dependabot[bot]
5986fe1ae4
build(deps): bump github/codeql-action from 2.21.0 to 2.21.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.0 to 2.21.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1813ca74c3...0ba4244466
2023-07-31 11:08:25 +00:00
dependabot[bot]
b4cef6dfbd
build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](55d479fb1c...cba0d00b1f
2023-07-31 11:08:20 +00:00
dependabot[bot]
6fd85f4e58
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.4 to 2.21.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](489225d82a...1813ca74c3
2023-07-24 13:57:20 +00:00
dependabot[bot]
dcb5bc0e45
build(deps): bump github/codeql-action from 2.20.3 to 2.20.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.3 to 2.20.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](46ed16ded9...489225d82a
2023-07-17 09:19:14 +00:00
dependabot[bot]
036ce27fee
build(deps): bump github/codeql-action from 2.20.1 to 2.20.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.1 to 2.20.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f6e388ebf0...46ed16ded9
2023-07-12 04:33:21 +00:00
dependabot[bot]
8ccff4af04
build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](128a63446a...55d479fb1c
2023-06-26 09:36:21 +00:00
dependabot[bot]
55322931af
build(deps): bump github/codeql-action from 2.20.0 to 2.20.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.0 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6c089f53dd...f6e388ebf0
2023-06-26 09:35:54 +00:00
Kelvin M. Klann
a8f01a383a
Merge pull request #5859 from kmk3/build-remove-retpoline
...
build: remove -mretpoline and NO_EXTRA_CFLAGS
2023-06-20 05:26:23 +00:00
dependabot[bot]
eaf13450c4
build(deps): bump github/codeql-action from 2.3.6 to 2.20.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.6 to 2.20.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](83f0fe6c49...6c089f53dd
2023-06-19 07:49:15 +00:00
dependabot[bot]
f72b78cab0
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-19 07:48:42 +00:00
Kelvin M. Klann
63f1a045ba
build: remove -mretpoline and NO_EXTRA_CFLAGS
...
The -mretpoline flag is not documented in the current versions of gcc
and clang and it is what causes scan-build to fail:
$ ./configure CC=clang | grep retpoline
checking whether C compiler accepts -mretpoline... yes
EXTRA_CFLAGS: -mretpoline -fstack-clash-protection -fstack-protector-strong
$ scan-build --status-bugs make
scan-build: Using '/usr/bin/clang-15' for static analysis
make -C src/lib
make[1]: Entering directory '/tmp/firejail/src/lib'
/usr/bin/../lib/clang/ccc-analyzer [...] -mretpoline [...] -c common.c -o common.o
gcc: error: unrecognized command-line option ‘-mretpoline’
make[1]: *** [../../src/prog.mk:16: common.o] Error 1
make[1]: Leaving directory '/tmp/firejail/src/lib'
make: *** [Makefile:59: src/lib] Error 2
scan-build: Analysis run complete.
scan-build: Removing directory '/tmp/scan-build-[...]' because it contains no reports.
scan-build: No bugs found.
Environment: clang 15.0.7-9 and gcc 13.1.1-1 on Artix Linux.
Note: NO_EXTRA_CFLAGS was added to work around this issue by causing all
of the flags in EXTRA_CFLAGS to be ignored.
Note2: -mretpoline was added on commit 4a99c8aa2490918c352c64d1fddCloses #5509 .
Kind of relates to #2661 .
2023-06-18 13:43:55 -03:00
Kelvin M. Klann
15e40e9ae4
ci: standardize apt-get update/install
...
General changes:
* Use a single -q on update, as the output is not too long
* Use a single -q on install, to show all packages at once
GitLab-specific changes:
* Use `DEBIAN_FRONTEND=noninteractive` to reduce noise
* Use --no-install-recommends to avoid installing unnecessary packages
* Filter out uninteresting lines on install
Note: `DEBIAN_FRONTEND` does not appear to be needed in the default
GitHub runner container and not many packages are currently being
downloaded/installed in them, so do the above changes only jobs that use
custom Docker images.
2023-06-14 18:54:49 -03:00
Kelvin M. Klann
dc826cba31
ci: print config.log if configure fails
...
Example log of it failing:
$ ./configure
checking for gcc... gcc
checking whether the C compiler works... no
configure: error: in `/tmp/build':
configure: error: C compiler cannot create executables
See `config.log' for more details
2023-06-14 17:30:51 -03:00
dependabot[bot]
a7dff2521f
build(deps): bump github/codeql-action from 2.3.5 to 2.3.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49
2023-06-05 17:06:28 +00:00
dependabot[bot]
f1218ef1e5
build(deps): bump github/codeql-action from 2.3.3 to 2.3.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...0225834cc5
2023-05-29 15:02:15 +00:00
dependabot[bot]
9d9114ca59
build(deps): bump step-security/harden-runner from 2.3.1 to 2.4.0
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](6b3083af28...128a63446a
2023-05-08 14:06:12 +00:00
dependabot[bot]
8f64e3b59b
build(deps): bump github/codeql-action from 2.3.2 to 2.3.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f3feb00acb...29b1f65c5e
2023-05-08 14:05:53 +00:00
Kelvin M. Klann
5871b08a41
ci: run for every branch instead of just master
...
Having CI always run on WIP branches without having to open a PR
beforehand makes it easier to debug CI issues.
GitHub currently does not have any apparent limit for CI runs and there
are no project-specific secrets as far as I know, so it should be safe
to remove these restrictions.
2023-05-03 16:32:35 -03:00
Kelvin M. Klann
a2c8a5f03c
ci: allow endpoints used in tests
...
Relevant lines from build_and_test[1]:
endpoint called ip address:port 1.1.1.1:1025, domain:
endpoint called ip address:port 54.185.253.63:43, domain: whois.pir.org.
##[error]StepSecurity Harden Runner: DNS resolution for domain dns.quad9.net. was blocked. This domain is not in the list of allowed-endpoints.
##[error]StepSecurity Harden Runner: DNS resolution for domain whois.pir.org. was blocked. This domain is not in the list of allowed-endpoints.
The relevant tests were added in the following commits:
* ef4409e7b171898233#5439 #5485 .
[1] https://github.com/netblue30/firejail/actions/runs/4854586882/jobs/8652141329
2023-05-03 16:21:18 -03:00
dependabot[bot]
b05cd01625
build(deps): bump github/codeql-action from 2.3.0 to 2.3.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...f3feb00acb
2023-05-01 10:58:32 +00:00
Kelvin M. Klann
339d395fbd
ci: print env-related settings in each job
...
To make debugging easier.
Use a separate shell script instead of just a make target to ensure that
it can safely run before ./configure and without having make installed.
2023-04-28 04:45:57 -03:00
Kelvin M. Klann
fde591c2b7
ci: print some program versions
...
To make debugging easier.
2023-04-28 04:45:57 -03:00
Kelvin M. Klann
fd59df07de
ci: line-wrap and split/join some commands
...
For increased readability.
Note: `>` basically turns each newline into a space while `|` keeps
newlines as is. Both remove leading indentation.
Note2: On jobs using `apt-get install`, this commit moves package names
to their own line, to make it easier to compare which packages are being
installed across such jobs.
2023-04-24 23:29:28 -03:00
Kelvin M. Klann
b9885cd5a7
ci: simplify test steps in build.yml
...
Kind of relates to commit 6d0c7514e
2023-04-24 23:16:48 -03:00
Kelvin M. Klann
3a5774c48c
ci: ignore build workflows on more workflows
...
This makes each workflow ignore every other workflow.
Relates to #5481 .
2023-04-24 23:16:48 -03:00
dependabot[bot]
9e2e6ce4fb
build(deps): bump step-security/harden-runner from 2.3.0 to 2.3.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](03bee39306...6b3083af28
2023-04-25 02:15:55 +00:00
dependabot[bot]
3f5b591deb
build(deps): bump github/codeql-action from 2.2.12 to 2.3.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
2023-04-25 02:15:44 +00:00
dependabot[bot]
f1059dae11
build(deps): bump actions/checkout from 3.5.0 to 3.5.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8f4b7f8486...8e5e7e5ab8
2023-04-17 18:16:07 +00:00
dependabot[bot]
51f898b952
build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
2023-04-17 18:15:17 +00:00
dependabot[bot]
af6ec5d42e
build(deps): bump github/codeql-action from 2.2.9 to 2.2.11
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
2023-04-10 09:31:25 +00:00
Kelvin M. Klann
03a1f471c4
ci: fix codeql unable to download its own bundle
...
Due to step-security/harden-runner blocking access to
objects.githubusercontent.com.
Log from a recent run of CodeQL[1] [2]:
##[group]Setup CodeQL tools
Did not find CodeQL tools version 2.12.6 in the toolcache.
Downloading CodeQL tools from https://github.com/github/codeql-action/releases/download/codeql-bundle-20230403/codeql-bundle-linux64.tar.gz . This may take a while.
connect ECONNREFUSED 54.185.253.63:443
Waiting 13 seconds before trying again
connect ECONNREFUSED 54.185.253.63:443
Waiting 12 seconds before trying again
##[error]connect ECONNREFUSED 54.185.253.63:443
##[error]Unable to download and extract CodeQL CLI
Post job cleanup.
[...]
Mon, 10 Apr 2023 07:20:18 GMT:endpoint called ip address:port 140.82.112.4:443, domain: github.com.
Mon, 10 Apr 2023 07:20:20 GMT:endpoint called ip address:port 140.82.112.6:443, domain: api.github.com.
Mon, 10 Apr 2023 07:20:23 GMT:domain not allowed: objects.githubusercontent.com.
Mon, 10 Apr 2023 07:20:23 GMT:ip address dropped: 54.185.253.63
Mon, 10 Apr 2023 07:20:23 GMT:endpoint called ip address:port 140.82.112.4:443, domain: github.com.
Mon, 10 Apr 2023 07:20:23 GMT:endpoint called ip address:port 54.185.253.63:443, domain: objects.githubusercontent.com.
Mon, 10 Apr 2023 07:20:35 GMT:domain not allowed: api.snapcraft.io.
[1] https://github.com/netblue30/firejail/pull/5781
[2] https://github.com/netblue30/firejail/actions/runs/4655304231/jobs/8238131624
2023-04-10 09:23:47 +00:00
dependabot[bot]
7b7ec30de7
build(deps): bump step-security/harden-runner from 2.2.1 to 2.3.0
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1f99358870...03bee39306
2023-04-10 07:34:54 +00:00
dependabot[bot]
f86299889b
build(deps): bump github/codeql-action from 2.2.7 to 2.2.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.7 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](168b99b3c2...04df1262e6
2023-04-03 08:14:20 +00:00
dependabot[bot]
9c438eff6f
build(deps): bump actions/checkout from 3.4.0 to 3.5.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](24cb908017...8f4b7f8486
2023-03-27 08:23:23 +00:00
Kelvin M. Klann
ff42f7248b
ci: always update the package db before installing packages
...
This should fix installing packages on build-extra.yml.
Note that this is already done on build.yml and on gitlab-ci.yml.
From the GitHub Actions documentation[1] [2]:
> Note: Always run `sudo apt-get update` before installing a package. In
> case the `apt` index is stale, this command fetches and re-indexes any
> available packages, which helps prevent package installation failures.
[1] https://docs.github.com/en/actions/using-github-hosted-runners/customizing-github-hosted-runners
[2] https://github.com/actions/runner-images/issues/2924
2023-03-20 22:09:13 -03:00
dependabot[bot]
913c139686
build(deps): bump actions/checkout from 3.3.0 to 3.4.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...24cb908017
2023-03-20 17:12:03 +00:00
dependabot[bot]
acd270fd64
build(deps): bump github/codeql-action from 2.2.6 to 2.2.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.6 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16964e90ba...168b99b3c2
2023-03-20 17:11:11 +00:00
netblue30
7ab9854072
Merge pull request #5730 from netblue30/dependabot/github_actions/step-security/harden-runner-2.2.1
...
build(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1
2023-03-13 12:51:47 -04:00
dependabot[bot]
229c86efde
build(deps): bump github/codeql-action from 2.2.5 to 2.2.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.5 to 2.2.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](32dc499307...16964e90ba
2023-03-13 06:58:10 +00:00
dependabot[bot]
669878ee48
build(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](c8454efe5d...1f99358870
2023-03-13 06:58:06 +00:00
netblue30
c79aa14295
testing
2023-03-09 08:39:25 -05:00
netblue30
acf8efb878
testing
2023-03-08 16:23:30 -05:00
Kelvin M. Klann
b32c5d31fe
ci: remove extra space on codespell job
...
Added on commit d78fc96ee
2023-03-06 04:27:49 -03:00
netblue30
d78fc96ee0
codespell github action
2023-03-05 09:57:04 -05:00
netblue30
1bab42a724
test apparmor
2023-03-04 11:48:00 -05:00
netblue30
5b1d1d5cf1
more testing
2023-03-03 17:05:15 -05:00
netblue30
91235785e0
network testing
2023-03-02 08:19:41 -05:00
netblue30
b50812ff5e
appimage testing
2023-03-01 08:52:53 -05:00
netblue30
27c4d069f3
chroot testing
2023-02-28 09:51:26 -05:00
dependabot[bot]
837157f902
build(deps): bump github/codeql-action from 2.2.4 to 2.2.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](17573ee1cc...32dc499307
2023-02-27 17:47:51 +00:00
