in
- configure
- configure.ac
- install.sh
- mkdeb.sh
- mketc.sh
pull_request:
paths:
- 'contrib/**'
- 'etc/**'
- 'm4/**'
- 'platform/**'
- 'src/**'
- 'test/**'
- .github/workflows/build.yml
- COPYING
- Makefile
- README
- RELNOTES
- config.mk.in
- config.sh.in
- configure
- configure.ac
- install.sh
- mkdeb.sh
- mketc.sh
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
with:
egress-policy: block
allowed-endpoints: >
azure.archive.ubuntu.com:80
debian.org:80
github.com:443
packages.microsoft.com:443
ppa.launchpadcontent.net:443
www.debian.org:443
www.debian.org:80
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: update package information
run: sudo apt-get update -qy
- name: install dependencies
run: >
sudo apt-get install -qy
gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
bridge-utils
- name: print env
run: ./ci/printenv.sh
- name: configure
run: >
CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings
--enable-analyzer --enable-apparmor --enable-selinux
|| (cat config.log; exit 1)
- name: make
run: make
- name: make install
run: sudo make install
- name: print firejail version
run: command -V firejail && firejail --version