Skip to content
Validate SELinux code

Fixed typo in systemd preset (#103) #255

Sign in to view logs

Fixed typo in systemd preset (#103)

Fixed typo in systemd preset (#103) #255

Workflow file for this run

.github/workflows/validate_selinux_compile.yml at 40c4dae
#
# SELinux code validation workflow
#
name: "Validate SELinux code"
concurrency:
group: SELinux_compile-${{ github.ref }}
on:
workflow_dispatch:
push:
paths:
- '**.te'
- '**.fc'
- '**.if'
pull_request:
branches: [ "main", "release/**" ]
paths:
- '**.te'
- '**.fc'
- '**.if'
env:
SEMODULE: springboot
jobs:
compile_el:
name: Compile SELinux code for Red Hat EL family branch
runs-on: ubuntu-latest
strategy:
matrix:
el_vers: [ '8', '9' ]
steps:
- name: Checkout SELinux code
uses: actions/checkout@master
- name: Compile SELinux code
uses: lhqg/selinux_compile@main
with:
distro: 'almalinux'
distro_vers: ${{ matrix.el_vers }}
compile_fedora:
name: Compile SELinux code for Fedora family branch
runs-on: ubuntu-latest
strategy:
matrix:
fedora_vers: [ '37', '38', '39', '40' ]
steps:
- name: Checkout SELinux code
uses: actions/checkout@master
- name: Compile SELinux code
uses: lhqg/selinux_compile@main
with:
distro: 'fedora'
distro_vers: ${{ matrix.fedora_vers }}
compile_ubuntu:
name: Compile SELinux code for Ubuntu family branch
runs-on: ubuntu-latest
strategy:
matrix:
ubuntu_vers: [ '22.04', '24.04' ]
steps:
- name: Checkout SELinux code
uses: actions/checkout@master
- name: Compile SELinux code
uses: lhqg/selinux_compile@main
with:
distro: 'ubuntu'
distro_vers: ${{ matrix.ubuntu_vers }}
compile_debian:
name: Compile SELinux code for Debian family branch
runs-on: ubuntu-latest
strategy:
matrix:
debian_vers: [ '11', '12' ]
steps:
- name: Checkout SELinux code
uses: actions/checkout@master
- name: Compile SELinux code
uses: lhqg/selinux_compile@main
with:
distro: 'debian'
distro_vers: ${{ matrix.debian_vers }}
semodule_info:
name: Get SELinux module informations
needs: [ compile_el, compile_fedora, compile_ubuntu, compile_debian ]
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
outputs:
semodule_name: ${{ steps.semodule_chars.outputs.semodule_name }}
semodule_vers: ${{ steps.semodule_chars.outputs.semodule_vers }}
steps:
- uses: actions/checkout@master
- name: Get SELinux policy module characteristics
id: semodule_chars
run: |
if [ -f "main-semodule-file" ]
then
semodule_file=$( cat main-semodule-file )
fi
if [ -z "${semodule_file}" ]
then
if [ -n "${SEMODULE}" ]
then
semodule_file="se_module/${SEMODULE}.te"
fi
fi
if [ ! -f "${semodule_file}" ]
then
echo '::error title=SEmoduleNotFound::Unable to retrieve SELinux module name'
exit 1
fi
awk '
/^[[:blank:]]*module[[:blank:]]+/ {
sub("[[:blank:]]*;$", "")
module_name=$2
module_vers=$3
}
/^[[:blank:]]*policy_module[[:blank:]]*\(/ {
sub("^[[:blank:]]*policy_module[[:blank:]]*[(][[:blank:]]*", "")
sub("[[:blank:]]*)[[:blank:]]*$", "")
split($0, a, "[[:blank:]]*,[[:blank:]]*")
module_name=a[1]
module_vers=a[2]
}
END {
print "semodule_name="module_name
print "semodule_vers="module_vers
}' ${semodule_file} >> $GITHUB_OUTPUT
add_tag:
name: Add SELinux module version tag on the branch
needs: semodule_info
runs-on: ubuntu-latest
if: ( github.event_name == 'push' && ( github.ref_name == 'main' || startsWith(github.ref_name, 'release/') ) )
steps:
- uses: actions/checkout@master
- name: Run Changelog CI
uses: saadmk11/[email protected]
with:
release_version: v${{ needs.semodule_info.outputs.semodule_vers }}
config_file: changelog-ci-config.yml
- name: Tag the branch with the SELinux module version and draft a pre-release
id: create_release
uses: actions/create-release@latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v${{ needs.semodule_info.outputs.semodule_vers }}-rc
release_name: Release candidate for v${{ needs.semodule_info.outputs.semodule_vers }}
draft: true
prerelease: true
body_path: CHANGELOG.md