-
Notifications
You must be signed in to change notification settings - Fork 44
52 lines (52 loc) · 2 KB
/
checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: checks
on: [push, pull_request]
jobs:
style-check:
runs-on: ubuntu-latest
container:
image: fedora:latest
steps:
- run: sudo dnf install -y astyle perltidy findutils git-core
- uses: actions/checkout@v4
- run: sudo chown $(id -u):$(id -g) .
- run: tools/check-syntax -f && git diff --exit-code
fedora-test:
runs-on: macos-12
strategy:
fail-fast: false
matrix:
domain: [unconfined_t, sysadm_t]
env:
- { version: 38, kernel: default }
- { version: 39, kernel: default }
- { version: 39, kernel: secnext }
env:
FEDORA_VERSION: ${{ matrix.env.version }}
KERNEL_TYPE: ${{ matrix.env.kernel }}
ROOT_DOMAIN: ${{ matrix.domain }}
steps:
- name: Install GNU coreutils
run: brew install coreutils
- uses: actions/checkout@v4
# macOS sometimes allows symlinks to have permissions other than 777,
# so change all symlink perms to match the Linux convention. Otherwise
# the rsync run by Vagrant will complain that it can't copy over the
# perms.
- name: Fix symlink permissions
run: find . -type link -exec chmod -h 777 \{\} \;
- name: Treat compiler warnings as errors
run: sed -i '' 's/-Wall/-Wall -Werror/' tests/Makefile
- name: Create a Vagrant VM
run: vagrant up
- name: Wait for the machine to come up if rebooting (max 5m)
run: gtimeout 5m "$SHELL" -c 'while ! vagrant ssh -- true; do sleep 1; done'
- name: Show Vagrant VM details
run: |
vagrant ssh -- uname -a
vagrant ssh -- cat /proc/cmdline
- name: Run SELinux testsuite
run: vagrant ssh -- sudo make -C /root/testsuite test
- name: Check unwanted denials
run: vagrant ssh -- '! sudo ausearch -m avc -i </dev/null | grep ${{ matrix.domain }}'
- name: Check .gitignore coverage
run: test "$(vagrant ssh -- sudo git -C /root/testsuite ls-files -o --exclude-standard | wc -l)" -eq 0