ci: split test jobs for faster checks

Considering the most recent runs, this reduces the total amount of time it takes to run the tests from about 9-10 minutes to about 3 minutes. Note: Which jobs are split is mostly determined by how long each test takes. For example, this is the time each test step took in a run of `build_and_test` (10m17s total for the job) on commit bfcf8bc ("Merge pull request netblue30#5956 from kmk3/build-fix-dep-syntax", 2023-08-14)[1]: * 17s test-seccomp-extra * 1s test-firecfg * 16s test-capabilities * 6s test-apparmor * 10s test-appimage * 10s test-chroot * 41s test-sysutils * 24s test-private-etc * 40s test-profiles * 4s test-fcopy * 2s test-fnetfilter * 98s test-fs * 103s test-utils * 57s test-environment * 69s test-network [1]: https://github.com/netblue30/firejail/actions/runs/5860927500/job/15890009169
kmk3 · Aug 22, 2023 · 23a289a · 23a289a
1 parent 5639359
commit 23a289a
Showing 1 changed file with 169 additions and 14 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -35,8 +35,175 @@ on:
 permissions:  # added using https://github.com/step-security/secure-workflows
   contents: read
 
+#
+# Faster tests
+#
+
 jobs:
-  test:
+  test-main:
+    runs-on: ubuntu-22.04
+    env:
+      SHELL: /bin/bash
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+      with:
+        egress-policy: block
+        allowed-endpoints: >
+          azure.archive.ubuntu.com:80
+          github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+    - name: update package information
+      run: sudo apt-get update -qy
+    - name: install dependencies
+      run: >
+        sudo apt-get install -qy
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+    - name: print env
+      run: ./ci/printenv.sh
+    - name: configure
+      run: >
+        CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings
+        --enable-analyzer --enable-apparmor --enable-selinux
+        || (cat config.log; exit 1)
+    - name: make
+      run: make -j "$(nproc)"
+    - name: make install
+      run: sudo make install
+    - name: print firejail version
+      run: command -V firejail && firejail --version
+    - run: make lab-setup
+    - run: make test-seccomp-extra
+    - run: make test-firecfg
+    - run: make test-capabilities
+    - run: make test-apparmor
+    - run: make test-appimage
+    - run: make test-chroot
+    - run: make test-fcopy
+
+#
+# Slower tests
+#
+
+  test-fs:
+    runs-on: ubuntu-22.04
+    env:
+      SHELL: /bin/bash
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+      with:
+        egress-policy: block
+        allowed-endpoints: >
+          azure.archive.ubuntu.com:80
+          github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+    - name: update package information
+      run: sudo apt-get update -qy
+    - name: install dependencies
+      run: >
+        sudo apt-get install -qy
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+    - name: print env
+      run: ./ci/printenv.sh
+    - name: configure
+      run: >
+        CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings
+        --enable-analyzer --enable-apparmor --enable-selinux
+        || (cat config.log; exit 1)
+    - name: make
+      run: make -j "$(nproc)"
+    - name: make install
+      run: sudo make install
+    - name: print firejail version
+      run: command -V firejail && firejail --version
+    - run: make lab-setup
+    - run: make test-private-etc
+    - run: make test-fs
+
+  test-environment:
+    runs-on: ubuntu-22.04
+    env:
+      SHELL: /bin/bash
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+      with:
+        egress-policy: block
+        allowed-endpoints: >
+          azure.archive.ubuntu.com:80
+          github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+    - name: update package information
+      run: sudo apt-get update -qy
+    - name: install dependencies
+      run: >
+        sudo apt-get install -qy
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+    - name: print env
+      run: ./ci/printenv.sh
+    - name: configure
+      run: >
+        CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings
+        --enable-analyzer --enable-apparmor --enable-selinux
+        || (cat config.log; exit 1)
+    - name: make
+      run: make -j "$(nproc)"
+    - name: make install
+      run: sudo make install
+    - name: print firejail version
+      run: command -V firejail && firejail --version
+    - run: make lab-setup
+    - run: make test-environment
+    - run: make test-profiles
+
+  test-utils:
+    runs-on: ubuntu-22.04
+    env:
+      SHELL: /bin/bash
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+      with:
+        egress-policy: block
+        allowed-endpoints: >
+          azure.archive.ubuntu.com:80
+          debian.org:80
+          github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+          www.debian.org:443
+          www.debian.org:80
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+    - name: update package information
+      run: sudo apt-get update -qy
+    - name: install dependencies
+      run: >
+        sudo apt-get install -qy
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+    - name: print env
+      run: ./ci/printenv.sh
+    - name: configure
+      run: >
+        CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings
+        --enable-analyzer --enable-apparmor --enable-selinux
+        || (cat config.log; exit 1)
+    - name: make
+      run: make -j "$(nproc)"
+    - name: make install
+      run: sudo make install
+    - name: print firejail version
+      run: command -V firejail && firejail --version
+    - run: make lab-setup
+    - run: make test-utils
+
+  test-network:
     runs-on: ubuntu-22.04
     env:
       SHELL: /bin/bash
@@ -79,18 +246,6 @@ jobs:
     - name: print firejail version
       run: command -V firejail && firejail --version
     - run: make lab-setup
-    - run: make test-seccomp-extra
-    - run: make test-firecfg
-    - run: make test-capabilities
-    - run: make test-apparmor
-    - run: make test-appimage
-    - run: make test-chroot
-    - run: make test-sysutils
-    - run: make test-private-etc
-    - run: make test-profiles
-    - run: make test-fcopy
     - run: make test-fnetfilter
-    - run: make test-fs
-    - run: make test-utils
-    - run: make test-environment
+    - run: make test-sysutils
     - run: make test-network