Skip to content

Document that symlinks that point to a resource outside the sandbox n… #898

Document that symlinks that point to a resource outside the sandbox n…

Document that symlinks that point to a resource outside the sandbox n… #898

Workflow file for this run

name: fedora-cmake
on: [push, pull_request]
env:
BUILD_TYPE: Release
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- container: fedora:38
compiler: gcc
compiler-version: 13
ignore-errors: false
- container: fedora:38
compiler: clang
compiler-version: 16
ignore-errors: false
runs-on: ubuntu-latest
continue-on-error: ${{ matrix.ignore-errors }}
env:
RUN_CMD: docker exec --tty ${{matrix.compiler}}-build-container
steps:
- uses: actions/checkout@v3
- name: Cache dependencies
uses: actions/cache@v3
with:
key: ${{matrix.container}}-${{matrix.compiler}}${{matrix.compiler-version}}
path: |
${{github.workspace}}/build/_deps
- name: Prepare container
# Note: For the sandbox tests to work, we need a privileged, unconfined
# container that retains its capabilities.
run: |
docker run --name ${{matrix.compiler}}-build-container \
--tty \
--privileged \
--cap-add ALL \
--security-opt apparmor:unconfined \
-v $GITHUB_WORKSPACE:$GITHUB_WORKSPACE \
-e TERM=dumb \
-e BUILD_TYPE \
-e GITHUB_WORKSPACE \
-d ${{matrix.container}} \
sleep infinity
- name: Install build tools
run: |
$RUN_CMD dnf update -y --quiet
$RUN_CMD dnf install -y --quiet \
git make automake diffutils file patch glibc-static \
libstdc++-static cmake ninja-build python3 python3-pip \
python3-clang clang-devel libcap-devel
- name: Create Build Environment
run: |
$RUN_CMD pip3 install --progress-bar=off absl-py
$RUN_CMD cmake -E make_directory $GITHUB_WORKSPACE/build
- name: Configure CMake
run: |
$RUN_CMD cmake \
-S $GITHUB_WORKSPACE \
-B $GITHUB_WORKSPACE/build \
-G Ninja \
-DCMAKE_BUILD_TYPE=$BUILD_TYPE
- name: Build
run: |
$RUN_CMD cmake \
--build $GITHUB_WORKSPACE/build \
--config $BUILD_TYPE
- name: Test
run: |
$RUN_CMD ctest \
--test-dir $GITHUB_WORKSPACE/build \
-C $BUILD_TYPE \
--output-on-failure \
-R SapiTest